| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner"Zahlungsauforderung Suisa"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.04.2012, 19:24
| #1 |
| |  Trojaner"Zahlungsauforderung Suisa" Hallo zusammen Beim normalen Windowsstart erscheint noch vor dem Desktop eine Meldung, dass mein Pc gesperrt ist und nur mit Zahlung wieder geöffnet wir. Warnmeldungen auf der Suisa-Seite zeigten, dass es ein Trojaner ist. Die Fehlerbehebung auf dieser Seite stellt einige Probleme an: Der Start im abgesicherten Modus geht nicht ->Trojanerseite erscheint Der Start "Abgesicherter Modus mit Netzwerk..->Trojaner erscheint Der Start "Abgesicherter Modus mit Kommandoeingabe funktioniert Ueber USB zu starten (mit dem Frst64 auf dem Stick drauf) nimmt er nicht an, Windows versucht nur normal zu starten Ich habe einen Laptop ohne Cd-Laufwerk zur Verfügung, sowie einen USB-Stick. Mein Pc hat Vista64. Hoffe es kann mir jemand helfen Grüessli bstli Edit: Ueber den Kommandozeilenstart konnte ich den Frst64-Scan starten, ein Logfile hat es auch gemacht. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by Administrator at 26-04-2012 19:41:19
Running from F:\
Service Pack 2 (X64) OS Language: German Standard
Attention: Could not load system hive.FEHLER: Die Registrierungsbearbeitung wurde vom Administrator deaktiviert.
Attention: The tool is not run from recovery environment and will not function properly.
========================== Registry (Whitelisted) =============
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x ] ()
==================== Services (Whitelisted) ======
========================== Drivers (Whitelisted) =============
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-04-26 19:41 - 2010-08-03 23:09 - 0000000 ____D C:\FRST
2012-04-26 18:14 - 2008-01-21 05:21 - 0021026 ____A C:\Windows\WindowsUpdate.log
2012-04-26 17:43 - 2008-01-21 04:47 - 0954932 ____A C:\Windows\ntbtlog.txt
2012-04-26 17:04 - 2010-08-29 00:50 - 0224256 ____A (kwlXV) C:\Users\Administrator\AppData\Roaming\ram_reserver64.exe
2012-04-26 17:04 - 2010-08-07 14:29 - 0090112 ____A C:\Users\All Users\bfcbfccdddedddcdct.exe
2012-04-26 17:04 - 2010-08-07 14:29 - 0090112 ____A C:\ProgramData\bfcbfccdddedddcdct.exe
2012-04-24 19:10 - 2011-08-14 11:54 - 0033728 ____A (Syntek Ltd.) C:\Windows\SysWOW64\Drivers\STK02NW1.sys
2012-04-24 19:10 - 2010-08-05 23:15 - 0001391 ____A C:\Users\All Users\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk
2012-04-24 19:10 - 2008-01-21 04:49 - 0040960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\STK02NP.ax
2012-04-24 19:10 - 2008-01-21 04:49 - 0000000 ____D C:\Windows\STK02N
2012-04-24 19:10 - 2007-03-12 14:25 - 0101520 ____A (Syntek Ltd.) C:\Windows\SysWOW64\Drivers\STK02NW2.sys
2012-04-12 03:03 - 2012-02-28 09:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-12 03:03 - 2012-02-28 08:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-12 03:03 - 2012-02-28 08:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-12 03:03 - 2012-02-28 08:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-12 03:03 - 2012-02-28 08:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-12 03:03 - 2012-02-28 03:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-12 03:03 - 2012-02-28 03:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-12 03:03 - 2012-02-28 03:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-12 03:03 - 2012-02-28 03:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-12 03:03 - 2012-02-28 03:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-12 03:03 - 2011-11-16 18:43 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-12 03:03 - 2011-11-16 18:23 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-12 03:03 - 2011-05-06 18:55 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-12 03:03 - 2011-05-06 18:55 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-12 03:03 - 2011-05-06 18:55 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-12 03:03 - 2011-05-06 18:55 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-12 03:03 - 2011-05-06 18:55 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-12 03:03 - 2011-05-06 18:55 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-12 03:03 - 2011-05-06 18:55 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-12 03:03 - 2011-05-06 18:55 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-12 03:03 - 2011-05-02 19:16 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-12 03:03 - 2011-05-02 19:13 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-12 03:03 - 2008-01-21 04:47 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-12 03:03 - 2008-01-21 04:47 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-12 03:03 - 2006-11-02 13:19 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-12 03:03 - 2006-11-02 11:46 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-12 03:02 - 2010-05-14 15:26 - 0157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-12 03:02 - 2009-04-11 09:15 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-12 03:02 - 2009-04-11 09:11 - 4699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-12 03:02 - 2008-01-21 04:50 - 0172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-12 03:02 - 2008-01-21 04:49 - 0219136 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-12 03:02 - 2006-11-02 17:04 - 0005632 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-12 03:02 - 2006-11-02 17:04 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-12 03:02 - 2006-11-02 13:15 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
============ 3 Months Modified Files and Folders =============
2012-04-26 19:38 - 2012-04-26 17:43 - 0954932 ____A C:\Windows\ntbtlog.txt
2012-04-26 19:38 - 2006-11-02 17:21 - 0301064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-26 19:35 - 2010-08-03 23:35 - 0053333 ____A C:\Users\All Users\nvModes.001
2012-04-26 19:35 - 2010-08-03 23:35 - 0053333 ____A C:\ProgramData\nvModes.001
2012-04-26 19:35 - 2006-11-02 17:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-26 19:35 - 2006-11-02 17:22 - 0003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-26 19:35 - 2006-11-02 17:22 - 0003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-26 19:33 - 2006-11-02 17:42 - 0032514 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-26 18:32 - 2012-04-26 18:14 - 0021026 ____A C:\Windows\WindowsUpdate.log
2012-04-26 18:26 - 2010-08-08 15:15 - 0000000 ____D C:\Users\Administrator\AppData\Roaming\Winamp
2012-04-26 18:26 - 2010-08-08 13:42 - 0000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2012-04-26 18:26 - 2006-11-02 15:34 - 0000000 ____D C:\Windows\System32\spool
2012-04-26 18:26 - 2006-11-02 15:34 - 0000000 ____D C:\Windows\System32\Msdtc
2012-04-26 18:26 - 2006-11-02 15:33 - 0000000 ____D C:\Windows\registration
2012-04-26 17:05 - 2012-04-26 17:04 - 0090112 ____A C:\Users\All Users\bfcbfccdddedddcdct.exe
2012-04-26 17:05 - 2012-04-26 17:04 - 0090112 ____A C:\ProgramData\bfcbfccdddedddcdct.exe
2012-04-26 17:04 - 2012-04-26 17:04 - 0224256 ____A (kwlXV) C:\Users\Administrator\AppData\Roaming\ram_reserver64.exe
2012-04-26 16:48 - 2010-08-03 23:35 - 0053333 ____A C:\Users\All Users\nvModes.dat
2012-04-26 16:48 - 2010-08-03 23:35 - 0053333 ____A C:\ProgramData\nvModes.dat
2012-04-25 20:10 - 2010-08-05 23:21 - 0041472 ____A C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-24 19:11 - 2010-08-03 23:11 - 0000000 ____D C:\users\Administrator
2012-04-24 19:10 - 2012-04-24 19:10 - 0001391 ____A C:\Users\All Users\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk
2012-04-24 19:10 - 2012-04-24 19:10 - 0000000 ____D C:\Windows\STK02N
2012-04-24 19:10 - 2010-08-03 23:16 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-24 19:10 - 2009-06-04 10:56 - 1474672 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-24 19:10 - 2008-01-21 13:09 - 0639210 ____A C:\Windows\System32\perfh007.dat
2012-04-24 19:10 - 2008-01-21 13:09 - 0131250 ____A C:\Windows\System32\perfc007.dat
2012-04-23 21:15 - 2011-12-23 02:51 - 0000000 ____D C:\Users\Administrator\AppData\Local\Skyrim
2012-04-17 19:25 - 2010-10-02 21:32 - 0000000 ____D C:\Users\Administrator\AppData\Roaming\wargaming.net
2012-04-12 03:01 - 2006-11-02 14:35 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-04-10 01:40 - 2010-08-07 14:26 - 0000000 ____D C:\Users\Administrator\AppData\Roaming\Azureus
2012-04-09 19:27 - 2011-07-30 03:00 - 0000000 ____D C:\Users\Administrator\Documents\Vuze Downloads
2012-03-23 21:52 - 2012-02-29 23:06 - 0000000 ____D C:\Users\Administrator\Downloads\Skyrim
2012-03-23 19:24 - 2011-08-16 20:27 - 0000000 ____D C:\Users\Administrator\Desktop\loadtubes.com - music
2012-03-15 20:56 - 2011-07-26 00:28 - 0000000 ____D C:\Users\Administrator\.frostwire5
2012-03-14 00:59 - 2012-03-14 00:58 - 0000000 ____D C:\Users\Administrator\Downloads\1dot51body_textures-6709-1-51
2012-03-12 22:53 - 2012-03-12 22:53 - 0000000 ____D C:\Users\Administrator\AppData\Roaming\Wargaming
2012-03-12 02:38 - 2010-08-04 00:05 - 0000000 ___RD C:\Users\Administrator\Desktop\Programme
2012-03-11 19:32 - 2011-12-27 01:18 - 0000000 ____D C:\Users\Administrator\Documents\Nexus Mod Manager
2012-03-10 18:19 - 2012-03-10 18:19 - 0000000 ____D C:\Program Files (x86)\Ask.com
2012-03-10 18:19 - 2011-08-12 15:55 - 0000000 ____D C:\Program Files (x86)\FrostWire 5
2012-03-09 17:52 - 2012-03-09 17:50 - 87227952 ____A C:\Users\Administrator\Downloads\avira_free_antivirus_de.exe
2012-03-07 19:04 - 2006-11-02 15:33 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-07 04:33 - 2006-11-02 14:33 - 59768832 ____A C:\Windows\System32\config\SOFTWARE.rcbak
2012-03-07 04:33 - 2006-11-02 14:33 - 53477376 ____A C:\Windows\System32\config\COMPONENTS.rcbak
2012-03-07 04:33 - 2006-11-02 14:33 - 29360128 ____A C:\Windows\System32\config\SYSTEM.rcbak
2012-03-07 04:33 - 2006-11-02 14:33 - 0151552 ____A C:\Windows\System32\config\DEFAULT.rcbak
2012-03-07 04:33 - 2006-11-02 14:33 - 0053248 ____A C:\Windows\System32\config\SAM.rcbak
2012-03-07 04:33 - 2006-11-02 14:33 - 0024576 ____A C:\Windows\System32\config\SECURITY.rcbak
2012-03-07 02:49 - 2011-06-23 04:30 - 0262144 ___AH C:\Windows\System32\config\SYSTEM.rctemp.LOG1
2012-03-07 02:48 - 2011-06-23 04:30 - 0262144 ___AH C:\Windows\System32\config\SOFTWARE.rctemp.LOG1
2012-03-07 02:46 - 2011-06-13 23:58 - 0011762 ____A C:\Windows\System32\msrgman.dav
2012-03-06 20:40 - 2012-01-08 07:37 - 0000616 ____A C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCDHost.lnk
2012-03-06 08:44 - 2012-04-12 03:02 - 4699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 23:36 - 2012-03-05 23:36 - 0035314 ____A C:\Users\Administrator\Desktop\DxDiag.txt
2012-03-05 20:48 - 2011-08-05 23:25 - 0000000 ____D C:\Windows\SysWOW64\directx
2012-03-05 19:58 - 2012-03-05 19:58 - 0360928 ____A C:\Users\Administrator\AppData\Local\dd_vcredistMSI21C4.txt
2012-03-05 19:58 - 2012-03-05 19:58 - 0011202 ____A C:\Users\Administrator\AppData\Local\dd_vcredistUI21C4.txt
2012-03-05 19:57 - 2012-03-05 19:57 - 0000000 ____D C:\Games
2012-03-04 00:43 - 2012-03-04 00:43 - 0000000 ____D C:\Windows\System32\Macromed
2012-03-04 00:43 - 2011-07-10 14:36 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-02 00:41 - 2012-03-02 00:41 - 0000000 ____D C:\Users\Administrator\AppData\Roaming\Unity
2012-03-02 00:25 - 2012-03-02 00:25 - 0000000 ____D C:\Users\Administrator\AppData\Local\Unity
2012-03-02 00:25 - 2010-08-03 23:12 - 0000000 ____D C:\Users\Administrator\AppData\LocalLow
2012-02-29 23:09 - 2012-02-29 23:08 - 0000000 ____D C:\Users\Administrator\Downloads\Fallout3
2012-02-29 23:09 - 2012-02-29 23:06 - 0000000 ____D C:\Users\Administrator\Downloads\New Vegas
2012-02-29 23:08 - 2012-02-29 23:07 - 0000000 ____D C:\Users\Administrator\Downloads\X3
2012-02-29 17:37 - 2012-04-12 03:02 - 0219136 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 17:37 - 2012-04-12 03:02 - 0005632 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 17:35 - 2012-04-12 03:02 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 17:11 - 2012-04-12 03:02 - 0172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 17:11 - 2012-04-12 03:02 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 17:09 - 2012-04-12 03:02 - 0157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 15:52 - 2012-04-12 03:02 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 00:08 - 2011-12-16 16:26 - 333083357 ____A C:\Users\Administrator\Desktop\Komplettloesung_Skyrim_final.pdf
2012-02-28 09:34 - 2012-04-12 03:03 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-28 09:02 - 2012-04-12 03:03 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-28 08:56 - 2012-04-12 03:03 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-28 08:50 - 2012-04-12 03:03 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-28 08:49 - 2012-04-12 03:03 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-28 08:48 - 2012-04-12 03:03 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-28 08:48 - 2012-04-12 03:03 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-28 08:47 - 2012-04-12 03:03 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-28 08:45 - 2012-04-12 03:03 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-28 08:43 - 2012-04-12 03:03 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-28 08:43 - 2012-04-12 03:03 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-28 08:42 - 2012-04-12 03:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-28 08:39 - 2012-04-12 03:03 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-28 03:52 - 2012-04-12 03:03 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-28 03:27 - 2012-04-12 03:03 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-28 03:18 - 2012-04-12 03:03 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-28 03:12 - 2012-04-12 03:03 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-28 03:11 - 2012-04-12 03:03 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-28 03:11 - 2012-04-12 03:03 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-28 03:09 - 2012-04-12 03:03 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-28 03:08 - 2012-04-12 03:03 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-28 03:06 - 2012-04-12 03:03 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-28 03:04 - 2012-04-12 03:03 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-28 03:03 - 2012-04-12 03:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-28 03:03 - 2012-04-12 03:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-28 02:59 - 2012-04-12 03:03 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-23 10:18 - 2010-08-05 20:06 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-16 18:53 - 2010-08-09 01:38 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-14 18:49 - 2012-03-14 19:39 - 0327680 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-14 18:49 - 2012-03-14 19:39 - 0196096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-14 17:45 - 2012-03-14 19:39 - 0219648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-14 17:45 - 2012-03-14 19:39 - 0160768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-13 16:38 - 2012-03-14 19:39 - 2002944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-13 16:12 - 2012-03-14 19:39 - 1172480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-13 16:06 - 2012-03-14 19:39 - 0834048 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-13 16:03 - 2012-03-14 19:39 - 1555968 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-13 15:47 - 2012-03-14 19:39 - 0683008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-13 15:44 - 2012-03-14 19:39 - 1068544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-05 18:54 - 2012-02-05 18:54 - 0000000 ____D C:\Program Files (x86)\Logitech
2012-02-05 18:54 - 2010-08-05 23:15 - 0000000 ____D C:\Users\All Users\Logitech
2012-02-05 18:54 - 2010-08-05 23:15 - 0000000 ____D C:\ProgramData\Logitech
2012-02-03 00:15 - 2012-02-03 00:18 - 0364133 ____A C:\Users\Administrator\Desktop\031c817e-6f7e-4fd6-99c0-c89ab39e6e52.gif
2012-02-02 17:34 - 2012-03-14 19:39 - 2765824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-01 00:48 - 2012-02-01 00:47 - 0000000 ____D C:\Users\Administrator\Desktop\fallout
2012-02-01 00:47 - 2012-02-01 00:46 - 0000000 ____D C:\Users\Administrator\Desktop\funny
2012-02-01 00:46 - 2012-02-01 00:46 - 0000000 ____D C:\Users\Administrator\Desktop\X3
2012-01-31 21:54 - 2012-01-31 21:54 - 4723254 ____A C:\Users\Administrator\Downloads\yourepitiful.mp3
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
========================= Memory info ======================
Percentage of memory in use: 12%
Total physical RAM: 4090.58 MB
Available physical RAM: 3571.39 MB
Total Pagefile: 8356.68 MB
Available Pagefile: 7944.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:97.66 GB) (Free:7.88 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: () (Fixed) (Total:833.85 GB) (Free:526.17 GB) NTFS
3 Drive e: (Disk1) (CDROM) (Total:4.38 GB) (Free:0 GB) UDF
4 Drive f: (INTENSO) (Removable) (Total:3.76 GB) (Free:3.68 GB) FAT32
Datentr ### Status GrӇe Frei Dyn GPT
-------- ---------- ------- ------- --- ---
0 Online 932 GB 0 B
1 Online 3856 MB 0 B
2 Kein Mediu 0 B 0 B
3 Kein Mediu 0 B 0 B
4 Kein Mediu 0 B 0 B
5 Kein Mediu 0 B 0 B
==========================================================
Last Boot: 2012-04-26 18:34
======================= End Of Log ==========================
Geändert von bstli (26.04.2012 um 20:15 Uhr) Grund: neue Info |
|
27.04.2012, 14:17
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner"Zahlungsauforderung Suisa" Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:
__________________Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
__________________ |
|
27.04.2012, 19:27
| #3 |
| | Trojaner"Zahlungsauforderung Suisa" Hallo Cosinus
__________________Danke erstmals für Deine Bemühungen. Mittlerweile habe ich über Umwege den Trojaner (wahrscheinlich) wegbekommen und der Pc scheint wieder zu funktionieren. Ich schreibe nachher auf, wie ich es gemacht habe. Wollte den Scan mit OTLPENet machen, jedoch jedesmal, wenn der Windows-Ladeschirm kommt, wird abgebrochen. Ein blauer Bildschirm mit der Mittteilung, dass Windows wegen eines Fehlers abgebrochen wurde erscheint dann. Habe das Programm noch einmal neu runtergeladen und mehrmals neu gebrannt, ändert sich aber nichts. Keine Ahnung was da falsch läuft. Zu meinem Vorgehen gegen den Trojaner. Ich habe über meinen sauberen Laptop das Programm Trojan Remover(hxxp://www.chip.de/downloads/Trojan-Remover_13015091.html) runtergeladen und auf den Stick geladen. Danach habe ich auf meinen infizierten Pc mittels "Abgesicherter Modus mit Kommandoeingabe" das Programm installiert und gestartet. Er hat mir diverse Fehler angezeigt(welche ich grosszügig mit "alles Reparieren" abgehackt habe), sowie zwei Einstellungen verändert( Regedit wurde gesperrt vom Trojaner und Anzeigen auf dem Desktop). Als ich danach den Pc neugestartet habe, lief wieder alles. Nichts ist verschwunden oder verschlüsselt. Was ich aber bemerkte ist, dass er immer wieder ganz kurze Hänger hat(nicht mal ne halbe Sekunde lang) merkbar vorallem beim Schreiben. Ein Scan wäre also sicher nicht verkehrt, aber mit dem OTLPENet scheint das nicht zu funktionieren. Grüessli bstli Geändert von bstli (27.04.2012 um 19:33 Uhr) Grund: Link versucht einzufügen |
|
27.04.2012, 20:00
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner"Zahlungsauforderung Suisa" Geh mal ins BIOS deines Computers und stell den Plattencontroller von AHCI auf IDE bzw. Compatible um. Genauere Anleitungen kann man nicht posten, da fast jedes BIOS anders aussieht. Schau notfalls ins Handbuch. Um das installierte Windows wieder booten zu können musst du natürlich auf AHCI wieder umstellen.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.04.2012, 20:26
| #5 |
| | Trojaner"Zahlungsauforderung Suisa" Im Bios sind die Laufwerke alle auf IDE und die Zeile "Onboard SATA/IDE Ctrl Mode" ist auch auf IDE. Laden kann ich die CD immer noch nicht. Versuche sie nocheinmal runterzuladen und zu brennen. Grüessli bstli Edit: Ok, habe eine Zeile im BIOS übersehen. Logs sind hier: Code:
ATTFilter OTL logfile created on: 4/28/2012 1:52:30 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 7.51 Gb Free Space | 7.69% Space Free | Partition Type: NTFS
Drive H: | 833.85 Gb Total Space | 526.17 Gb Free Space | 63.10% Space Free | Partition Type: NTFS
Drive I: | 3.76 Gb Total Space | 3.55 Gb Free Space | 94.42% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/06/30 17:55:58 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV:64bit: - [2011/04/27 12:08:54 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/10/20 12:44:57 | 000,189,248 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/10/20 12:44:47 | 000,075,064 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/22 14:47:18 | 000,212,232 | ---- | M] (DeviceVM, Inc.) [Auto] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/04 13:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/04/27 11:23:42 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/06/30 17:55:59 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/30 17:55:59 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/18 07:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 07:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2010/04/27 07:40:58 | 000,388,448 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netr7064.sys -- (rt70x64)
DRV:64bit: - [2009/11/23 11:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 11:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/17 11:32:04 | 000,109,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/03 06:21:50 | 000,210,944 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/07/01 05:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/02/03 11:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007/04/11 09:35:30 | 000,056,080 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/04/11 09:35:22 | 000,053,520 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/04/11 09:34:58 | 000,035,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2006/12/05 05:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/07/10 12:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV:64bit: - [2006/06/14 10:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2011/08/14 05:54:03 | 000,002,996 | ---- | M] (Buzz) [Kernel | System] -- C:\Windows\SysWOW64\drivers\hwinterface.sys -- (hwinterface)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A A6 D2 5B 59 62 CB 01 [binary data]
IE - HKU\Administrator_ON_C\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/20 15:54:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011/08/16 14:25:08 | 000,000,000 | ---D | M]
[2010/08/24 15:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2010/08/24 15:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
File not found (No name found) --
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\THUNDERBIRD\PROFILES\42HNEZ0A.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Administrator\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Administrator\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\Administrator_ON_C..\Run: [Steam] File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCDHost.lnk = File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0639ea4b-9f42-11df-9740-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0639ea4b-9f42-11df-9740-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe
O33 - MountPoints2\{f54e672e-9f45-11df-bcf6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f54e672e-9f45-11df-bcf6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autoplay.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/04/27 11:23:42 | 000,834,544 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/04/27 11:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies
[2012/04/27 11:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/04/26 18:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/04/26 18:00:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Simply Super Software
[2012/04/26 18:00:14 | 000,598,528 | ---- | C] (Igor Pavlov) -- C:\Windows\SysWow64\ztv7z.dll
[2012/04/26 18:00:14 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll
[2012/04/26 18:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012/04/26 18:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012/04/26 18:00:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Simply Super Software
[2012/04/26 18:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012/04/26 13:41:15 | 000,000,000 | ---D | C] -- C:\FRST
[2012/04/26 11:04:09 | 000,224,256 | ---- | C] (kwlXV) -- C:\Users\Administrator\AppData\Roaming\ram_reserver64.exe.vir
[2012/04/24 13:10:59 | 000,101,520 | ---- | C] (Syntek Ltd.) -- C:\Windows\SysWow64\drivers\STK02NW2.sys
[2012/04/24 13:10:59 | 000,033,728 | ---- | C] (Syntek Ltd.) -- C:\Windows\SysWow64\drivers\STK02NW1.sys
[2012/04/24 13:10:58 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\STK02NP.ax
[2012/04/24 13:10:58 | 000,000,000 | ---D | C] -- C:\Windows\STK02N
[2012/04/11 21:03:09 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012/04/11 21:03:09 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/11 21:03:08 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/11 21:03:08 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012/04/11 21:03:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/11 21:03:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/11 21:03:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/11 21:03:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/11 21:03:07 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/11 21:03:07 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/11 21:03:07 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/04/11 21:03:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/11 21:02:58 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/11 21:02:53 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll
[2012/04/11 21:02:53 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2012/04/11 21:02:53 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imagehlp.dll
[2012/04/11 21:02:53 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
[2012/04/11 21:02:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/04/27 18:44:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/27 18:44:20 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 18:44:20 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 18:32:39 | 000,053,333 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/04/27 18:32:39 | 000,053,333 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/04/27 11:23:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/04/27 11:21:00 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/04/27 11:21:00 | 000,604,804 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/27 11:21:00 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/04/27 11:21:00 | 000,108,136 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/26 19:06:21 | 000,301,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/26 18:46:42 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/04/26 18:00:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012/04/26 16:03:18 | 000,039,594 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20120426_220230.reg
[2012/04/26 15:57:27 | 000,014,945 | ---- | M] () -- C:\Windows\System32\msrgman.dav
[2012/04/26 15:52:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry CleanUP 5
[2012/04/26 11:05:20 | 000,090,112 | ---- | M] () -- C:\ProgramData\bfcbfccdddedddcdct.exe
[2012/04/26 11:04:09 | 000,224,256 | ---- | M] (kwlXV) -- C:\Users\Administrator\AppData\Roaming\ram_reserver64.exe.vir
[2012/04/25 14:10:44 | 000,041,472 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/24 13:10:58 | 000,001,391 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/04/26 18:00:14 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar39.dll
[2012/04/26 18:00:14 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2012/04/26 18:00:14 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012/04/26 18:00:14 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2012/04/26 18:00:14 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012/04/26 16:02:33 | 000,039,594 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20120426_220230.reg
[2012/04/26 11:04:16 | 000,090,112 | ---- | C] () -- C:\ProgramData\bfcbfccdddedddcdct.exe
[2012/04/24 13:10:58 | 000,001,391 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/25 22:35:03 | 000,187,124 | ---- | C] () -- C:\Windows\Kino Mogul Uninstaller.exe
[2011/02/08 16:23:45 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2011/02/08 16:22:48 | 001,502,086 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/24 19:32:03 | 000,000,098 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2010/11/24 19:31:51 | 000,192,174 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2010/10/20 12:44:47 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010/10/20 12:44:47 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/10/20 12:44:47 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/10/10 19:17:02 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\apache.dll
[2010/08/08 04:59:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/08 04:59:29 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/08/08 04:59:08 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/08/07 07:40:44 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010/08/05 17:21:50 | 000,041,472 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/05 15:44:24 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/08/03 17:35:34 | 000,053,333 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/03 17:35:33 | 000,053,333 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/08/03 17:15:19 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/08/03 17:11:47 | 000,001,460 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2010/04/06 06:10:15 | 000,225,411 | ---- | C] () -- C:\Windows\SysWow64\PosPrKpLib.dll
[2010/04/06 06:10:07 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\PosTickerLib.dll
[2009/05/30 00:42:00 | 000,309,248 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2009/03/11 21:01:00 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\DirectCOM.dll
[2008/10/07 03:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 03:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/06/21 02:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI
[2005/09/23 07:52:14 | 000,078,848 | ---- | C] () -- C:\Windows\SysWow64\OneWay.dll
[2002/06/02 10:05:40 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\1Way.dll
========== LOP Check ==========
[2010/11/24 19:43:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Artweaver
[2012/04/09 19:40:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2011/03/14 16:30:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/07/25 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FrostWire
[2010/12/28 08:07:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo
[2011/08/08 19:33:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Grand Ages Rome
[2011/08/16 14:25:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gutscheinmieze
[2010/08/28 18:50:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2010/11/05 15:22:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Raptr
[2012/04/26 18:00:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Simply Super Software
[2011/06/13 17:58:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Software4u
[2012/01/20 15:54:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2011/10/15 09:49:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tropico 3
[2011/02/08 16:29:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Turbine
[2010/08/12 18:42:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\UFOAI
[2012/03/01 18:41:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2012/03/12 16:53:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wargaming
[2012/04/17 13:25:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\wargaming.net
[2010/08/03 17:09:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/11/24 19:43:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Artweaver
[2010/08/07 08:29:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Azureus
[2011/12/28 08:27:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Computer Updater
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/08/03 17:09:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/10/20 13:09:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\DSS
[2011/07/20 17:33:03 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2011/07/20 17:33:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2010/08/03 17:09:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/08/14 03:03:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2010/10/15 19:15:13 | 000,000,000 | ---D | M] -- C:\ProgramData\OfficeRecovery
[2011/06/13 10:07:57 | 000,000,000 | ---D | M] -- C:\ProgramData\oM28283DpNaH28283
[2010/10/24 19:23:29 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2010/08/12 18:22:37 | 000,000,000 | ---D | M] -- C:\ProgramData\ScreenSeven
[2012/04/26 18:00:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Simply Super Software
[2011/06/13 17:58:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Software4u
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/08/03 17:09:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/04/26 18:49:30 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/05/21 19:49:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2010/08/03 17:09:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/10/02 15:46:33 | 000,000,000 | -H-D | M] -- C:\ProgramData\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}
[2012/04/27 18:44:20 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 27.04.2012 00:54:30 - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = F:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 60,85% Memory free
8,21 Gb Paging File | 6,49 Gb Available in Paging File | 79,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 7,84 Gb Free Space | 8,03% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 526,17 Gb Free Space | 63,10% Space Free | Partition Type: NTFS
Drive E: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 3,76 Gb Total Space | 3,55 Gb Free Space | 94,35% Space Free | Partition Type: FAT32
Computer Name: BSTLI-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = D6 D3 02 02 77 39 CB 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B54DC35-8D98-41D1-A7DA-239AFE0A2227}" = lport=137 | protocol=17 | dir=in | app=system |
"{5B3EE38A-E250-497F-9D2F-895BF34D58AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5ED3601A-585D-436C-BB84-73688753DF2F}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{72A4E932-260F-4248-8EBA-FF99A15804A6}" = lport=445 | protocol=6 | dir=in | app=system |
"{8FA48268-76E3-4CA4-967E-874C980FC8C2}" = lport=139 | protocol=6 | dir=in | app=system |
"{902F97A4-72EF-47BB-BD12-82474FCDF976}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9E1C57EF-A789-48B3-922D-2FABA96286DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BD0BBA3C-D650-4322-A484-9CCDD331A519}" = rport=138 | protocol=17 | dir=out | app=system |
"{D0616E4C-4231-4803-9238-A60ED2706EB6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EC875281-E6E7-4A87-8572-FB2F1F120F57}" = rport=137 | protocol=17 | dir=out | app=system |
"{EE82D85E-6076-4927-A198-871F3059555E}" = lport=138 | protocol=17 | dir=in | app=system |
"{F4F908E7-83F3-43B7-933A-CB8F5AECE966}" = rport=139 | protocol=6 | dir=out | app=system |
"{FA965DE1-7E50-4ACF-87C9-C4463720B3B5}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D238B2-D08F-4B14-AEEA-28F9AAFF5174}" = protocol=17 | dir=in | app=d:\games\fallout4\steam.exe |
"{03C40D69-8A46-4F33-BA7F-E2345A7C8BC5}" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"{04672F17-2FD1-4C77-AE21-C732DA7B1FE8}" = protocol=6 | dir=in | app=d:\programme\frostwire\frostwire.exe |
"{05E95D38-922A-4490-8E64-3DC27202185A}" = protocol=6 | dir=in | app=d:\games\two worlds\twoworlds.exe |
"{07E025EB-AF18-4A49-9257-1E94329469DA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0A4BDCFD-E81F-4C1A-A888-880A23DDB78A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{0AF301CF-2368-4561-910D-08456E47495F}" = protocol=6 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe |
"{0B449914-7027-4C17-B376-1E77074A910F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{12BAB509-5764-48F9-8477-905CE4AD629F}" = protocol=6 | dir=in | app=d:\games\hellgate london\launcher.exe |
"{18C07766-6C6E-4D94-87AD-3F104BFD5EAB}" = protocol=17 | dir=in | app=d:\games\sacred 2 - fallen angel\system\sacred2.exe |
"{22CFC034-AC89-459A-83F3-EDFC647FFAB0}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\skyrim\creationkit.exe |
"{275C39FA-4876-47C1-B3EA-C25CBC944E98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{27827E77-7389-41E0-A73C-6D045C6469B4}" = protocol=6 | dir=in | app=d:\games\dragon age 2\bin_ship\dragonage2.exe |
"{30554186-3C7E-451D-B80A-95ACD9DF05EA}" = protocol=17 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe |
"{309EADB4-EB1C-4796-A5A6-0C4277E17256}" = protocol=17 | dir=in | app=d:\games\dragon age 2\dragonage2launcher.exe |
"{329A16ED-F427-4D53-BD17-A5E9E363D102}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{332B4D8C-D752-400C-A0C7-94D6B36BBD41}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{37AB3C42-077A-49D9-A165-FD82256888D0}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{3BB3C517-A8E4-4462-AA40-C41109AA1558}" = protocol=17 | dir=in | app=d:\programme\limewire\limewire.exe |
"{3C4A8A56-1BD6-4B33-88B3-80C82A444BEB}" = protocol=6 | dir=in | app=d:\games\sins of a solar empire\sins of a solar empire.exe |
"{3EE1B0BE-C463-46CD-8D44-01A35B11F5ED}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\skyrim\creationkit.exe |
"{42FA9BF2-22F8-40A2-A9EF-EC143DB11605}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4523A275-F32D-437B-9A18-5FAA0F53CFDC}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{45A5B12B-22BA-49BE-AC83-6E4E05AF9484}" = protocol=6 | dir=in | app=d:\games\alpha protocol\binaries\apgame.exe |
"{46D39898-16BA-473C-AD7A-A94D536DDB9A}" = protocol=17 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe |
"{46DF55BA-6573-44FA-84EA-7CD5A9330B4C}" = protocol=17 | dir=in | app=d:\games\two worlds\twoworlds_radeon.exe |
"{49D6C96C-49AC-4308-A9D1-DA8E3366FAB0}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{4A187400-E65B-42DA-B5A3-3EAF597B4A6D}" = protocol=17 | dir=in | app=d:\games\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{4D774D83-47F8-4E27-9E15-4F02FDBADDFF}" = protocol=17 | dir=in | app=d:\programme\frostwire\frostwire 5\frostwire.exe |
"{5015D841-7BB6-4644-BBD9-51B7D9B049F1}" = protocol=6 | dir=in | app=d:\programme\frostwire\frostwire 5\frostwire.exe |
"{52540550-D0A3-4B34-B965-849717B3EEAD}" = protocol=17 | dir=in | app=d:\games\frontlines-fuel of war\binaries\ffow.exe |
"{5ACCF351-85ED-4F92-A541-078FDEFD79B2}" = protocol=6 | dir=in | app=d:\programme\limewire\limewire.exe |
"{60503B45-9956-4051-8D91-4280C31BA535}" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{621E683E-F4B1-4B97-AA05-007B73291EA4}" = protocol=6 | dir=in | app=d:\programme\frostwire\frostwire.exe |
"{629B89BF-F1E7-4829-8004-FB4A8A496058}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{68DBE598-502F-4FD3-B026-2F8FD55AD8F9}" = protocol=17 | dir=in | app=d:\games\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{7048FAE2-7374-4F22-B06C-39CB21B081EB}" = protocol=6 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe |
"{72879C34-9ED5-405B-BBA8-4AD0CEC2C1B0}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{73FB4A31-6345-4FD4-A41A-C0EB76565E19}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\fallout new vegas\geck.exe |
"{782EEAB1-AFA1-4921-B329-873038B3506D}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{7D78D875-6609-4390-BEBE-EA046F7E7B26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8459BA0D-44DC-427A-B454-A76D0AE97CC3}" = protocol=17 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe |
"{868BC462-A93C-4E0C-BAE6-02130DC6B6E2}" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"{871FD8C3-4E6F-46A0-BC31-D26797696F2A}" = protocol=6 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe |
"{8839DF13-9DF8-4048-98BE-D0520BAEF38A}" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe |
"{888C5B7C-3E12-4603-BBD0-D246E7E2AACE}" = protocol=17 | dir=in | app=d:\games\hellgate london\launcher.exe |
"{8927F50C-A5B8-400B-B059-88E7B5D94FF9}" = protocol=6 | dir=in | app=d:\games\sacred 2 - fallen angel\system\s2gs.exe |
"{8A13A81F-467C-4862-88CC-A66DBDA04917}" = protocol=6 | dir=in | app=d:\games\two worlds\twoworlds_radeon.exe |
"{8A7AE466-304B-418D-98A2-02CDCE6A98A7}" = protocol=17 | dir=in | app=d:\games\mass effect 2\masseffect2launcher.exe |
"{92A17251-5FCD-4BC6-BF49-D5DCE18362D8}" = protocol=17 | dir=in | app=d:\programme\frostwire\frostwire.exe |
"{97363EA9-E0D1-49C1-9EBD-B5B57DC6A332}" = protocol=6 | dir=in | app=d:\games\mass effect 2\masseffect2launcher.exe |
"{9B5A9D85-A6DA-4A7E-902D-8C4FB3C377AF}" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe |
"{9C9CE63C-D3CE-4BAA-9797-41B858574353}" = protocol=6 | dir=in | app=d:\games\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{A07E108E-EC83-4B9A-9E66-AAF38BC06332}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\fallout new vegas\geck.exe |
"{A0B6F2A6-2C68-44E0-9C94-7F2AEF595A87}" = protocol=17 | dir=in | app=d:\programme\steam\steam.exe |
"{A2705AEF-0EAB-457F-889C-8023AE225291}" = protocol=17 | dir=in | app=d:\games\sacred 2 - fallen angel\system\s2gs.exe |
"{AC5843B3-7DAF-4792-97BF-57917740EBD7}" = protocol=17 | dir=in | app=d:\games\alpha protocol\binaries\apgame.exe |
"{AE37F1E6-31BB-4C74-A1CD-D6A97463CF2E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B0732B0B-8696-4E09-97EA-940942DD6888}" = protocol=6 | dir=in | app=d:\programme\steam\steam.exe |
"{B1959C59-6C09-44D6-A6AB-4E075738561C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B2C22F42-31BC-4174-9B99-FA3FE2819903}" = protocol=17 | dir=in | app=d:\games\sins of a solar empire\sins of a solar empire.exe |
"{B41FA10D-7195-4EF2-A872-16AB83CEBD17}" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{BCB62B08-B859-47B9-A840-49816AF7BC6A}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{C886400A-B34C-487A-9BE7-92E030F0AEB6}" = protocol=17 | dir=in | app=d:\games\world of warcraft\backgrounddownloader.exe |
"{CF40B015-382B-4C9A-8F4D-E204A92B7424}" = protocol=6 | dir=in | app=d:\games\sacred 2 - fallen angel\system\sacred2.exe |
"{D4FAF537-01CB-4C94-BDB7-BCD50F9ECFFC}" = protocol=6 | dir=in | app=d:\games\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{D8B06A53-7219-40A1-9F04-C32960B60601}" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe |
"{E2C536E7-94E0-4AAE-9CBE-08A86BA94D70}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{E588D0EE-0FEE-45B5-A52F-6FE617F9270F}" = protocol=6 | dir=in | app=d:\games\frontlines-fuel of war\binaries\ffow.exe |
"{ED61A6E6-C69A-4700-8BEA-8C168B947EC8}" = protocol=6 | dir=in | app=d:\games\fallout4\steam.exe |
"{EE624CD0-C444-4673-87CF-2CE20773BD0D}" = protocol=17 | dir=in | app=d:\games\two worlds\twoworlds.exe |
"{EFAB5A54-0637-47AC-A210-5E77EEF82213}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{F187A4DD-8AF5-43EF-828E-BBD8A91F99FE}" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe |
"{F2D4426B-CBBC-4977-B131-5FC0AEB2FF11}" = protocol=17 | dir=in | app=d:\programme\frostwire\frostwire.exe |
"{F31CA22F-D780-4DC2-8E4C-E9DCEAE383CF}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{F343935D-36D1-475D-91B4-ACF89B3BD70E}" = protocol=17 | dir=in | app=d:\games\dragon age 2\bin_ship\dragonage2.exe |
"{F3493842-CBFC-461C-A7A7-ACBC73F062FA}" = protocol=6 | dir=in | app=d:\games\dragon age 2\dragonage2launcher.exe |
"{F3A4DE40-7477-4E28-9422-927E67E5BBA5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F56E430E-0344-43C8-99C6-0A91ACB1EFAB}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{F9D3CD97-2692-4B9C-B465-39ACBE46B2A6}" = protocol=6 | dir=in | app=d:\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{0819DDDB-8D63-4E09-BFF6-1EF406D0350D}D:\games\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=d:\games\der herr der ringe online\lotroclient.exe |
"TCP Query User{0B1BEF43-9949-4EE3-BA58-3A3344B89CA7}D:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{34FF5DCB-A9FC-40E9-8468-7A2FE2F5A8C4}D:\games\tremulous\tremulous.exe" = protocol=6 | dir=in | app=d:\games\tremulous\tremulous.exe |
"TCP Query User{50C422F9-4C05-47B1-BFC9-14C87139ED6C}D:\games\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=d:\games\age of conan\conanpatcher.exe |
"TCP Query User{51972C50-6958-4F99-9453-A6E360E44192}D:\games\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\games\the witcher 2\bin\witcher2.exe |
"TCP Query User{529C396C-BCF0-4032-B271-29531603CD2C}D:\programme\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\programme\java\bin\javaw.exe |
"TCP Query User{64A718A2-57D5-451F-ADEB-F63D821FE7D7}D:\games\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=d:\games\medal of honor\binaries\moh.exe |
"TCP Query User{7DFB38EB-2ECD-454A-A1C4-4D76018E5A13}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |
"TCP Query User{7FBCC74C-CD7E-4DDE-9265-9B2754836C4D}D:\programme\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\programme\java\bin\javaw.exe |
"TCP Query User{88CDE8D2-3AD1-4922-8100-0053AFC761FC}C:\games\world_of_warplanes\wowplauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_warplanes\wowplauncher.exe |
"TCP Query User{8A744B26-9AF3-4FB8-AA34-CEDF8E1A01C7}D:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{8F13D1B6-8788-4ACE-A9B4-E90420E3C0BB}D:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"TCP Query User{902C712C-12FC-4631-847E-05EE3F2E8CBA}D:\games\splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=d:\games\splinter cell double agent\scda-offline\system\splintercell4.exe |
"TCP Query User{9C942B26-FF4B-4177-90A3-155DDE6821B1}D:\games\dawn of war\w40k.exe" = protocol=6 | dir=in | app=d:\games\dawn of war\w40k.exe |
"TCP Query User{A13906BB-65CC-48AD-8BE3-E5FABFB07538}D:\games\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=d:\games\dawn of war\w40kwa.exe |
"TCP Query User{AF54E902-4840-44BB-83A6-C1281B5F69D4}D:\games\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=d:\games\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{B6767EF8-2B46-4AB7-B883-BD480D738FC6}D:\programme\azureus\azureus.exe" = protocol=6 | dir=in | app=d:\programme\azureus\azureus.exe |
"TCP Query User{BEB1EE61-046F-4353-9D68-E9687E1A8DAA}D:\programme\azureus\azureus.exe" = protocol=6 | dir=in | app=d:\programme\azureus\azureus.exe |
"TCP Query User{C2E5EBBB-35DF-4C1D-97DB-54EEA6AABE45}D:\games\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=d:\games\medal of honor\binaries\moh.exe |
"TCP Query User{C8261161-F924-4962-AC47-7B3E1C03A888}D:\games\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks_closed_beta\wotlauncher.exe |
"TCP Query User{CDD29286-A0F7-40E7-AA8B-FF5153D19AF0}D:\games\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=d:\games\dawn of war - soulstorm\soulstorm.exe |
"TCP Query User{CFFEAE32-4946-407D-99BC-B798FA57B382}D:\games\sacred 2 - fallen angel\system\s2gs.exe" = protocol=6 | dir=in | app=d:\games\sacred 2 - fallen angel\system\s2gs.exe |
"TCP Query User{E0AEDABF-4222-497A-BEF3-4851F951C7BA}D:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{F4BA85F2-5C2F-417E-8370-8B620DDEEC73}D:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{F64B227A-1BA8-4CF2-9E5F-3CC35927A788}D:\games\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=d:\games\age of conan\ageofconan.exe |
"TCP Query User{F7587163-478E-4E25-87E9-39EE5DDBCD4B}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=6 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"TCP Query User{F965A945-DE14-4459-BD29-126AFE54FB00}D:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{FD5A3B91-5347-4632-91A5-98E32737B63C}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{009AF841-A40B-44D8-9CC1-2AA8BF01A064}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{1E28DAC0-6275-4B21-B08D-B84FE21CCDD4}D:\games\sacred 2 - fallen angel\system\s2gs.exe" = protocol=17 | dir=in | app=d:\games\sacred 2 - fallen angel\system\s2gs.exe |
"UDP Query User{236BE8F4-7ECB-4940-BC1F-CC5AB9FD2A29}D:\games\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=d:\games\dawn of war\w40kwa.exe |
"UDP Query User{253BE54F-4B8D-43AB-9D1E-F868262D5D1D}D:\games\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=d:\games\age of conan\conanpatcher.exe |
"UDP Query User{282D98FB-E10F-40BD-A701-1441C3346B76}D:\games\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=d:\games\age of conan\ageofconan.exe |
"UDP Query User{35DBA9EB-6023-4410-895C-6E291A80C45D}D:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{49BC3B95-93E1-4EC5-964F-38C1869C9E8A}D:\games\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=d:\games\medal of honor\binaries\moh.exe |
"UDP Query User{5057BB29-BB35-47B7-AD33-386792C38F5F}D:\games\dawn of war\w40k.exe" = protocol=17 | dir=in | app=d:\games\dawn of war\w40k.exe |
"UDP Query User{5B727AE2-D586-47F9-A6C0-58A5747837D8}D:\games\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=d:\games\der herr der ringe online\lotroclient.exe |
"UDP Query User{627AC655-F40C-4200-92C6-AD33928F92E3}D:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{6588D716-3A1C-441E-9EB9-ACD74FE62EF8}D:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{6B9F8008-84F3-42B8-8706-D6E029462E53}C:\games\world_of_warplanes\wowplauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_warplanes\wowplauncher.exe |
"UDP Query User{6CFBAAB7-96B0-404B-A6CF-5F584253C873}D:\programme\azureus\azureus.exe" = protocol=17 | dir=in | app=d:\programme\azureus\azureus.exe |
"UDP Query User{6F528C0F-9DAA-4DA5-B849-D6B3982451AC}D:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{7FF7A407-D00E-4A22-BEF3-35D619BCFEF8}D:\games\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\games\the witcher 2\bin\witcher2.exe |
"UDP Query User{834789A5-6DFD-4DDB-BE44-FC31875ABDD7}D:\programme\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\programme\java\bin\javaw.exe |
"UDP Query User{83489BA8-7E79-48AB-94AB-2A6E3BE57F23}D:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"UDP Query User{92FBC744-7A1B-447A-B927-64A316859132}D:\games\tremulous\tremulous.exe" = protocol=17 | dir=in | app=d:\games\tremulous\tremulous.exe |
"UDP Query User{998C6CEC-0E0B-4955-BA16-759920AB262F}D:\programme\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\programme\java\bin\javaw.exe |
"UDP Query User{9ACFBBA2-FA87-43C6-9517-76A35D5B6718}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |
"UDP Query User{9D9EC7AC-F4FD-4FAE-9675-5AD6352011A3}D:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{A38021D2-72F7-4D38-A4DD-8B188250680E}D:\games\splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=d:\games\splinter cell double agent\scda-offline\system\splintercell4.exe |
"UDP Query User{B242BF7E-1FEB-44E0-84E1-707C65E5790A}D:\games\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=d:\games\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{C28EF594-A7E5-4D87-B4D8-67F62CD7A22A}D:\games\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=d:\games\medal of honor\binaries\moh.exe |
"UDP Query User{D15B0C2E-DEE5-4913-B767-83D8AEDF0854}D:\games\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks_closed_beta\wotlauncher.exe |
"UDP Query User{DBCB1775-63D9-4678-AD6F-A4242CB4FB0A}D:\programme\azureus\azureus.exe" = protocol=17 | dir=in | app=d:\programme\azureus\azureus.exe |
"UDP Query User{E12D9A3C-AC15-434B-BA54-1F787E64B23B}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=17 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"UDP Query User{E714A911-996D-4B0E-8567-92142D7B4E94}D:\games\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=d:\games\dawn of war - soulstorm\soulstorm.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Free Hex Editor Neo 4.93
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B1A8F3D-8059-43FB-A7AE-4F2C21F0AAF2}" = KhalInstallWrapper
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B744987-A39E-45E5-B930-11EDBDFE3003}" = X3 Reunion
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.3.11
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1" = World of Warplanes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 30
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{554532CE-43E2-4B4F-BBDE-27742A32C236}" = Ancient Wars - Sparta
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{68D2A2E2-6B64-4433-8073-0605EB306C1B}" = Gothic 3 Gold
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AED71CD-5538-4A60-8ECF-B9C45CD21E9C}" = GameSpy Comrade
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89E0B0D4-DFC3-49B9-8E88-F1B801325C8A}" = Emergency 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1" = Artweaver 1.0
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A35883BD-9C83-4625-82F3-90F86728C662}" = FreeUndelete
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}" = STK02N 2.3
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{ED56EF4F-35FF-48D4-B616-A66E791EF1B6}" = Die Siedler 2 - Die nächste Generation
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F833D99F-5951-4268-8109-3000E1D70D28}" = FoxWellSetup
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{WIDELANDS-WIN32-IS}_is1" = Widelands
"247C9365-9617-43EE-934F-84A8ADCB89D7_is1" = Registry CleanUP 5
"8461-7759-5462-8226" = Vuze
"Advanced Strategic Command" = Advanced Strategic Command 2.4.0.0
"Age of Conan_is1" = Age of Conan - Hyborian Adventures
"Alien Terminator Deluxe_is1" = Alien Terminator Deluxe
"ArtMoney SE_is1" = ArtMoney SE v7.33
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"Bink and Smacker" = Bink and Smacker
"CamSpy_is1" = CamSpy V.3.6.2
"CCleaner" = CCleaner (remove only)
"Cheatbook 05.2009" = Cheatbook 05.2009
"Civitas3" = Grand Ages Rome 1.11
"conduitEngine" = Conduit Engine
"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fallout 3 - The Pitt" = Fallout 3 - The Pitt
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.10.2
"FOOK2 v1.0" = FOOK2
"FrostWire 5" = FrostWire 5.3.2
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"GM(S) - Toolbar" = GM(S) - Toolbar
"InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends
"Kino Mogul" = Kino Mogul
"LcdStudio" = LcdStudio 2.0 Build 806
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"OpenAL" = OpenAL
"Photo Pos Pro" = Photo Pos Pro
"Playlogic_K3" = Age of Pirates
"PunkBusterSvc" = PunkBuster Services
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0004]
"Sauerbraten" = Sauerbraten
"Sins of a Solar Empire" = Sins of a Solar Empire
"SpeedFan" = SpeedFan (remove only)
"Steam App 202480" = Creation Kit
"Steam App 22380" = Fallout: New Vegas
"Steam App 22480" = GECK - New Vegas Edition
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Tremulous" = Tremulous 1.1.0
"Trojan Remover_is1" = Trojan Remover 6.8.3
"Tropico3" = Tropico 3 1.00
"Two Worlds" = Two Worlds
"Universal Extractor_is1" = Universal Extractor 1.6 beta
"Video Player1.0" = Video Player
"VLC media player" = VLC media player 1.1.11
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"X Plugin Manager" = X Plugin Manager 2.12
"X3 Bonuspaket_is1" = X3 Bonuspaket 3.1.07
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"LCDHost" = LCDHost - a compositing plugin manager for LCD's
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 26.04.2012 11:20:47 | Computer Name = bstli-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2012 12:13:25 | Computer Name = bstli-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2012 12:23:11 | Computer Name = bstli-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2012 12:23:59 | Computer Name = bstli-PC | Source = EventSystem | ID = 4609
Description =
Error - 26.04.2012 12:29:07 | Computer Name = bstli-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2012 12:47:48 | Computer Name = bstli-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2012 13:39:03 | Computer Name = bstli-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2012 14:00:36 | Computer Name = bstli-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2012 15:09:39 | Computer Name = bstli-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2012 15:52:33 | Computer Name = bstli-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 26.04.2012 17:59:13 | Computer Name = bstli-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.04.2012 17:59:13 | Computer Name = bstli-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 26.04.2012 18:48:08 | Computer Name = bstli-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\D:\Programme\LcdStudio\T6963c.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 26.04.2012 18:48:08 | Computer Name = bstli-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\D:\Programme\LcdStudio\SED133x.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 26.04.2012 18:48:08 | Computer Name = bstli-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\D:\Programme\LcdStudio\n3900.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 26.04.2012 18:48:08 | Computer Name = bstli-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\D:\Programme\LcdStudio\LC7981.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 26.04.2012 18:48:08 | Computer Name = bstli-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 26.04.2012 18:48:08 | Computer Name = bstli-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\D:\Programme\LcdStudio\ks0108.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 26.04.2012 18:49:42 | Computer Name = bstli-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 26.04.2012 18:51:40 | Computer Name = bstli-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
Geändert von bstli (27.04.2012 um 21:09 Uhr) |
|
28.04.2012, 13:20
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner"Zahlungsauforderung Suisa" Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0639ea4b-9f42-11df-9740-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0639ea4b-9f42-11df-9740-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe
O33 - MountPoints2\{f54e672e-9f45-11df-bcf6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f54e672e-9f45-11df-bcf6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autoplay.exe
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9
:Files
C:\Users\Administrator\AppData\Roaming\ram_reserver64.exe.vir
C:\ProgramData\bfcbfccdddedddcdct.exe
C:\ProgramData\oM28283DpNaH28283
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ --> Trojaner"Zahlungsauforderung Suisa" |
|
29.04.2012, 15:00
| #7 |
| | Trojaner"Zahlungsauforderung Suisa" Hier der Scan nach dem Fix: Code:
ATTFilter ========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0639ea4b-9f42-11df-9740-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0639ea4b-9f42-11df-9740-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0639ea4b-9f42-11df-9740-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0639ea4b-9f42-11df-9740-806e6f6e6963}\ not found.
File E:\Run.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f54e672e-9f45-11df-bcf6-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f54e672e-9f45-11df-bcf6-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f54e672e-9f45-11df-bcf6-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f54e672e-9f45-11df-bcf6-806e6f6e6963}\ not found.
File E:\Autoplay.exe not found.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== FILES ==========
C:\Users\Administrator\AppData\Roaming\ram_reserver64.exe.vir moved successfully.
C:\ProgramData\bfcbfccdddedddcdct.exe moved successfully.
C:\ProgramData\oM28283DpNaH28283 folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTLPE by OldTimer - Version 3.1.48.0 log created on 04292012_162742
 doppelklicke das bfcbfccdddedddcdct.exe . Als ich danach das Avira wieder eingeschaltet habe, kommt andauernd die Meldung: gefunden TR/Crypt.ZPACK.Gen8 . Alles entfernen durch Avira nutzt nichts, der kommt immer wieder und der Trojaner Remover findet nichts.Grüessli bstli Ich werde den Scan mit OTLP wiederholen und das Log posten Ok, Avira scheint den Flegel gefunden zu haben, nach dem Neustart kommt keine Fehlermeldung mehr. Auf dem Log vom OTL sehe ich ihn aber noch. Also Schande über mich und Asche über mein Haupt. Ich hoffe du hast noch Nerven mit mir. Hier noch das neueste OTL Log : Code:
ATTFilter OTL logfile created on: 4/30/2012 2:33:28 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 8.78 Gb Free Space | 8.99% Space Free | Partition Type: NTFS
Drive H: | 3.76 Gb Total Space | 3.55 Gb Free Space | 94.42% Space Free | Partition Type: FAT32
Drive I: | 833.85 Gb Total Space | 526.17 Gb Free Space | 63.10% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/06/30 17:55:58 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV:64bit: - [2011/04/27 12:08:54 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/10/20 12:44:57 | 000,189,248 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/10/20 12:44:47 | 000,075,064 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/22 14:47:18 | 000,212,232 | ---- | M] (DeviceVM, Inc.) [Auto] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/04 13:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/04/27 11:23:42 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/06/30 17:55:59 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/30 17:55:59 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/18 07:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 07:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2010/04/27 07:40:58 | 000,388,448 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netr7064.sys -- (rt70x64)
DRV:64bit: - [2009/11/23 11:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 11:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/17 11:32:04 | 000,109,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/03 06:21:50 | 000,210,944 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/07/01 05:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/02/03 11:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007/04/11 09:35:30 | 000,056,080 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/04/11 09:35:22 | 000,053,520 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/04/11 09:34:58 | 000,035,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2006/12/05 05:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/07/10 12:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV:64bit: - [2006/06/14 10:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2011/08/14 05:54:03 | 000,002,996 | ---- | M] (Buzz) [Kernel | System] -- C:\Windows\SysWOW64\drivers\hwinterface.sys -- (hwinterface)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A A6 D2 5B 59 62 CB 01 [binary data]
IE - HKU\Administrator_ON_C\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/20 15:54:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011/08/16 14:25:08 | 000,000,000 | ---D | M]
[2010/08/24 15:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2010/08/24 15:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
File not found (No name found) --
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\THUNDERBIRD\PROFILES\42HNEZ0A.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI
O1 HOSTS File: ([2012/04/29 16:27:43 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Administrator\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Administrator\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\Administrator_ON_C..\Run: [Steam] File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCDHost.lnk = File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/04/29 16:27:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/29 10:41:55 | 000,000,000 | ---D | C] -- C:\avrescue
[2012/04/29 10:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\aD28283NfNbH28283
[2012/04/28 01:57:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/27 11:23:42 | 000,834,544 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/04/27 11:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies
[2012/04/27 11:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/04/26 18:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/04/26 18:00:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Simply Super Software
[2012/04/26 18:00:14 | 000,598,528 | ---- | C] (Igor Pavlov) -- C:\Windows\SysWow64\ztv7z.dll
[2012/04/26 18:00:14 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll
[2012/04/26 18:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012/04/26 18:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012/04/26 18:00:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Simply Super Software
[2012/04/26 18:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012/04/26 13:41:15 | 000,000,000 | ---D | C] -- C:\FRST
[2012/04/24 13:10:59 | 000,101,520 | ---- | C] (Syntek Ltd.) -- C:\Windows\SysWow64\drivers\STK02NW2.sys
[2012/04/24 13:10:59 | 000,033,728 | ---- | C] (Syntek Ltd.) -- C:\Windows\SysWow64\drivers\STK02NW1.sys
[2012/04/24 13:10:58 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\STK02NP.ax
[2012/04/24 13:10:58 | 000,000,000 | ---D | C] -- C:\Windows\STK02N
[2012/04/11 21:03:09 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012/04/11 21:03:09 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/11 21:03:08 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/11 21:03:08 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012/04/11 21:03:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/11 21:03:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/11 21:03:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/11 21:03:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/11 21:03:07 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/11 21:03:07 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/11 21:03:07 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/04/11 21:03:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/11 21:02:58 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/11 21:02:53 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll
[2012/04/11 21:02:53 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2012/04/11 21:02:53 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imagehlp.dll
[2012/04/11 21:02:53 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
[2012/04/11 21:02:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/04/29 11:00:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/29 11:00:44 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 11:00:44 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 11:00:42 | 000,090,112 | ---- | M] () -- C:\ProgramData\bfcbfccdddedddcdct.exe
[2012/04/29 10:34:38 | 000,053,333 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/04/29 10:34:38 | 000,053,333 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/04/29 09:13:23 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/04/29 09:13:23 | 000,604,804 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/29 09:13:23 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/04/29 09:13:23 | 000,108,136 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/28 15:21:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2012/04/27 19:06:02 | 000,042,496 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/27 17:07:58 | 000,017,571 | ---- | M] () -- C:\Windows\System32\msrgman.dav
[2012/04/27 11:23:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/04/26 19:06:21 | 000,301,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/26 18:46:42 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/04/26 18:00:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012/04/26 16:03:18 | 000,039,594 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20120426_220230.reg
[2012/04/26 15:52:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry CleanUP 5
[2012/04/24 13:10:58 | 000,001,391 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/04/29 10:40:00 | 000,090,112 | ---- | C] () -- C:\ProgramData\bfcbfccdddedddcdct.exe
[2012/04/26 18:00:14 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar39.dll
[2012/04/26 18:00:14 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2012/04/26 18:00:14 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012/04/26 18:00:14 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2012/04/26 18:00:14 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012/04/26 16:02:33 | 000,039,594 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20120426_220230.reg
[2012/04/24 13:10:58 | 000,001,391 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/25 22:35:03 | 000,187,124 | ---- | C] () -- C:\Windows\Kino Mogul Uninstaller.exe
[2011/02/08 16:23:45 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2011/02/08 16:22:48 | 001,502,086 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/24 19:32:03 | 000,000,098 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2010/11/24 19:31:51 | 000,192,174 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2010/10/20 12:44:47 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010/10/20 12:44:47 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/10/20 12:44:47 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/10/10 19:17:02 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\apache.dll
[2010/08/08 04:59:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/08 04:59:29 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/08/08 04:59:08 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/08/07 07:40:44 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010/08/05 17:21:50 | 000,042,496 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/05 15:44:24 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/08/03 17:35:34 | 000,053,333 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/03 17:35:33 | 000,053,333 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/08/03 17:15:19 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/08/03 17:11:47 | 000,001,460 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2010/04/06 06:10:15 | 000,225,411 | ---- | C] () -- C:\Windows\SysWow64\PosPrKpLib.dll
[2010/04/06 06:10:07 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\PosTickerLib.dll
[2009/05/30 00:42:00 | 000,309,248 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2009/03/11 21:01:00 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\DirectCOM.dll
[2008/10/07 03:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 03:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/06/21 02:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI
[2005/09/23 07:52:14 | 000,078,848 | ---- | C] () -- C:\Windows\SysWow64\OneWay.dll
[2002/06/02 10:05:40 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\1Way.dll
========== LOP Check ==========
[2010/11/24 19:43:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Artweaver
[2012/04/09 19:40:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2011/03/14 16:30:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/07/25 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FrostWire
[2010/12/28 08:07:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo
[2011/08/08 19:33:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Grand Ages Rome
[2011/08/16 14:25:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gutscheinmieze
[2010/08/28 18:50:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2010/11/05 15:22:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Raptr
[2012/04/26 18:00:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Simply Super Software
[2011/06/13 17:58:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Software4u
[2012/01/20 15:54:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2011/10/15 09:49:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tropico 3
[2011/02/08 16:29:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Turbine
[2010/08/12 18:42:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\UFOAI
[2012/03/01 18:41:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2012/03/12 16:53:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wargaming
[2012/04/17 13:25:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\wargaming.net
[2012/04/29 10:39:48 | 000,000,000 | ---D | M] -- C:\ProgramData\aD28283NfNbH28283
[2010/08/03 17:09:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/11/24 19:43:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Artweaver
[2010/08/07 08:29:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Azureus
[2011/12/28 08:27:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Computer Updater
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/08/03 17:09:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/10/20 13:09:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\DSS
[2011/07/20 17:33:03 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2011/07/20 17:33:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2010/08/03 17:09:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/08/14 03:03:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2010/10/15 19:15:13 | 000,000,000 | ---D | M] -- C:\ProgramData\OfficeRecovery
[2010/10/24 19:23:29 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2010/08/12 18:22:37 | 000,000,000 | ---D | M] -- C:\ProgramData\ScreenSeven
[2012/04/26 18:00:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Simply Super Software
[2011/06/13 17:58:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Software4u
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/08/03 17:09:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/04/29 10:48:55 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/05/21 19:49:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2010/08/03 17:09:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/10/02 15:46:33 | 000,000,000 | -H-D | M] -- C:\ProgramData\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}
[2012/04/29 11:00:44 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
|
|
30.04.2012, 12:21
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner"Zahlungsauforderung Suisa" Startet Windows denn jetzt wieder normal oder zumindest im abgesicherten Modus?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2012, 16:52
| #9 |
| | Trojaner"Zahlungsauforderung Suisa" Nein, Windows funktioniert wieder normal. Mit Avira nen scan gemacht, sowie mit Trojan Remover und keiner zeigt was an. Die kleinen Lags sind auch weg. Scheint soweit alles in Ordnung zu sein. Grüessli bstli |
|
01.05.2012, 17:17
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner"Zahlungsauforderung Suisa" Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2012, 20:46
| #11 |
| | Trojaner"Zahlungsauforderung Suisa" Ok, hier sind die zwei logs Malwarebytes Code:
ATTFilter Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: BSTLI-PC [Administrator]
Schutz: Aktiviert
01.05.2012 18:30:27
mbam-log-2012-05-01 (18-30-27).txt
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 600481
Laufzeit: 58 Minute(n), 39 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{tlMe4VA9-8LXI-r4nq-LmM7-2PRL0gJFErMy} (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=af8936f8ee898d43ac56c162b0ddd2cc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-01 07:39:40
# local_time=2012-05-01 09:39:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 184559 72431457 182727 0
# compatibility_mode=5892 16776573 100 56 7321 173418507 0 0
# compatibility_mode=8192 67108863 100 0 137 137 0 0
# scanned=407412
# found=7
# cleaned=0
# scan_time=6578
C:\da.bat BAT/Agent.NGP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\18f6189c-6742b718 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18166a7d-69530233 Java/Exploit.CVE-2011-3544.AV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\42aa27f-7dc5f1eb Java/Exploit.CVE-2011-3544.AV trojan (unable to clean) 00000000000000000000000000000000 I
D:\Programme\G-15\NM_Monitor_v3.0.0.6\NM_Monitor_v3.0.0.6.zip probably a variant of Win32/Agent.KEQDNNP trojan (unable to clean) 00000000000000000000000000000000 I
D:\Programme\G-15\NM_Monitor_v3.0.0.6\NM Monitor\nmmonitor.exe probably a variant of Win32/Agent.KEQDNNP trojan (unable to clean) 00000000000000000000000000000000 I
D:\Programme\G-15\SDK\NM_Monitor_v3.0.0.6\NM Monitor\nmmonitor.exe probably a variant of Win32/Agent.KEQDNNP trojan (unable to clean) 00000000000000000000000000000000 I
|
|
02.05.2012, 13:14
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner"Zahlungsauforderung Suisa"Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2012, 16:45
| #13 |
| | Trojaner"Zahlungsauforderung Suisa" Das ist ein App für den LCD-Monitor der G-15 Tastatur. Zeigt Auslastung des Pc an, Wetter, Verkehr, RSS, Mails u.s.w. Runtergeladen von der Seite Nuclear Media (hxxp://nuclear-media.net/). Ist schon länger drauf und laut G-15-Applets.de auch vertrauenswürdig. Nutze es aber seit 4 Monaten nicht mehr (andere Tastatur -> LCD-Host App) Grüessli bstli Geändert von bstli (02.05.2012 um 16:46 Uhr) Grund: Iwie geht verlinken nicht |
|
02.05.2012, 18:49
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner"Zahlungsauforderung Suisa" Ok, dann ist das eher ein Fehlalarm Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2012, 18:55
| #15 |
| | Trojaner"Zahlungsauforderung Suisa" Scheint wieder alles ok zu sein. Keine leeren Ordner oder dergleichen, der normale Modus funktioniert seinem Namen entsprechend. Die Lags sind weg, keine Fehlermeldungen von Avira,Malwarebytes oder Trojan Remover. Grüessli bstli |
|
| Themen zu Trojaner"Zahlungsauforderung Suisa" |
| abgesicherte, abgesicherten, abgesicherter, arten, desktop, erscheint, farbar, farbar recovery scan tool, funktionier, gen, gesperrt, laptop, meldung, meldungen, modus, nexus, normalen, probleme, starte, starten, stick, troja, trojaner, trojanerseite, usb, versucht, vista, warnmeldungen, windowsstart, zahlung |
Linear-Darstellung
