Bundespolizei Ukash Trojaner eingefangen!

Momoko1602 · 11.07.2012, 16:30

Hallo bin neu hier, habe mich etwas im Forum umgesehen und einiges zu dem Thema gefunden. Leider muss man hier zu jedem Thema ein eigenes aufmachen ich wollte euch nicht zuspamen

und in einem anderen Beitrag bereits etwas schreiben, ging leider nicht.
Auch ich habe diesen blöden Bildschirm mit diesem Bundespolizei Trojaner und solle bei Ukash Geld bezahlen. Ich habe mehrere Benutzer auf dem Laptop es hat einen Benutzer erwischt, die anderen Benutzer gehen jedoch. Das Internet funktioniert auch nicht mehr, bei keinem Benutzer. Habe zum Glück noch einen weiteren Laptop und kann mit dem die benötigten Programme die von euch vorgeschlagen wurden runterladen.

Ich habe mich in diesem Link
http://www.trojaner-board.de/118747-...-gesperrt.html durchgelesen und bin die dort Empfohlenen Schritte durchgegangen. Selbstverständlich habe ich auch den Thread durchgelesen, bevor ich ein Thema aufmache was Ihr für Daten und Texte benötigt.

Dell Laptop mit System Typ x64-based PC, Microsoft Windows 7 Professional

So hier meine Logs
Malwarebytes Log
:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.11.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
G* :: S*-PC [Administrator]

7/11/2012 3:46:34 PM
mbam-log-2012-07-11 (15-46-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 605220
Laufzeit: 1 Stunde(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\s*\AppData\Roaming\Ogub\moys.exe (Trojan.Phex.THAGen1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{edd24cf7-5fad-d56e-9e95-ee7e1f6ded46}\n (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{edd24cf7-5fad-d56e-9e95-ee7e1f6ded46}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\a*\0.08543126680331548.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Nach dem Scan und dem Verschieben in die Quarantäne hab ich die Datein dort gelöscht. Hoffe das war so richtig. Dazu muss ich sagen das Benutzer a* diese Meldung mit dem Ukash bekommt. Ich habe benutzer G* benutzt um die sämtlichen Programme laufen zu lassen um diese Logs zu erstellen.

OTL Log Datei
:

Code:

ATTFilter

 OTL logfile created on: 7/11/2012 4:55:53 PM - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\G*\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 79.65% Memory free
7.93 Gb Paging File | 7.07 Gb Available in Paging File | 89.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 121.22 Gb Total Space | 74.00 Gb Free Space | 61.05% Space Free | Partition Type: NTFS
Drive D: | 111.56 Gb Total Space | 26.28 Gb Free Space | 23.55% Space Free | Partition Type: NTFS
Drive H: | 14.89 Gb Total Space | 14.88 Gb Free Space | 99.88% Space Free | Partition Type: FAT32
 
Computer Name: S*-PC | User Name: G* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gökce\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Unlocker\UnlockerHook.dll ()
MOD - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (psdrv3) -- C:\Windows\SysNative\drivers\psdrv3.sys (Prime Sense Ltd.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (AVerFx2hbtv64) -- C:\Windows\SysNative\drivers\AVerFx2hbtv64.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (UnlockerDriver5) -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4093045049-4128428536-536913951-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0
IE - HKU\S-1-5-21-4093045049-4128428536-536913951-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4093045049-4128428536-536913951-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC 29 45 5B C2 22 CD 01  [binary data]
IE - HKU\S-1-5-21-4093045049-4128428536-536913951-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4093045049-4128428536-536913951-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/19 00:02:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/04/25 11:06:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G*\AppData\Roaming\Mozilla\Extensions
[2012/05/06 14:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/19 00:02:54 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.109.123.6 213.191.92.87
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{048324DE-F6AD-4B47-BF80-21790D01933E}: DhcpNameServer = 62.109.123.6 213.191.92.87
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/11 16:45:15 | 000,000,000 | ---D | C] -- C:\Users\G*\AppData\Roaming\IrfanView
[2012/07/11 15:56:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\G*\Desktop\OTL.exe
[2012/07/11 15:37:36 | 000,000,000 | ---D | C] -- C:\Users\G*\AppData\Roaming\Notepad++
[2012/07/11 15:18:26 | 000,000,000 | ---D | C] -- C:\Users\G*\AppData\Roaming\Malwarebytes
[2012/07/11 15:18:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/11 15:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/11 15:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/11 15:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/11 14:53:23 | 000,000,000 | ---D | C] -- C:\Users\G*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2012/07/11 14:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2012/07/11 14:47:25 | 000,000,000 | ---D | C] -- C:\Users\G*\AppData\Local\Diagnostics
[2012/07/11 14:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ccnmkbccozrusrs
[2012/07/11 11:06:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 11:06:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 11:06:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 11:06:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 11:06:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 11:06:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 11:06:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 11:06:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 11:06:27 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 11:06:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 11:06:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 11:06:27 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 11:06:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/10 22:13:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/10 22:13:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/10 22:13:50 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/10 22:13:48 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/10 22:13:48 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/08 23:34:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/07/08 20:17:01 | 000,096,256 | ---- | C] (Google, inc) -- C:\Windows\AdbWinApi.dll
[2012/07/08 20:17:01 | 000,060,928 | ---- | C] (Google, inc) -- C:\Windows\AdbWinUsbApi.dll
[2012/07/08 20:17:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\sleep.exe
[2012/07/08 20:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012/07/08 20:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012/07/08 20:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012/07/08 19:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2012/07/08 11:19:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/07 05:33:43 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012/07/03 00:09:05 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/25 16:04:24 | 001,394,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll
[2012/06/23 04:36:14 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/23 04:36:14 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/23 04:36:14 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/23 04:36:06 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/23 04:36:06 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/23 04:36:06 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/23 04:35:56 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/23 04:35:56 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/19 21:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenNI
[2012/06/19 20:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenNI
[2012/06/14 15:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimeSense
[2012/06/14 15:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrimeSense
[2012/06/14 15:19:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/06/12 22:35:29 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/12 22:35:29 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/12 22:35:29 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/12 22:35:25 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/12 22:35:22 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/12 22:35:22 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/12 22:35:17 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/12 22:35:09 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/12 22:35:08 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/11 17:00:20 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 17:00:20 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 16:58:51 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/11 16:58:51 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/11 16:58:51 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/11 16:53:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/11 16:53:03 | 3193,581,568 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/11 15:57:12 | 000,000,000 | ---- | M] () -- C:\Users\G*\defogger_reenable
[2012/07/11 15:55:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\G*\Desktop\OTL.exe
[2012/07/11 15:54:52 | 000,050,477 | ---- | M] () -- C:\Users\G*\Desktop\Defogger.exe
[2012/07/11 15:36:17 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/11 14:53:23 | 000,001,184 | ---- | M] () -- C:\Users\G*\Desktop\QuickStores.lnk
[2012/07/11 14:53:23 | 000,001,184 | ---- | M] () -- C:\Users\G*\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
[2012/07/11 14:49:06 | 000,802,113 | ---- | M] () -- C:\Users\G*\Desktop\Unlocker1.9.1.exe
[2012/07/11 14:18:55 | 000,000,051 | ---- | M] () -- C:\ProgramData\isrxlbzpajdzebg
[2012/07/11 14:18:51 | 000,065,536 | ---- | M] () -- C:\ProgramData\rzveattt.exe
[2012/07/11 11:27:35 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/08 23:34:24 | 623,047,350 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/08 11:21:30 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012/07/03 00:03:40 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/03 00:03:40 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/25 16:04:24 | 001,394,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll
 
========== Files Created - No Company Name ==========
 
[2012/07/11 16:53:26 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{edd24cf7-5fad-d56e-9e95-ee7e1f6ded46}\U\00000008.@
[2012/07/11 15:57:12 | 000,000,000 | ---- | C] () -- C:\Users\G*\defogger_reenable
[2012/07/11 15:56:35 | 000,050,477 | ---- | C] () -- C:\Users\G*\Desktop\Defogger.exe
[2012/07/11 15:18:19 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/11 14:53:23 | 000,001,184 | ---- | C] () -- C:\Users\G*\Desktop\QuickStores.lnk
[2012/07/11 14:53:23 | 000,001,184 | ---- | C] () -- C:\Users\G*\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
[2012/07/11 14:52:22 | 000,802,113 | ---- | C] () -- C:\Users\G*\Desktop\Unlocker1.9.1.exe
[2012/07/11 14:18:55 | 000,065,536 | ---- | C] () -- C:\ProgramData\rzveattt.exe
[2012/07/11 14:18:52 | 000,000,051 | ---- | C] () -- C:\ProgramData\isrxlbzpajdzebg
[2012/07/08 20:17:01 | 000,410,942 | ---- | C] () -- C:\Windows\adb.exe
[2012/07/08 20:17:01 | 000,401,408 | ---- | C] () -- C:\Windows\wget.exe
[2012/07/08 20:17:01 | 000,356,009 | ---- | C] () -- C:\Windows\fastboot.exe
[2012/07/08 20:17:01 | 000,063,488 | ---- | C] () -- C:\Windows\md5sum.exe
[2012/07/08 11:13:22 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012/07/03 00:03:27 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{edd24cf7-5fad-d56e-9e95-ee7e1f6ded46}\U\80000000.@
[2012/07/03 00:03:22 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{edd24cf7-5fad-d56e-9e95-ee7e1f6ded46}\U\80000032.@
[2012/07/03 00:03:22 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{edd24cf7-5fad-d56e-9e95-ee7e1f6ded46}\U\80000064.@
[2012/07/03 00:03:22 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{edd24cf7-5fad-d56e-9e95-ee7e1f6ded46}\L\00000004.@
[2012/07/03 00:03:20 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{edd24cf7-5fad-d56e-9e95-ee7e1f6ded46}\U\00000004.@
[2012/07/03 00:03:20 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{edd24cf7-5fad-d56e-9e95-ee7e1f6ded46}\U\000000cb.@
[2012/03/24 22:45:26 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012/03/23 22:31:46 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/22 04:54:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/21 22:30:29 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{edd24cf7-5fad-d56e-9e95-ee7e1f6ded46}\@

< End of report >

Und hier die Extras Log Datei
:

Code:

ATTFilter

OTL Extras logfile created on: 7/11/2012 4:55:53 PM - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\G*\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 79.65% Memory free
7.93 Gb Paging File | 7.07 Gb Available in Paging File | 89.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 121.22 Gb Total Space | 74.00 Gb Free Space | 61.05% Space Free | Partition Type: NTFS
Drive D: | 111.56 Gb Total Space | 26.28 Gb Free Space | 23.55% Space Free | Partition Type: NTFS
Drive H: | 14.89 Gb Total Space | 14.88 Gb Free Space | 99.88% Space Free | Partition Type: FAT32
 
Computer Name: S*-PC | User Name: G* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4093045049-4128428536-536913951-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2FC728C0-7352-4D42-9053-F239F32A2049}" = TortoiseGit 1.7.9.0 (64 bit)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x64
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{D2D22BEE-B7F1-49D0-9ED6-86D0B2CEDFAD}" = TortoiseSVN 1.7.6.22632 (64 bit)
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D9DF0B85-BEC1-439F-ABFE-76C386A69A05}" = Oracle VM VirtualBox 4.1.12
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"306D8A3B302B0969C2826C7D167B3BBB394FC100" = Windows Driver Package - PrimeSense (psdrv3) PrimeSense  (05/22/2012 3.1.3.1)
"F51BEF9C0C3A82026BF1EBA9F1F5F08EFF1BE870" = Windows Driver Package - PrimeSense (psdrv3) PrimeSense  (11/21/2011 3.1.3.1)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"RealVNCViewer_is1" = VNC Viewer 5.0.0
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E04CBF0-C4C0-4D3D-8E53-C250CC748D80}" = PrimeSense Sensor KinectMod 5.1.2.1 for Windows
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5C9530C0-957F-4CC4-ADA9-A7195BD9394C}" = AGEIA GAME System Software 2.8.0
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{706CA74B-10AD-49FB-B812-8E3BFBAB09A4}" = NVIDIA Direct3D SDK 11
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{1C28A416-C62F-4135-B564-4657287097C7}" = 
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B20F89B2-FE51-443A-85A7-32CF8C555655}" = OpenNI 1.5.4.0 for Windows
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Android SDK Tools" = Android SDK Tools
"Cg Toolkit_is1" = NVIDIA Cg Toolkit 3.1 February 2012
"DAEMON Tools Lite" = DAEMON Tools Lite
"FileZilla Client" = FileZilla Client 3.2.7.1
"Fraps" = Fraps (remove only)
"Git_is1" = Git version 1.7.10-preview20120409
"IrfanView" = IrfanView (remove only)
"Kong_is1" = Kong version 1.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft DirectX SDK (February 2010)" = Microsoft DirectX SDK (February 2010)
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA Tegra Android Developer Pack 1.0" = NVIDIA Tegra Android Developer Pack 1.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/18/2012 5:48:17 PM | Computer Name = sahin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "D:\Development\DepthSensor\OpenNi\Samples\Bin\Debug\NiHandTracker.exe".
Dependent
 Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 6/18/2012 5:48:23 PM | Computer Name = sahin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "D:\Development\DepthSensor\OpenNi\Samples\Bin\Debug\NiCRead.exe".
Dependent
 Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 6/18/2012 5:48:27 PM | Computer Name = s*-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "D:\Development\DepthSensor\OpenNi\Samples\Bin\Debug\NiRecordRaw.exe".
Dependent
 Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 6/18/2012 5:48:28 PM | Computer Name = s*-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "D:\Development\DepthSensor\OpenNi\Samples\Bin\Debug\NiUserTracker.exe".
Dependent
 Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 6/18/2012 5:49:18 PM | Computer Name = s*-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
 Visual Studio 10.0\Common7\IDE\Remote Debugger\ia64\msvsmon.exe".  Dependent Assembly
 Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 6/19/2012 2:46:38 PM | Computer Name = s*-PC | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 6/19/2012 2:53:53 PM | Computer Name = s*-PC | Source = Application Error | ID = 1000
Description = Faulting application name: S-D-Game.exe, version: 0.0.0.0, time
 stamp: 0x4fe0ca0e  Faulting module name: wrap_oal.dll, version: 2.2.0.5, time stamp:
 0x4a25c811  Exception code: 0x40000015  Fault offset: 0x000483a1  Faulting process id:
 0x10b8  Faulting application start time: 0x01cd4e4cdd3c0b8e  Faulting application path:
 D:\Development\Projects\S-D-NextGen\trunk\bin\win32\S-D-Game.exe  Faulting
 module path: C:\Windows\system32\wrap_oal.dll  Report Id: 1d247ccd-ba40-11e1-97e6-002219f65bdc
 
Error - 7/2/2012 5:33:51 PM | Computer Name = s*-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
 Visual Studio 10.0\Common7\IDE\Remote Debugger\ia64\msvsmon.exe".  Dependent Assembly
 Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 7/8/2012 5:30:51 AM | Computer Name = s*-PC | Source = Windows Search Service Profile Notification | ID = 2
Description = 
 
Error - 7/8/2012 2:14:43 PM | Computer Name = s*-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Application or service 'Internet Pass-Through Service' could not be
 restarted.
 
[ Media Center Events ]
Error - 5/19/2012 8:35:05 PM | Computer Name = s*-PC | Source = MCUpdate | ID = 0
Description = 2:35:05 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/20/2012 4:13:02 AM | Computer Name = s*-PC | Source = MCUpdate | ID = 0
Description = 10:12:56 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/20/2012 5:13:32 AM | Computer Name = s*-PC | Source = MCUpdate | ID = 0
Description = 11:13:26 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/20/2012 6:13:58 PM | Computer Name = s*-PC | Source = MCUpdate | ID = 0
Description = 12:13:52 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/22/2012 9:59:49 AM | Computer Name = s*-PC | Source = MCUpdate | ID = 0
Description = 3:59:48 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/23/2012 6:01:24 PM | Computer Name = s*-PC | Source = MCUpdate | ID = 0
Description = 12:01:24 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/24/2012 6:45:56 PM | Computer Name = s*-PC | Source = MCUpdate | ID = 0
Description = 12:45:56 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/25/2012 8:53:00 PM | Computer Name = s*-PC | Source = MCUpdate | ID = 0
Description = 2:53:00 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/26/2012 6:14:28 AM | Computer Name = s*-PC | Source = MCUpdate | ID = 0
Description = 12:14:23 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/27/2012 12:14:13 AM | Computer Name = s*-PC | Source = MCUpdate | ID = 0
Description = 6:14:13 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
[ System Events ]
Error - 7/11/2012 10:53:10 AM | Computer Name = s*-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
 timeout period. This may indicate that there is an error in the EC hardware or 
firmware or that the BIOS is accessing the EC incorrectly. You should check with
 your computer manufacturer for an upgraded BIOS. In some situations, this error
 may cause the computer to function incorrectly.
 
Error - 7/11/2012 10:53:12 AM | Computer Name = s*-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 7/11/2012 10:53:12 AM | Computer Name = s*-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 7/11/2012 10:53:14 AM | Computer Name = s*-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
 service: BFE. This service might not be installed.
 
Error - 7/11/2012 10:53:14 AM | Computer Name = s*-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
 This service might not be installed.
 
Error - 7/11/2012 10:53:14 AM | Computer Name = s*-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
 the following error:   %%-2147024891
 
Error - 7/11/2012 10:53:18 AM | Computer Name = s*-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error: 
  %%1060
 
Error - 7/11/2012 10:54:06 AM | Computer Name = s*-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 7/11/2012 10:54:22 AM | Computer Name = s*-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
 the following error:   %%-2147024891
 
Error - 7/11/2012 10:54:22 AM | Computer Name = s*-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
 Publication service which failed to start because of the following error:   %%-2147024891
 
 
< End of report >

Zu guter letzt die Install Text Datei
:

Code:

ATTFilter

 7-Zip 9.20 (x64 edition)	Igor Pavlov	4/4/2012	4.53MB	9.20.00.0
Adobe AIR	Adobe Systems Incorporated	3/31/2012		3.1.0.4880
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	7/3/2012	6.00MB	11.3.300.257
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	6/23/2012	6.00MB	11.3.300.262
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	4/10/2012	121MB	10.1.3
AGEIA GAME System Software 2.8.0	AGEIA Technologies, Inc.	4/22/2012	10.5MB	2.8.0
Android SDK Tools	Google Inc.	7/8/2012		1.16
CCleaner	Piriform	6/22/2012		3.20
DAEMON Tools Lite	DT Soft Ltd	3/23/2012		4.45.3.0297
Dell Touchpad	Synaptics Incorporated	3/24/2012		14.0.2.0
FileZilla Client 3.2.7.1		3/28/2012		3.2.7.1
Fraps (remove only)		4/4/2012		
Git version 1.7.10-preview20120409		5/16/2012	76.4MB	1.7.10-preview20120409
HTC Driver Installer	HTC Corporation	7/8/2012	1.87MB	3.0.0.007
IDT Audio	IDT	3/22/2012		1.0.6267.0
IrfanView (remove only)	Irfan Skiljan	4/3/2012	1.50MB	4.32
Java(TM) 6 Update 31	Oracle	4/9/2012	95.1MB	6.0.310
JDownloader 0.9	AppWork GmbH	4/9/2012		0.9
Kong version 1.1.0		4/22/2012		
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	7/11/2012	18.0MB	1.61.0.1400
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	3/23/2012	38.8MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	3/23/2012	51.9MB	4.0.30319
Microsoft .NET Framework 4 Multi-Targeting Pack	Microsoft Corporation	3/23/2012	83.4MB	4.0.30319
Microsoft DirectX SDK (February 2010)	Microsoft Corporation	3/23/2012		9.28.1886.0
Microsoft Help Viewer 1.1	Microsoft Corporation	3/24/2012	3.97MB	1.1.40219
Microsoft Office Professional Plus 2010	Microsoft Corporation	3/24/2012		14.0.6029.1000
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	4/4/2012	1.69MB	3.1.0000
Microsoft SQL Server 2008 R2 Data-Tier Application Framework	Microsoft Corporation	3/24/2012	5.54MB	10.50.1750.9
Microsoft SQL Server 2008 R2 Data-Tier Application Project	Microsoft Corporation	3/24/2012	11.8MB	10.50.1750.9
Microsoft SQL Server 2008 R2 Management Objects	Microsoft Corporation	3/24/2012	12.4MB	10.50.1750.9
Microsoft SQL Server 2008 R2 Management Objects (x64)	Microsoft Corporation	3/24/2012	6.24MB	10.50.1750.9
Microsoft SQL Server 2008 R2 Transact-SQL Language Service	Microsoft Corporation	3/24/2012	6.73MB	10.50.1750.9
Microsoft SQL Server Compact 3.5 SP2 ENU	Microsoft Corporation	3/23/2012	3.39MB	3.5.8080.0
Microsoft SQL Server Compact 3.5 SP2 x64 ENU	Microsoft Corporation	3/23/2012	4.51MB	3.5.8080.0
Microsoft SQL Server Database Publishing Wizard 1.4	Microsoft Corporation	3/23/2012	10.1MB	10.1.2512.8
Microsoft SQL Server System CLR Types	Microsoft Corporation	3/24/2012	930KB	10.50.1750.9
Microsoft SQL Server System CLR Types (x64)	Microsoft Corporation	3/24/2012	846KB	10.50.1750.9
Microsoft Sync Framework Runtime v1.0 SP1 (x64)	Microsoft Corporation	3/23/2012	1.00MB	1.0.3010.0
Microsoft Sync Framework SDK v1.0 SP1	Microsoft Corporation	3/23/2012	29.6MB	1.0.3010.0
Microsoft Sync Framework Services v1.0 SP1 (x64)	Microsoft Corporation	3/23/2012	2.84MB	1.0.3010.0
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)	Microsoft Corporation	3/23/2012	541KB	2.0.3010.0
Microsoft Team Foundation Server 2010 Object Model - ENU	Microsoft Corporation	3/24/2012		10.0.40219
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	3/25/2012	300KB	8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	3/31/2012	706KB	8.0.61000
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974	Microsoft Corporation	3/23/2012	599KB	9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	3/23/2012	600KB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319	Microsoft Corporation	3/23/2012	272KB	10.0.30319
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219	Microsoft Corporation	3/24/2012	33.4MB	10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219	Microsoft Corporation	3/24/2012	26.3MB	10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools	Microsoft Corporation	3/24/2012	33.4MB	10.0.40219
Microsoft Visual Studio 2010 IntelliTrace Collection (x64)	Microsoft Corporation	3/24/2012	832KB	10.0.40219
Microsoft Visual Studio 2010 Service Pack 1	Microsoft Corporation	3/24/2012	75.9MB	10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)	Microsoft Corporation	3/24/2012		10.0.31007
Microsoft Visual Studio 2010 Ultimate - ENU	Microsoft Corporation	3/23/2012		10.0.30319
Microsoft Visual Studio Macro Tools	Microsoft Corporation	3/23/2012		9.0.30729
Mozilla Firefox 13.0.1 (x86 de)	Mozilla	6/19/2012	150MB	13.0.1
Mozilla Maintenance Service	Mozilla	6/19/2012	309KB	13.0.1
MSXML 4.0 SP3 Parser	Microsoft Corporation	3/31/2012	1.47MB	4.30.2100.0
MSXML 4.0 SP3 Parser (KB2721691)	Microsoft Corporation	7/11/2012	1.53MB	4.30.2114.0
MSXML 4.0 SP3 Parser (KB973685)	Microsoft Corporation	4/1/2012	1.53MB	4.30.2107.0
Notepad++		3/23/2012		5.9.8
NVIDIA Cg Toolkit 3.1 February 2012	NVIDIA Corporation	4/3/2012	85.5MB	
NVIDIA Direct3D SDK 11		3/24/2012		10.10
NVIDIA Tegra Android Developer Pack 1.0	NVIDIA Corporation	3/24/2012	1.87GB	1.0
OpenAL		3/28/2012		
OpenNI 1.5.4.0 for Windows	PrimeSense	6/19/2012	62.1MB	1.5.4.0
Oracle VM VirtualBox 4.1.12	Oracle Corporation	4/2/2012	137MB	4.1.12
PlayReady PC Runtime amd64	Microsoft Corporation	4/25/2012	2.05MB	1.3.0
PrimeSense Sensor KinectMod 5.1.2.1 for Windows	PrimeSense	6/19/2012	5.82MB	5.1.2.1
Skype™ 5.9	Skype Technologies S.A.	4/20/2012	19.3MB	5.9.114
TortoiseGit 1.7.9.0 (64 bit)	TortoiseGit	5/16/2012	24.6MB	1.7.9.0
TortoiseSVN 1.7.6.22632 (64 bit)	TortoiseSVN	3/28/2012	52.2MB	1.7.22632
Unlocker 1.9.1	Cedrick Collomb	7/11/2012		1.9.1
Visual Studio 2010 Prerequisites - English	Microsoft Corporation	3/24/2012	23.1MB	10.0.40219
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU	Microsoft Corporation	3/23/2012	10.7MB	4.0.8080.0
Visual Studio Tools for the Office system 3.0 Runtime	Microsoft Corporation	4/8/2012		
VLC media player 2.0.1	VideoLAN	3/22/2012		2.0.1
VNC Viewer 5.0.0	RealVNC Ltd	6/9/2012	5.14MB	5.0.0
Windows Driver Package - PrimeSense (psdrv3) PrimeSense  (05/22/2012 3.1.3.1)	PrimeSense	6/19/2012		05/22/2012 3.1.3.1
Windows Driver Package - PrimeSense (psdrv3) PrimeSense  (11/21/2011 3.1.3.1)	PrimeSense	6/19/2012		11/21/2011 3.1.3.1
Windows Live Essentials	Microsoft Corporation	4/4/2012		15.4.3555.0308
WinRAR 4.11 (64-Bit)	win.rar GmbH	6/10/2012		4.11.0
µTorrent		4/9/2012		3.1.3

hoffe Habe nichts vergessen, wie gesagt bin den weg in dem obersten link gegangen wo der user kira geholfen hat bzw die schritte erklärt hat

liebe grüße
momoko1602

markusg · 11.07.2012, 19:16

hi
du hast das rootkit.zero access auf dem pc.
wenn du onlinebanking machst, bank anrufen, onlinebanking sperren lassen.
da dies ein gefährliches rootkit ist:
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:

deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
dann sichere Daten auf nen externen datenträger: http://www.trojaner-board.de/82533-d...ted-magic.html
Bilder, Dokumente, Musik Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neu instalieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
recovery cd oder recovery partition.
falls dies ein fertig pc ist, nenne hersteller + typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

Bundespolizei Ukash Trojaner eingefangen!

Log-Analyse und Auswertung: Bundespolizei Ukash Trojaner eingefangen!

Bundespolizei Ukash Trojaner eingefangen!

Bundespolizei Ukash Trojaner eingefangen!

Ähnliche Themen: Bundespolizei Ukash Trojaner eingefangen!