Bundespolizei Trojaner (Computer-Sperrung) - CH Version

Chemicus · 23.07.2012, 16:23

Hallo zusammen,

habe mir den Bundespolizei Trojaner eingefangen, welcher
http://www.trojaner-board.de/116052-...-gesperrt.html beschrieben wird, mit der einzigen Ausnahme, dass es sich um die Schweizer-Version davon handelt (links oben schweizer Wappen, rechts steht Schweizerische Eidgenossenschaft...etc. anstatt Bundespolizei).

Kann meinen Computer nur noch im abgesicherten Modus starten, ansonsten
tritt gleich nach Anmeldung besagte Sperrung auf.

Habe den defogger im abgesicherten Modus ausgeführt.
Anschliessend hab ich OTL.exe ausgeführt, hier die zwei gewünschten Files:

Zitat:

Zitat von OTL.txt

OTL logfile created on: 23.07.2012 16:58:04 - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\*******\Desktop

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19272)

Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

4.00 Gb Total Physical Memory | 3.37 Gb Available Physical Memory | 84.40% Memory free

8.17 Gb Paging File | 7.68 Gb Available in Paging File | 94.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 39.83 Gb Free Space | 8.55% Space Free | Partition Type: NTFS

Drive D: | 309.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 3.81 Gb Total Space | 0.68 Gb Free Space | 17.77% Space Free | Partition Type: FAT32

Computer Name: ******RITLE-PC | User Name: ****** ****** | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.23 16:31:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\****** ******\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012.06.27 12:42:45 | 000,935,008 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)

SRV - [2012.06.26 12:42:38 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012.06.23 12:20:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.06.21 18:10:31 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2012.01.18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech Webcam C210(UVC)

DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)

DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2011.10.03 16:41:58 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV:64bit: - [2009.08.15 19:53:27 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)

DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008.12.17 19:56:31 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)

DRV:64bit: - [2008.01.21 04:46:34 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2008.01.16 11:18:12 | 000,610,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Dr71WU.sys -- (RT73)

DRV:64bit: - [2006.10.10 04:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)

DRV - [2001.08.25 16:44:45 | 000,011,616 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (Secdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={D963E111-368E-464A-90D7-7B6E83E96EE5}&mid=c682c30038f847d696ccd14d0df3847a-d7f8af831fe1dff2f7425f611acab2fca486ba11&lang=de&ds=AVG&pr=fr&d=2012-06-27 12:42:46&v=11.1.0.12&sap=dsp&q={searchTerms}

IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.07.21 16:49:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.06.27 12:42:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.03 18:20:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.04 12:32:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 12:20:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 12:47:55 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 12:20:09 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 12:47:55 | 000,000,000 | ---D | M]

[2010.06.09 14:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****** ******\AppData\Roaming\mozilla\Extensions

[2010.06.09 14:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****** ******\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

[2012.05.02 20:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****** ******\AppData\Roaming\mozilla\Firefox\Profiles\v1ov691r.default\extensions

[2012.05.03 20:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.07.04 12:32:02 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK

[2012.06.27 12:42:47 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12

[2012.06.23 12:20:09 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.04.04 20:15:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.06.23 12:20:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.27 12:42:44 | 000,003,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2012.06.23 12:20:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.23 12:20:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.23 12:20:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.23 12:20:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.23 12:20:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found

O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()

O4 - HKCU..\Run: [pdopxokrwllrelh] C:\ProgramData\pdopxokr.exe ()

O4 - Startup: C:\Users\****** ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\****** ******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\****** ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\****** ******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****** ******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Free YouTube Download - C:\Users\****** ******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****** ******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found

O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O12 - Plugin for: .cdx - C:\Program Files (x86)\Internet Explorer\PLUGINS\Npcdp32.dll (CambridgeSoft.Com)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35ABC5A3-1723-44D4-A756-F301E3E24541}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A81ACED-8BDD-44C7-B482-A4D0FB774C3F}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8610D1D7-C4E1-49C0-A4FB-631EAF5277C6}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB2BC55D-2234-4F3E-B91E-A028A6EABA0E}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\****** ******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\****** ******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2002.08.13 13:07:30 | 000,000,126 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{20b0b2fd-c73a-11e0-afc2-00044b176d89}\Shell - "" = AutoRun

O33 - MountPoints2\{20b0b2fd-c73a-11e0-afc2-00044b176d89}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true

O33 - MountPoints2\{37a158a2-dcea-11de-8707-00044b176d89}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\whkelol.exe

O33 - MountPoints2\{37a158a2-dcea-11de-8707-00044b176d89}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\whkelol.exe

O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell - "" = AutoRun

O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell\applet\command - "" = E:\autorun\autorun.exe /s

O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell\AutoRun\command - "" = E:\autorun\autorun.exe

O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell\directx\command - "" = E:\dxsetup\dxinst.exe -iadv.ini

O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell\ereg\command - "" = E:\ereg\ereg32.exe

O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell\install\command - "" = E:\setup.exe

O33 - MountPoints2\{4fea5643-cc64-11dd-a2bd-00044b176d89}\Shell\readfile\command - "" = Notepad Readme.txt

O33 - MountPoints2\{7a0c5601-ba40-11dd-bd3b-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{7a0c5601-ba40-11dd-bd3b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2002.09.25 04:45:06 | 000,536,673 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{7a0c5601-ba40-11dd-bd3b-806e6f6e6963}\Shell\setup\command - "" = D:\SETUP.EXE -- [2002.09.25 04:45:06 | 000,536,673 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{85daf5c9-a05c-11de-a1f3-00044b176d89}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\SanDisk-Games.exe

O33 - MountPoints2\{badba9eb-b0f4-11de-adee-00044b176d89}\Shell\AutoRun\command - "" = E:\

O33 - MountPoints2\{badba9eb-b0f4-11de-adee-00044b176d89}\Shell\open\Command - "" = rundll32.exe .\\craxdrj.dll,InstallM

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.23 16:55:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\****** ******\Desktop\OTL.exe

[2012.07.22 17:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\oqixfbsvwgaqphc

[2012.07.21 16:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2012.06.26 19:23:28 | 000,000,000 | ---D | C] -- C:\Users\****** ******\Documents\Sniper - Ghost Warrior

[2012.06.26 13:08:16 | 000,000,000 | ---D | C] -- C:\Users\****** ******\Documents\Activision

========== Files - Modified Within 30 Days ==========

[2012.07.23 16:50:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.23 16:48:14 | 000,000,020 | ---- | M] () -- C:\Users\****** ******\defogger_reenable

[2012.07.23 16:43:44 | 001,418,632 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.07.23 16:43:44 | 000,617,456 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.07.23 16:43:44 | 000,586,568 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.07.23 16:43:44 | 000,122,258 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.07.23 16:43:44 | 000,100,640 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.07.23 16:36:32 | 000,049,462 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.07.23 16:36:25 | 000,004,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.23 16:36:24 | 000,004,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.23 16:31:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\****** ******\Desktop\OTL.exe

[2012.07.23 16:29:02 | 000,050,477 | ---- | M] () -- C:\Users\****** ******\Desktop\Defogger.exe

[2012.07.22 20:55:21 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1BDA6233-D7C4-46FA-AFB5-4F274FD54CC2}.job

[2012.07.22 20:54:27 | 000,049,462 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.07.22 17:20:00 | 000,001,356 | ---- | M] () -- C:\Users\****** ******\AppData\Local\d3d9caps.dat

[2012.07.22 17:03:52 | 000,000,051 | ---- | M] () -- C:\ProgramData\rieouguaoxjrkik

[2012.07.22 17:03:49 | 000,053,248 | ---- | M] () -- C:\ProgramData\pdopxokr.exe

[2012.07.22 17:03:49 | 000,053,248 | ---- | M] () -- C:\Users\****** ******\0.2660351577085618.exe

[2012.07.22 12:49:52 | 101,926,143 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012.07.21 17:59:31 | 000,372,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.07.21 16:49:45 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[2012.07.08 20:54:31 | 000,281,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012.07.08 20:54:31 | 000,281,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012.07.08 20:53:53 | 000,215,152 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012.07.08 17:50:12 | 000,000,943 | ---- | M] () -- C:\Users\****** ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

[2012.07.05 18:05:55 | 000,505,000 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2012.06.27 12:42:32 | 000,625,911 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm

[2012.06.26 12:42:38 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== Files Created - No Company Name ==========

[2012.07.23 16:48:14 | 000,000,020 | ---- | C] () -- C:\Users\****** ******\defogger_reenable

[2012.07.23 16:47:13 | 000,050,477 | ---- | C] () -- C:\Users\****** ******\Desktop\Defogger.exe

[2012.07.23 16:36:56 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\00000008.@

[2012.07.23 16:36:55 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000032.@

[2012.07.23 16:36:55 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000064.@

[2012.07.23 16:36:55 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\80000000.@

[2012.07.23 16:36:54 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\00000004.@

[2012.07.23 16:36:54 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\U\000000cb.@

[2012.07.22 17:03:52 | 000,053,248 | ---- | C] () -- C:\ProgramData\pdopxokr.exe

[2012.07.22 17:03:49 | 000,053,248 | ---- | C] () -- C:\Users\****** ******\0.2660351577085618.exe

[2012.07.22 17:03:49 | 000,000,051 | ---- | C] () -- C:\ProgramData\rieouguaoxjrkik

[2012.07.08 17:50:12 | 000,000,943 | ---- | C] () -- C:\Users\****** ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

[2012.07.05 20:01:37 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\L\00000004.@

[2012.04.11 23:05:29 | 011,454,800 | ---- | C] () -- C:\Users\****** ******\ts3_recording_12_04_11_23_5_28.wav

[2012.04.11 22:57:18 | 016,164,560 | ---- | C] () -- C:\Users\****** ******\ts3_recording_12_04_11_22_57_11.wav

[2012.04.02 21:33:13 | 000,000,178 | ---- | C] () -- C:\Windows\dievölkergold.ini

[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2012.01.11 12:22:03 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\@

[2012.01.11 12:22:03 | 000,002,048 | -HS- | C] () -- C:\Users\****** ******\AppData\Local\{4b3459c2-6769-12be-0e57-b3c2f865d0ba}\@

[2010.12.25 20:46:58 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll

[2010.12.25 20:46:58 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll

[2010.10.09 15:29:15 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll

[2010.08.10 17:50:29 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2010.03.14 23:01:01 | 000,017,408 | ---- | C] () -- C:\Users\****** ******\AppData\Local\WebpageIcons.db

[2010.02.04 19:28:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009.05.11 18:23:12 | 000,049,462 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009.05.11 18:23:12 | 000,049,462 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009.01.23 21:28:44 | 000,001,356 | ---- | C] () -- C:\Users\****** ******\AppData\Local\d3d9caps.dat

[2008.12.05 19:41:11 | 000,191,488 | ---- | C] () -- C:\Users\****** ******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.11.24 18:06:13 | 000,000,732 | ---- | C] () -- C:\Users\****** ******\AppData\Local\d3d9caps64.dat

========== LOP Check ==========

[2009.03.04 17:40:47 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\.tswebeditor

[2012.06.08 13:14:40 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\AVG

[2012.06.08 12:08:35 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\AVG2012

[2011.09.07 16:23:45 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\Canon

[2012.03.21 22:44:41 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\CCDC

[2008.12.17 20:00:11 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\DAEMON Tools

[2009.08.08 16:37:46 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\DAEMON Tools Lite

[2008.12.17 20:00:11 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\DAEMON Tools Pro

[2012.07.22 20:54:28 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\Dropbox

[2011.07.24 16:03:01 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\DVDVideoSoft

[2011.03.04 20:12:18 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.05.13 20:47:37 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\FileZilla

[2012.05.10 15:22:27 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\Leadertech

[2010.01.28 16:05:09 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\MPEG Streamclip

[2011.09.18 18:44:50 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\Origin

[2009.11.04 18:47:50 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\SPORE

[2012.04.24 21:15:27 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\TS3Client

[2009.02.22 13:12:53 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\TuneUp Software

[2010.03.03 19:10:08 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\Ubisoft

[2010.11.14 20:58:30 | 000,000,000 | ---D | M] -- C:\Users\****** ******\AppData\Roaming\Wuala

[2012.07.23 16:38:43 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.07.22 20:55:21 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1BDA6233-D7C4-46FA-AFB5-4F274FD54CC2}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Zitat:

Zitat von Extras

OTL Extras logfile created on: 23.07.2012 16:58:04 - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\****** ******\Desktop

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19272)

Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

4.00 Gb Total Physical Memory | 3.37 Gb Available Physical Memory | 84.40% Memory free

8.17 Gb Paging File | 7.68 Gb Available in Paging File | 94.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 39.83 Gb Free Space | 8.55% Space Free | Partition Type: NTFS

Drive D: | 309.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 3.81 Gb Total Space | 0.68 Gb Free Space | 17.77% Space Free | Partition Type: FAT32

Computer Name: *********-PC | User Name: ****** ****** | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]

"VistaSp2" = 08 C4 AE F8 D0 D7 CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012

"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"AVG" = AVG 2012

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch

"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable

"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1

"{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{48B51112-BA23-42F9-AB81-7CC9F7A6E99A}" = tsWebEditor 20060920

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4DDAF49F-500E-404F-9894-D5F005B8FA4E}" = SpinWorks_3

"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galaktische Abenteuer

"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{770103E9-E1C3-48C9-812B-2982C7070575}_is1" = Pazera Free MOV to AVI Converter 1.4

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B63B2922B174135AFC0E1377DD81EC2}" =

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme

"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{941F9BA8-06F6-42FD-AB91-CFB99B5E13BF}" = Fallout

"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3

"{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™

"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9

"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{BE16CD3F-FE02-42CD-8F0B-00FB1214AA89}" = ChemOffice Ultra 7.0

"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties

"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold

"{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)

"{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}" = Ultima Online: Mondain's Legacy

"{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F6BECFE0-74CE-11D5-B8A3-00B0D0D26B88}" = Sony Net MD Help

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Age of Empires" = Microsoft Age of Empires

"Age of Empires 2.0" = Microsoft Age of Empires II

"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion

"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion

"Age of Wonders Shadow Magic" = Age of Wonders Shadow Magic

"AoWSM_UPatch" = AoW...

"Biolab_is1" = Biolab ´07

"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"Chemicus II_is1" = Chemicus II

"Chemicus_is1" = Chemicus

"conduitEngine" = Conduit Engine

"'Das Achte Weltwunder'" = 'Das Achte Weltwunder'

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup" = DivX-Setup

"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Fallout Tactics" = Fallout Tactics

"Fallout2" = Fallout2

"FileZilla Client" = FileZilla Client 3.5.1

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7

"Free YouTube Download_is1" = Free YouTube Download version 2.10.31

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722

"Guild Wars" = GUILD WARS

"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch

"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs

"InstallShield_{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch

"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch

"InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch

"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III

"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch

"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch

"InstallShield_{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch

"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch

"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties

"InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch

"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)

"InstallShield_{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"Mercury 3.0" = Mercury

"mIRC" = mIRC

"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0

"Origin" = Origin

"Physicus II_is1" = Physicus II ´07

"Physikus_is1" = Physikus ´07

"PunkBusterSvc" = PunkBuster Services

"PyMOL" = PyMOL

"Robin Hood - Die Legende von Sherwood" = Robin Hood - Die Legende von Sherwood

"Steam App 10180" = Call of Duty: Modern Warfare 2

"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer

"Steam App 22380" = Fallout: New Vegas

"Steam App 34830" = Sniper: Ghost Warrior

"Steam App 42680" = Call of Duty: Modern Warfare 3

"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer

"Steam App 42700" = Call of Duty: Black Ops

"Steam App 42710" = Call of Duty: Black Ops - Multiplayer

"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server

"Steam App 6850" = Hitman 2: Silent Assassin

"Steam App 6860" = Hitman: Blood Money

"Steam App 6900" = Hitman: Codename 47

"Steam App 72850" = The Elder Scrolls V: Skyrim

"Steam App 91310" = Dead Island

"SystemRequirementsLab" = System Requirements Lab

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Two Worlds" = Two Worlds

"Two Worlds II" = Two Worlds II

"Uninstall_is1" = Uninstall 1.0.0.1

"UnityWebPlayer" = Unity Web Player

"VLC media player" = VideoLAN VLC media player 0.8.6d

"WinRAR archiver" = WinRAR Archivierer

"Zoo Tycoon 1.0" = Zoo Tycoon-Erweiterungen

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 05.02.2011 14:32:22 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

Error - 05.02.2011 14:58:16 | Computer Name = *********-PC | Source = Application Hang | ID = 1002

Description = Programm BlackOps.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows

zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

zu suchen. Prozess-ID: ce0 Anfangszeit: 01cbc5668a7e88b7 Zeitpunkt der Beendigung:

144

Error - 06.02.2011 07:30:46 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

Error - 06.02.2011 10:25:12 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

Error - 06.02.2011 12:41:25 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

Error - 06.02.2011 13:41:22 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

Error - 07.02.2011 06:59:32 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

Error - 07.02.2011 14:43:05 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

Error - 07.02.2011 16:48:48 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

Error - 08.02.2011 08:03:57 | Computer Name = *********-PC | Source = WinMgmt | ID = 10

Description =

[ OSession Events ]

Error - 24.03.2010 17:17:25 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3209

seconds with 1860 seconds of active time. This session ended with a crash.

Error - 28.03.2010 12:14:07 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3777

seconds with 2580 seconds of active time. This session ended with a crash.

Error - 30.03.2010 15:26:13 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1681

seconds with 900 seconds of active time. This session ended with a crash.

Error - 11.09.2011 15:52:57 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2759

seconds with 1140 seconds of active time. This session ended with a crash.

Error - 07.12.2011 18:43:27 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6872

seconds with 4260 seconds of active time. This session ended with a crash.

Error - 15.01.2012 17:48:32 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12037

seconds with 2460 seconds of active time. This session ended with a crash.

Error - 15.01.2012 17:48:51 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9

seconds with 0 seconds of active time. This session ended with a crash.

Error - 15.01.2012 17:49:01 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0

seconds with 0 seconds of active time. This session ended with a crash.

Error - 15.01.2012 19:23:21 | Computer Name = *********-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5654

seconds with 2280 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 23.07.2012 10:51:15 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 23.07.2012 10:51:15 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 23.07.2012 10:51:15 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 23.07.2012 10:51:15 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 23.07.2012 10:51:15 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 23.07.2012 10:51:15 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 23.07.2012 10:51:15 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 23.07.2012 10:51:15 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 23.07.2012 10:51:17 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 23.07.2012 10:51:19 | Computer Name = *********-PC | Source = Service Control Manager | ID = 7001

Description =

[ TuneUp Events ]

Error - 08.06.2009 06:48:10 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 08.06.2009 12:14:08 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 08.06.2009 12:14:33 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 08.06.2009 12:14:58 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 09.06.2009 06:44:17 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 10.06.2009 06:49:32 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 13.06.2009 13:06:47 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 13.06.2009 13:07:17 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 13.06.2009 13:07:42 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

Error - 01.07.2009 13:54:37 | Computer Name = *********-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

< End of report >

Es handelt sich um ein 64bit System, also habe ich keinen Gwer scan gemacht.

Bevor die Sperrung auftrat hat mein Antivirusprogramm (AVG free edition) schon Trojaner gemeldet (das war irgendwas mit Patch_c. --> Endung weiss ich nicht mehr, in einer system Datei in WINDOWS).
Ausserdem hab ich nach der Sperrung einerseits einen AVG Scan im abgesicherten Modus durchgeführt und 2. aus Panik meine Daten zu verlieren, ein paar Bilder vom Computer auf eine externe Festplatte kopiert (aus dem abgesicherten Modus). War das ein Fehler? Bzw. können auch die Bilder infiziert sein? und soll ich diese einfach von der externen Festplatte löschen oder kann ich sie behalten?

Vielen Dank im Vorraus,

mit freundlichen Grüssen,
Chemicus

Bundespolizei Trojaner (Computer-Sperrung) - CH Version

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner (Computer-Sperrung) - CH Version

Bundespolizei Trojaner (Computer-Sperrung) - CH Version

Ähnliche Themen: Bundespolizei Trojaner (Computer-Sperrung) - CH Version