Trace.Registry.trojan-dropper.win32.inject!E1 entfernen

OTL logfile created on: 15.08.2012 11:18:58 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Windows666\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,49 Mb Total Physical Memory | 501,03 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 0,50 Gb Available in Paging File | 24,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 78,73 Gb Free Space | 26,42% Space Free | Partition Type: NTFS
Drive D: | 101,94 Mb Total Space | 10,66 Mb Free Space | 10,46% Space Free | Partition Type: NTFS
Drive E: | 186,21 Gb Total Space | 41,39 Gb Free Space | 22,23% Space Free | Partition Type: NTFS
 
Computer Name: WINDOWS666-PC | User Name: Windows666 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Windows666\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Programme\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\prevhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe (Ashampoo Development GmbH & Co. KG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AAMWService) -- C:\Programme\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AAMW_WSC_Service_Vista) -- C:\Programme\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_Vista.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vgwshzyh) -- C:\Windows\system32\drivers\vgwshzyh.sys File not found
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (qhldfvgp) -- C:\Windows\system32\drivers\qhldfvgp.sys File not found
DRV - (nsxrjlyf) -- C:\Windows\system32\drivers\nsxrjlyf.sys File not found
DRV - (lgkkgehq) -- C:\Windows\system32\drivers\lgkkgehq.sys File not found
DRV - (kltoskok) -- C:\Windows\system32\drivers\kltoskok.sys File not found
DRV - (dnoinpnu) -- C:\Windows\system32\drivers\dnoinpnu.sys File not found
DRV - (chgfpqzx) -- C:\Windows\system32\drivers\chgfpqzx.sys File not found
DRV - (ccgqvjgn) -- C:\Windows\system32\drivers\ccgqvjgn.sys File not found
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys (Emsisoft GmbH)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ASW3Scan) -- C:\Programme\Ashampoo\Ashampoo Anti-Malware\AAMW_IFS32.sys ()
DRV - (a2util) -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (AAMWRegFilter) -- C:\Programme\Ashampoo\Ashampoo Anti-Malware\AAMW_Regfilter32.sys ()
DRV - (FETNDIS) -- C:\Windows\System32\drivers\fetnd6.sys (VIA Technologies, Inc.              )
DRV - (RT2500USB) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2009.06.10 23:00:28 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ashampoo Anti-Malware Guard] C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [UpgradeChecker] C:\Users\Windows666\AppData\Roaming\Google Inc.\{EA1411D0-DAE0-4C16-8584-077A2695FA70}\UpgradeChecker.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48260C41-67DD-42B2-ABA5-D1FF6DB848BA}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.15 11:15:15 | 000,000,000 | ---D | C] -- C:\Users\Windows666\Desktop\scanbericht
[2012.08.15 10:06:07 | 000,000,000 | ---D | C] -- C:\Users\Windows666\AppData\Roaming\QuickScan
[2012.08.14 21:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012.08.14 21:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2012.08.14 16:52:12 | 000,000,000 | ---D | C] -- C:\Users\Windows666\AppData\Local\Ashampoo
[2012.08.14 16:11:41 | 000,000,000 | ---D | C] -- C:\Users\Windows666\AppData\Roaming\Systweak
[2012.08.14 16:11:38 | 000,017,320 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012.08.13 16:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.08.13 16:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.08.13 11:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.08.13 11:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.08.13 11:57:55 | 000,000,000 | ---D | C] -- C:\Users\Windows666\Documents\Anti-Malware
[2012.07.24 15:02:45 | 000,000,000 | ---D | C] -- C:\Users\Windows666\Desktop\filme
[2012.07.23 14:47:24 | 000,000,000 | ---D | C] -- C:\Users\Windows666\AppData\Roaming\Microsoft Corporation
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.15 10:35:49 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012.08.15 10:35:05 | 000,009,243 | ---- | M] () -- C:\Users\Windows666\Documents\EMSISOFT.rtf
[2012.08.15 10:25:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.15 10:01:46 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.15 10:01:45 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.15 09:51:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.15 09:51:48 | 804,118,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.15 01:20:55 | 000,007,680 | ---- | M] () -- C:\Windows\13212406.exe
[2012.08.15 01:20:55 | 000,000,004 | ---- | M] () -- C:\Windows\13212406.dat
[2012.08.14 21:18:31 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Anti-Malware.lnk
[2012.08.14 16:49:55 | 000,000,286 | ---- | M] () -- C:\Users\Windows666\Documents\trojaner.rtf
[2012.08.14 16:32:03 | 000,001,676 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2012.08.14 16:02:58 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.08.14 16:02:29 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.14 16:02:29 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.14 16:02:29 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.14 16:02:29 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.13 16:53:57 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.13 11:59:10 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.08.08 14:26:42 | 000,000,815 | ---- | M] () -- C:\Users\Windows666\Documents\Herkules Hosenträger.rtf
[2012.08.06 18:27:10 | 004,503,728 | ---- | M] () -- C:\ProgramData\rat_0ybba.pad
[2012.08.03 11:46:41 | 000,001,749 | ---- | M] () -- C:\Users\Windows666\Documents\Pari Junior Boy S.rtf
[2012.08.03 09:25:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.03 09:25:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.01 11:24:03 | 000,001,812 | ---- | M] () -- C:\Users\Windows666\Documents\Vase Hutschenreuther.rtf
[2012.07.29 19:49:32 | 000,001,745 | ---- | M] () -- C:\Users\Windows666\Documents\Servier Platte groß.rtf
[2012.07.28 19:08:08 | 000,000,425 | ---- | M] () -- C:\Users\Windows666\Documents\Pierrot und Columbine Fasold & Strauch.rtf
[2012.07.28 18:35:42 | 000,002,801 | ---- | M] () -- C:\Users\Windows666\Documents\Rosenthal  Cattleya.rtf
[2012.07.24 23:33:10 | 000,017,136 | ---- | M] () -- C:\Windows\System32\sasnative32.exe
[2012.07.16 18:36:05 | 000,443,522 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120802-120030.backup
[2012.07.16 14:25:06 | 000,017,320 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
 
========== Files Created - No Company Name ==========
 
[2012.08.15 01:20:55 | 000,007,680 | ---- | C] () -- C:\Windows\13212406.exe
[2012.08.15 01:20:55 | 000,000,004 | ---- | C] () -- C:\Windows\13212406.dat
[2012.08.14 21:18:31 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Anti-Malware.lnk
[2012.08.14 16:49:54 | 000,000,286 | ---- | C] () -- C:\Users\Windows666\Documents\trojaner.rtf
[2012.08.14 16:27:12 | 000,001,676 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012.08.14 16:12:03 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2012.08.14 09:51:41 | 000,009,243 | ---- | C] () -- C:\Users\Windows666\Documents\EMSISOFT.rtf
[2012.08.13 16:53:57 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.13 11:59:10 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.08.08 14:26:41 | 000,000,815 | ---- | C] () -- C:\Users\Windows666\Documents\Herkules Hosenträger.rtf
[2012.08.06 18:15:24 | 004,503,728 | ---- | C] () -- C:\ProgramData\rat_0ybba.pad
[2012.08.03 11:46:40 | 000,001,749 | ---- | C] () -- C:\Users\Windows666\Documents\Pari Junior Boy S.rtf
[2012.08.01 11:24:03 | 000,001,812 | ---- | C] () -- C:\Users\Windows666\Documents\Vase Hutschenreuther.rtf
[2012.07.29 19:49:32 | 000,001,745 | ---- | C] () -- C:\Users\Windows666\Documents\Servier Platte groß.rtf
[2012.07.28 19:08:07 | 000,000,425 | ---- | C] () -- C:\Users\Windows666\Documents\Pierrot und Columbine Fasold & Strauch.rtf
[2012.07.28 18:35:41 | 000,002,801 | ---- | C] () -- C:\Users\Windows666\Documents\Rosenthal  Cattleya.rtf
[2012.04.15 18:51:46 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.04.07 14:53:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.07 14:25:26 | 000,000,158 | ---- | C] () -- C:\Windows\pagesuit.ini
[2012.04.07 14:25:25 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2012.04.06 03:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.04.06 03:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.04.05 22:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.04.12 03:30:05 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 23:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== LOP Check ==========
 
[2012.07.12 19:54:46 | 000,000,000 | ---D | M] -- C:\Users\Windows666\AppData\Roaming\Dropbox
[2012.04.07 14:23:44 | 000,000,000 | ---D | M] -- C:\Users\Windows666\AppData\Roaming\Ordner HP Share-to-Web
[2012.08.15 10:06:22 | 000,000,000 | ---D | M] -- C:\Users\Windows666\AppData\Roaming\QuickScan
[2012.08.14 16:42:36 | 000,000,000 | ---D | M] -- C:\Users\Windows666\AppData\Roaming\Systweak
[2012.08.11 20:52:26 | 000,000,000 | ---D | M] -- C:\Users\Windows666\AppData\Roaming\TeamViewer
[2012.07.11 14:26:37 | 000,000,000 | ---D | M] -- C:\Users\Windows666\AppData\Roaming\TuneUp Software
[2012.08.06 06:15:01 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Windows666\OpenOffice.org 2.4 (de) Installation Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Windows666\Desktop\Rapithsare:Roxio EMC Stream

< End of report >
         

OTL Extras logfile created on: 15.08.2012 11:18:59 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Windows666\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,49 Mb Total Physical Memory | 501,03 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 0,50 Gb Available in Paging File | 24,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 78,73 Gb Free Space | 26,42% Space Free | Partition Type: NTFS
Drive D: | 101,94 Mb Total Space | 10,66 Mb Free Space | 10,46% Space Free | Partition Type: NTFS
Drive E: | 186,21 Gb Total Space | 41,39 Gb Free Space | 22,23% Space Free | Partition Type: NTFS
 
Computer Name: WINDOWS666-PC | User Name: Windows666 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- Reg Error: Value error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{D3BB6726-339E-4673-BAAA-A4F68F0D3D54}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{654A3EF5-827D-4A50-B357-DA6B7E3DD477}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1DA193D3-BEC6-4FEF-89E3-D8F739216BFB}_is1" = Ashampoo Anti-Malware v.1.21
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2FC92BF4-F8BB-755F-755C-D756383C4CF3}" = ccc-utility
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{355FBF6C-31EB-C660-F07A-1CC93975A5CA}" = HydraVision
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}" = Readiris 7.5
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A57CBC93-A964-3549-7C8F-43EF4C0C4077}" = ATI AVIVO Codecs
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{CE3DF04B-D674-369C-8469-75285614A8C4}" = AMD Catalyst Install Manager
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DD2205B2-ECFA-37C1-198F-BC8B84C2F74C}" = AMD Drag and Drop Transcoding
"{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}" = WiFi Station
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F335228B-0FFC-F617-08C7-A4E072441FBE}" = AMD Media Foundation Decoders
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CCleaner" = CCleaner
"FLV Player" = FLV Player 2.0 (build 25)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.08.2012 15:36:03 | Computer Name = Windows666-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AAMW_Service.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4c7685e8  Name des fehlerhaften Moduls: engine.dll, Version: 5.0.0.50,
 Zeitstempel: 0x4ca00082  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001dfc3  ID des fehlerhaften
 Prozesses: 0x2e4  Startzeit der fehlerhaften Anwendung: 0x01cd7a51998ebbd8  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Ashampoo\Ashampoo Anti-Malware\engine.dll
Berichtskennung:
 47f5b7c6-e647-11e1-ba09-0008d307a938
 
Error - 14.08.2012 15:42:49 | Computer Name = Windows666-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.08.2012 01:31:01 | Computer Name = Windows666-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.08.2012 01:42:17 | Computer Name = Windows666-PC | Source = Application Hang | ID = 1002
Description = Programm AAMW_Main.exe, Version 1.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f04    Startzeit: 
01cd7aa72bddf176    Endzeit: 758    Anwendungspfad: C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Main.exe

Berichts-ID:
   
 
Error - 15.08.2012 01:56:14 | Computer Name = Windows666-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.08.2012 03:53:35 | Computer Name = Windows666-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.08.2012 03:58:58 | Computer Name = Windows666-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16447 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: d3c    Startzeit: 01cd7abb70c6d41e    Endzeit: 36    Anwendungspfad: 
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 15.08.2012 04:02:46 | Computer Name = Windows666-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16447 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1a0    Startzeit: 01cd7abbe003d779    Endzeit: 51    Anwendungspfad: 
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 15.08.2012 04:22:13 | Computer Name = Windows666-PC | Source = System Restore | ID = 8200
Description = 
 
Error - 15.08.2012 04:23:16 | Computer Name = Windows666-PC | Source = System Restore | ID = 8200
Description = 
 
[ System Events ]
Error - 13.08.2012 03:39:50 | Computer Name = Windows666-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 13.08.2012 03:39:50 | Computer Name = Windows666-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 13.08.2012 03:41:49 | Computer Name = Windows666-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
Error - 14.08.2012 05:26:01 | Computer Name = Windows666-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?08.?2012 um 11:24:36 unerwartet heruntergefahren.
 
Error - 14.08.2012 09:50:42 | Computer Name = Windows666-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?08.?2012 um 15:49:18 unerwartet heruntergefahren.
 
Error - 14.08.2012 10:38:16 | Computer Name = Windows666-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 14.08.2012 15:11:40 | Computer Name = Windows666-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Ashampoo Anti-Malware Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 14.08.2012 15:37:19 | Computer Name = Windows666-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Ashampoo Anti-Malware Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 15.08.2012 01:54:01 | Computer Name = Windows666-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?08.?2012 um 07:53:06 unerwartet heruntergefahren.
 
Error - 15.08.2012 03:51:56 | Computer Name = Windows666-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?08.?2012 um 09:50:50 unerwartet heruntergefahren.
 
 
< End of report >