Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Avast meldet Trj *System neu aufsetzen?

Avast meldet Trj *System neu aufsetzen?


Log-Analyse und Auswertung: Avast meldet Trj *System neu aufsetzen?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 29.08.2012, 16:50   #1
TrabiMurat
 
Avast meldet Trj *System neu aufsetzen? - Icon27

Avast meldet Trj *System neu aufsetzen?


Hallo liebe Trj.Board- Community,

ich habe bereits die Suchfunktion genutzt und wurde "nicht" fündig, deshalb habe ich den Thread erstellt, damit mir vielleicht jemand dabei behilflich ist, ob mein System nachwievor infiziert ist*siehe Log*, obwohl Avast die Malware gefunden bzw. in den Virus Container verschoben hat.


Win32elf-MBA [Trj] (tmp) und Win32:Hupigon-ONX [Trj] (pdf) in diesem Fall

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:06, on 29.08.2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Multimedia\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Sicherheit\Avast\AvastUI.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
J:\Programme\Diverses\unetbootin-windows-575.exe
C:\Users\Franzi von der Alm\AppData\Local\Temp\sevnz.exe
C:\Users\Mister Niceguy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Multimedia\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [avast] "C:\Program Files\Sicherheit\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\RunOnce: [aswAhAScr.dll] "C:\Program Files\Sicherheit\Avast\aswRegSvr.exe" "C:\Program Files\Sicherheit\Avast\AhAScr.dll"
O4 - HKLM\..\RunOnce: [aswasOutExt.dll] "C:\Program Files\Sicherheit\Avast\aswRegSvr.exe" "C:\Program Files\Sicherheit\Avast\asOutExt.dll"
O4 - HKLM\..\RunOnce: [aswasOutExt64.dll] "C:\Program Files\Sicherheit\Avast\aswRegSvr64.exe" "C:\Program Files\Sicherheit\Avast\asOutExt64.dll"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Allway Sync] "C:\Program Files\Sicherheit\Allway Sync\Bin\syncappw.exe" -m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1674337157-1655749545-1347997827-1000\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'TrabiMurat')
O4 - S-1-5-21-1674337157-1655749545-1347997827-1000 Startup: NVIDIA_Inspector_MultiDisplayPowerSaver.lnk = C:\Users\TrabiMurat\Desktop\nvidiaInspector.exe (User 'TrabiMurat')
O4 - S-1-5-21-1674337157-1655749545-1347997827-1000 User Startup: NVIDIA_Inspector_MultiDisplayPowerSaver.lnk = C:\Users\TrabiMurat\Desktop\nvidiaInspector.exe (User 'TrabiMurat')
O4 - Startup: FRITZ!DSL Startcenter.lnk = ?
O4 - Startup: NVI_GPU_Clock_Startup.lnk = C:\Users\TrabiMurat\Desktop\nvidiaInspector.exe
O4 - Global Startup: FRITZ!DSL Protect.lnk = C:\Program Files\FRITZ!DSL\FwebProt.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O10 - Broken Internet access because of LSP provider '%programfiles%\fritz!dsl\\sarah.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix: 
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5202D1DD-5413-4C82-AFF6-1567DDFD3920}: NameServer = 62.141.58.13,87.118.100.175
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Sicherheit\Avast\AvastSvc.exe
O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files\Sicherheit\Allway Sync\Bin\SyncService.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8773 bytes
--- --- ---



Sonnige Grüße

Murat
Geändert von TrabiMurat (29.08.2012 um 16:56 Uhr)

Alt 29.08.2012, 17:53   #2
t'john
/// Helfer-Team
 
Avast meldet Trj *System neu aufsetzen? - Standard

Avast meldet Trj *System neu aufsetzen?




Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.


Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 30.08.2012, 11:47   #3
TrabiMurat
 
Avast meldet Trj *System neu aufsetzen? - Standard

Avast meldet Trj *System neu aufsetzen?


Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.08.29.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
BadBoy :: VIRUS [Administrator]

29.08.2012 19:17:01
mbam-log-2012-08-29 (23-51-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|J:\|L:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 638881
Laufzeit: 2 Stunde(n), 37 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 22
E:\Ebooks & Dokumente\Jungheinrich\Neuer Ordner (2)\bg_header.gif (Extension.Mismatch) -> Keine Aktion durchgeführt.
E:\Ebooks & Dokumente\Jungheinrich\Neuer Ordner (2)\Chain link conveyor (large links on dark gray).bmp (Extension.Mismatch) -> Keine Aktion durchgeführt.
E:\Ebooks & Dokumente\Jungheinrich\Neuer Ordner (2)\DEBUG.LOG (Extension.Mismatch) -> Keine Aktion durchgeführt.
E:\Ebooks & Dokumente\Jungheinrich\Neuer Ordner (2)\fio_15.jpg (Extension.Mismatch) -> Keine Aktion durchgeführt.
E:\Ebooks & Dokumente\Jungheinrich\Neuer Ordner (2)\p045200e.jpg (Extension.Mismatch) -> Keine Aktion durchgeführt.
J:\Ebooks & Dokumente\Jungheinrich\Neuer Ordner (2)\bg_header.gif (Extension.Mismatch) -> Keine Aktion durchgeführt.
J:\Ebooks & Dokumente\Jungheinrich\Neuer Ordner (2)\Chain link conveyor (large links on dark gray).bmp (Extension.Mismatch) -> Keine Aktion durchgeführt.
J:\Ebooks & Dokumente\Jungheinrich\Neuer Ordner (2)\DEBUG.LOG (Extension.Mismatch) -> Keine Aktion durchgeführt.
J:\Ebooks & Dokumente\Jungheinrich\Neuer Ordner (2)\fio_15.jpg (Extension.Mismatch) -> Keine Aktion durchgeführt.
J:\Ebooks & Dokumente\Jungheinrich\Neuer Ordner (2)\p045200e.jpg (Extension.Mismatch) -> Keine Aktion durchgeführt.

(Ende)OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.08.2012 23:52:08 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Mister Niceguy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 7,22 Gb Available Physical Memory | 60,15% Memory free
23,99 Gb Paging File | 19,77 Gb Available in Paging File | 82,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,65 Gb Total Space | 15,00 Gb Free Space | 15,36% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 34,63 Gb Free Space | 70,92% Space Free | Partition Type: NTFS
Drive E: | 785,02 Gb Total Space | 282,83 Gb Free Space | 36,03% Space Free | Partition Type: NTFS
Drive G: | 3,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 1863,01 Gb Total Space | 21,31 Gb Free Space | 1,14% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 1,45 Gb Free Space | 0,16% Space Free | Partition Type: NTFS
 
Computer Name: VIRUS | User Name: BadBoy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mister Niceguy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Sicherheit\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Sicherheit\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Programme\Sicherheit\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Sicherheit\Allway Sync\Bin\SyncService.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Multimedia\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
MOD - C:\Windows\SysWOW64\CTXFIGER.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (BotkindSyncService) -- C:\Program Files\Sicherheit\Allway Sync\Bin\SyncService.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Programme\Sicherheit\Avast\AvastSvc.exe (AVAST Software)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TunngleService) -- E:\Games\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (tap0901t) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (NetworkX) -- C:\Windows\SysNative\Ckldrv.sys ()
DRV:64bit: - (ATITool) -- C:\Windows\SysNative\drivers\ATITool64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (EverestDriver) -- C:\Users\Mister Niceguy\Desktop\Everest\kerneld.amd64 ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1674337157-1655749545-1347997827-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1674337157-1655749545-1347997827-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-1674337157-1655749545-1347997827-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1674337157-1655749545-1347997827-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 7E AF 70 DC AA CC 01  [binary data]
IE - HKU\S-1-5-21-1674337157-1655749545-1347997827-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1674337157-1655749545-1347997827-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1674337157-1655749545-1347997827-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1674337157-1655749545-1347997827-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1674337157-1655749545-1347997827-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1674337157-1655749545-1347997827-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\Diverses\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\Diverses\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
 
 
 
O1 HOSTS File: ([2012.08.29 12:02:03 | 000,000,931 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.0.3 mercs2-pc.fesl.ea.com
O1 - Hosts: 192.168.0.3 mercs2-pc.fesl.ea.com
O1 - Hosts: 192.168.0.3 mercs2-pc.fesl.ea.com
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Sicherheit\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Multimedia\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1674337157-1655749545-1347997827-1003..\Run: [Allway Sync] C:\Program Files\Sicherheit\Allway Sync\Bin\syncappw.exe ()
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\Sicherheit\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\Sicherheit\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswasOutExt64.dll] C:\Program Files\Sicherheit\Avast\aswRegSvr64.exe (AVAST Software)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Sicherheit\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\BadBoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\BadBoy\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
O4 - Startup: C:\Users\BadBoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NVI_GPU_Clock_Startup.lnk = C:\Users\Mister Niceguy\Desktop\nvidiaInspector.exe (Orbmu2k)
O4 - Startup: C:\Users\Mister Niceguy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NVIDIA_Inspector_MultiDisplayPowerSaver.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BEAFFA6-4891-4BBB-A3E1-869B37249D80}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5202D1DD-5413-4C82-AFF6-1567DDFD3920}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5202D1DD-5413-4C82-AFF6-1567DDFD3920}: NameServer = 62.141.58.13,87.118.100.175
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{869AD4EE-3092-4F5E-931C-34CBEBF2CAC1}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.15 20:54:40 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.10.25 05:42:17 | 000,000,041 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.29 19:15:23 | 000,000,000 | ---D | C] -- C:\Users\BadBoy\AppData\Roaming\Malwarebytes
[2012.08.29 19:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.29 19:15:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.29 18:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012.08.27 14:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.08.27 10:46:58 | 000,000,000 | ---D | C] -- C:\Users\BadBoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ActiveX Control Pad
[2012.08.27 10:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft ActiveX Control Pad
[2012.08.27 10:46:53 | 001,123,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FM20.DLL
[2012.08.27 10:46:53 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\P2D.DLL
[2012.08.27 10:46:53 | 000,161,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ASYCPICT.DLL
[2012.08.27 10:46:53 | 000,127,488 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\ISCTRLS.OCX
[2012.08.27 10:46:53 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNAUDIO.ACM
[2012.08.27 10:46:53 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMMTB32.DLL
[2012.08.27 10:46:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\HLP95EN.DLL
[2012.08.27 10:46:53 | 000,025,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FM20ENU.DLL
[2012.08.27 10:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ActiveX Control Pad
[2012.08.26 12:22:54 | 000,000,000 | ---D | C] -- C:\Users\BadBoy\AppData\Local\WindowsUpdate
[2012.08.26 11:37:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.08.25 09:12:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.08.18 03:02:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.18 03:02:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.18 03:02:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.18 03:02:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.18 03:02:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.18 03:02:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.18 03:02:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.18 03:02:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.18 03:02:16 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.18 03:02:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.18 03:02:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.18 03:02:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.18 03:02:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.17 22:19:39 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.17 22:19:36 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.17 22:19:35 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.17 22:19:35 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.17 22:19:32 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.17 22:19:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.17 22:19:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.17 22:19:24 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.07 01:18:27 | 012,388,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.08.07 01:18:26 | 019,828,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.08.07 01:18:26 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.08.07 01:18:25 | 018,228,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.08.07 01:18:25 | 015,290,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.08.07 01:18:25 | 002,744,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.08.07 01:18:25 | 002,573,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.08.07 01:18:25 | 002,216,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.08.07 01:18:24 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.08.07 01:18:24 | 009,164,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.08.07 01:18:24 | 001,865,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.08.07 01:18:23 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.08.07 00:02:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A
[2012.08.07 00:02:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A
[2012.08.07 00:02:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04
[2012.08.07 00:02:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816
[2012.08.07 00:02:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804
[2012.08.07 00:02:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404
[2012.08.07 00:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401
[2012.08.07 00:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2012.08.02 16:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.29 19:15:13 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.29 17:44:51 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\Stronghold 3.lnk
[2012.08.29 12:02:40 | 000,616,258 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.29 12:02:39 | 001,499,650 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.29 12:02:39 | 000,654,376 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.29 12:02:39 | 000,130,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.29 12:02:39 | 000,106,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.29 12:02:03 | 000,000,931 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.08.29 10:59:57 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.29 10:59:57 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.29 10:51:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.28 15:00:12 | 1071,009,790 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.28 14:59:34 | 000,062,644 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000006-00001102-00000005-60071102}.rfx
[2012.08.28 14:59:34 | 000,062,644 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000006-00001102-00000005-60071102}.rfx
[2012.08.28 14:59:34 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000006-00001102-00000005-60071102}.rfx
[2012.08.27 10:46:53 | 001,123,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\FM20.DLL
[2012.08.27 10:46:53 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\P2D.DLL
[2012.08.27 10:46:53 | 000,161,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ASYCPICT.DLL
[2012.08.27 10:46:53 | 000,127,488 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\ISCTRLS.OCX
[2012.08.27 10:46:53 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNAUDIO.ACM
[2012.08.27 10:46:53 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\COMMTB32.DLL
[2012.08.27 10:46:53 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\HLP95EN.DLL
[2012.08.27 10:46:53 | 000,025,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\FM20ENU.DLL
[2012.08.26 15:22:43 | 000,000,079 | ---- | M] () -- C:\Users\BadBoy\AppData\Local\CrystalDiskMark30.ini
[2012.08.26 11:37:59 | 000,001,115 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.08.26 11:05:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.08.21 11:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.08.18 03:20:27 | 000,266,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.11 14:57:52 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.08.06 03:15:11 | 000,000,805 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.29 19:15:13 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.29 17:44:51 | 000,000,897 | ---- | C] () -- C:\Users\Public\Desktop\Stronghold 3.lnk
[2012.08.29 17:44:51 | 000,000,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold 3.lnk
[2012.08.26 11:37:59 | 000,001,115 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.08.26 11:37:59 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.08.06 03:15:11 | 000,000,805 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2012.05.31 15:11:52 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2012.02.27 00:38:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012.02.26 20:56:03 | 000,000,139 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012.02.26 20:55:58 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012.02.26 20:55:58 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012.02.26 20:55:58 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011.12.08 01:41:30 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.12.06 00:38:06 | 000,000,079 | ---- | C] () -- C:\Users\BadBoy\AppData\Local\CrystalDiskMark30.ini
[2011.11.17 12:22:04 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2011.11.17 12:21:01 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.11.17 12:21:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

< End of report >
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.08.2012 23:52:08 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Mister Niceguy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 7,22 Gb Available Physical Memory | 60,15% Memory free
23,99 Gb Paging File | 19,77 Gb Available in Paging File | 82,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,65 Gb Total Space | 15,00 Gb Free Space | 15,36% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 34,63 Gb Free Space | 70,92% Space Free | Partition Type: NTFS
Drive E: | 785,02 Gb Total Space | 282,83 Gb Free Space | 36,03% Space Free | Partition Type: NTFS
Drive G: | 3,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 1863,01 Gb Total Space | 21,31 Gb Free Space | 1,14% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 1,45 Gb Free Space | 0,16% Space Free | Partition Type: NTFS
 
Computer Name: VIRUS | User Name: BadBoy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{135D78E0-1458-44B7-836F-420412FEE05D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1BFDCA34-C074-43FC-BB18-F860C80411A8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1E288747-9A09-4AD5-90B5-03DC43A580DD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{34798ABC-CD27-45F0-91BB-AFB9ABA039FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3B19DEBE-9F77-4008-A983-9DC21B3846A7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3CB10598-59B8-465B-8507-025070CF7DD9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3DD63BEA-CEBC-40C6-B6F1-125D187182FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{46751557-CDE0-4DED-8FCB-8916CA54C728}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | 
"{4827C6A2-70BA-4DC1-B897-46B8D41A7E48}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4CFDB6BB-05DC-415E-8EFA-00072CA6819A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4F827099-65A6-4120-89FA-38A2F100219C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{630938E8-C9B8-4388-9359-8EE342490F6F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{654BA066-B1CB-4349-942D-79F49D9C1BA6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{816D5E80-1323-4C0F-817D-44A6277CFDDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8CEF09FE-99CA-4899-A0C9-AB9F40D323AD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A7282C83-8BA3-4366-B842-80409D5CF194}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D696C5F4-852C-4C39-B00E-4FD5D842E0A8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DBDF24B7-A660-497F-BDAA-3DB3FE776EC5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DFBF3DE8-4000-41C2-B7E6-59527CA94379}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EA9947E6-DE8E-475A-ACBF-7F4748412D5D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0190DA1A-7740-448A-867A-4740EBC984A2}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{050AFFC7-F8AE-4074-910F-8E6854AAC35C}" = protocol=6 | dir=in | app=e:\games\arma 2\arma2oaserver.exe | 
"{05715D28-788D-4E93-9D92-0A2693853693}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{079CEEB1-7423-403A-8D8C-ED3D7AF11741}" = protocol=17 | dir=in | app=e:\games\tunngle\tunngle.exe | 
"{11886FAC-AEC3-4066-9266-0FBDFE35225B}" = protocol=6 | dir=in | app=e:\games\saints row the third\saintsrowthethird_dx11.exe | 
"{1D5C8D95-A1AC-4890-90B7-EC0331F44C3D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{242E6795-54B9-42B5-98F3-FE59F5DEAF3A}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | 
"{266985AD-AFA1-4F7E-B80C-94FD3D4AA742}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{281BF67E-F651-45B1-AEEE-0441A40AEFC7}" = dir=out | app=%programfiles% (x86)\rockstar games\social club\renderer.exe | 
"{2BCB38E7-5974-4B12-80B7-5747EE38FF61}" = protocol=6 | dir=in | app=e:\games\tunngle\tnglctrl.exe | 
"{382B0A1A-FABA-42AA-9287-531C3881ED2B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{3D98F4F1-DE0E-4E71-8D2D-6830DC5AD47C}" = protocol=17 | dir=in | app=e:\games\arma 2\arma2oa.exe | 
"{3DB9D9A1-CAB4-48FE-88FD-3691CAFCDF59}" = protocol=17 | dir=in | app=e:\games\saints row the third\saintsrowthethird_dx11.exe | 
"{4680052D-CB75-47AB-AF25-2385D629CB66}" = protocol=6 | dir=in | app=e:\games\tunngle\tunngle.exe | 
"{4ECD0826-E47B-47D0-B0BB-480AAB80DAD2}" = protocol=17 | dir=in | app=e:\games\steam\steam.exe | 
"{50BB782D-A918-470B-84AE-DDA997D43722}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{52390EA5-9FAE-4F78-A291-166E26AC8223}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{531A6FAC-FB12-4958-8948-F2D6E5125F84}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{600AAE7B-53E6-4CD6-AC4A-9872B573324A}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{6296C449-CB98-469B-AB53-B86CF4173E25}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{68D634D5-6C82-49C8-B995-24946C2A10B2}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{6F61E989-966A-4266-A129-B767EDF81044}" = protocol=6 | dir=in | app=e:\games\of dragon rising\ofdr.exe | 
"{78596590-2F63-48F3-B36F-0BDBD37FBA39}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | 
"{79157F53-8B3D-48CC-A7D6-8F709A5AAEB5}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{7C1F530B-8C5C-408F-8D15-BC55B1C71AF1}" = dir=out | app=e:\games\max payne 3\playmaxpayne3.exe | 
"{8128E384-AF66-4A0B-9BB1-0A39BF781534}" = dir=out | app=e:\games\max payne 3\maxpayne3.exe | 
"{8F71B0ED-87F0-4F06-8C7C-9DBD25A74EB5}" = protocol=17 | dir=in | app=e:\games\tunngle\tnglctrl.exe | 
"{91588EC0-332E-4AE1-960D-A6F9788B8478}" = protocol=17 | dir=in | app=e:\games\sniperelitev2\bin\sniperelitev2.exe | 
"{93989055-5DFB-4B2C-B63B-E5E04F952073}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{94415BE8-77B1-4642-BBD8-0539A74FB396}" = protocol=6 | dir=in | app=e:\games\arma 2\arma2oa.exe | 
"{A8491667-7A57-4EC0-92A6-09446B34FCEC}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{B1D0D8C1-F570-4A69-8E20-24D80ED7205E}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | 
"{BBD7369D-3D0B-4A61-9598-E4F0B79B3370}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{C0F510E2-0D8A-4402-8C8D-8158CBB76DA7}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{C38BCD8A-60BE-47A7-AEFD-D0AD7B019612}" = protocol=17 | dir=in | app=e:\games\arma 2\arma2oaserver.exe | 
"{CE1AA967-B8FA-4C0C-A944-2FA53B0BB95C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{E2991F1D-7714-4117-847F-20CCED80EEE1}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{E7A15F9C-2851-40B0-A4BF-7D931B71A5AE}" = protocol=17 | dir=in | app=e:\games\of dragon rising\ofdr.exe | 
"{E9A3EB69-C073-43F0-A703-71E6763D3FD4}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | 
"{F02CFEA9-9F47-45A8-91B0-BA9224BE8A26}" = protocol=6 | dir=in | app=e:\games\sniperelitev2\bin\sniperelitev2.exe | 
"{F1C7E73F-79A8-4250-AC72-A7E092F19812}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{FCFE432C-A626-47F5-BFEC-BEA596319024}" = protocol=6 | dir=in | app=e:\games\steam\steam.exe | 
"TCP Query User{042CF6A0-18A9-4566-B2D0-D7898B595A99}E:\games\arma 2\arma2oaserver.exe" = protocol=6 | dir=in | app=e:\games\arma 2\arma2oaserver.exe | 
"TCP Query User{11660586-A4E5-47FB-A10D-4ED40A862361}E:\games\arma 2\arma2.exe" = protocol=6 | dir=in | app=e:\games\arma 2\arma2.exe | 
"TCP Query User{33DA5285-3799-406F-A7D9-CD5F783204DE}E:\games\steam\steam.exe" = protocol=6 | dir=in | app=e:\games\steam\steam.exe | 
"TCP Query User{3EE3CCF2-D5E8-49CC-8035-1B588CACC413}E:\games\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=e:\games\arma 2\expansion\beta\arma2oa.exe | 
"TCP Query User{5C244984-1EA3-4904-B470-DBE86720DED8}E:\games\neverwinter nights 2\nwn2main.exe" = protocol=6 | dir=in | app=e:\games\neverwinter nights 2\nwn2main.exe | 
"TCP Query User{5F42C554-152C-44F1-890B-333AF7B47B76}E:\games\neverwinter nights 2\nwn2main.exe" = protocol=6 | dir=in | app=e:\games\neverwinter nights 2\nwn2main.exe | 
"TCP Query User{660B391F-34E1-461F-A317-D9BBFF821798}E:\games\the guild 2 - renaissance\guildii.exe" = protocol=6 | dir=in | app=e:\games\the guild 2 - renaissance\guildii.exe | 
"TCP Query User{CF5380E0-0FC0-4297-A2AD-46D319F1E9E7}E:\games\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=e:\games\stronghold 3\bin\win32_release\stronghold3.exe | 
"TCP Query User{D2765AA4-9B1A-4CC3-A286-5627B636569A}E:\games\mercenaries 2 world in flame\mercenaries2.exe" = protocol=6 | dir=in | app=e:\games\mercenaries 2 world in flame\mercenaries2.exe | 
"TCP Query User{E3BA31DE-2CEE-4E1F-BF41-30E9ABA5AD6E}E:\games\sniperelitev2\bin\sniperelitev2.exe" = protocol=6 | dir=in | app=e:\games\sniperelitev2\bin\sniperelitev2.exe | 
"TCP Query User{E6A4ADFB-0B80-45BE-8407-7ECA6EEBF0CB}E:\games\mercenaries 2 world in flame\mercenaries2server\mercs2server.exe" = protocol=6 | dir=in | app=e:\games\mercenaries 2 world in flame\mercenaries2server\mercs2server.exe | 
"UDP Query User{05904763-5117-4CDB-BA88-7244654148E6}E:\games\neverwinter nights 2\nwn2main.exe" = protocol=17 | dir=in | app=e:\games\neverwinter nights 2\nwn2main.exe | 
"UDP Query User{3F10C4B3-B413-4BA9-9EB4-11668937F184}E:\games\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=e:\games\arma 2\expansion\beta\arma2oa.exe | 
"UDP Query User{558ED53E-DE9C-4A5D-8DD8-BDB78FB19731}E:\games\arma 2\arma2.exe" = protocol=17 | dir=in | app=e:\games\arma 2\arma2.exe | 
"UDP Query User{65BF1915-234B-422F-A7E9-20BC6B171AFB}E:\games\mercenaries 2 world in flame\mercenaries2server\mercs2server.exe" = protocol=17 | dir=in | app=e:\games\mercenaries 2 world in flame\mercenaries2server\mercs2server.exe | 
"UDP Query User{6B176C42-5A75-4A8F-8BAD-39B1F013E023}E:\games\the guild 2 - renaissance\guildii.exe" = protocol=17 | dir=in | app=e:\games\the guild 2 - renaissance\guildii.exe | 
"UDP Query User{6B94D991-E13D-4169-9703-F0176AE41318}E:\games\arma 2\arma2oaserver.exe" = protocol=17 | dir=in | app=e:\games\arma 2\arma2oaserver.exe | 
"UDP Query User{78B48950-5387-4F3B-B792-3E0878620B7F}E:\games\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=e:\games\stronghold 3\bin\win32_release\stronghold3.exe | 
"UDP Query User{80A4EAD4-8776-4962-AAF6-E30164AEF585}E:\games\neverwinter nights 2\nwn2main.exe" = protocol=17 | dir=in | app=e:\games\neverwinter nights 2\nwn2main.exe | 
"UDP Query User{C5921AC4-531A-4E7A-9405-867A7F92F15C}E:\games\mercenaries 2 world in flame\mercenaries2.exe" = protocol=17 | dir=in | app=e:\games\mercenaries 2 world in flame\mercenaries2.exe | 
"UDP Query User{C627A9C0-EC10-4156-8931-D6624E948E64}E:\games\sniperelitev2\bin\sniperelitev2.exe" = protocol=17 | dir=in | app=e:\games\sniperelitev2\bin\sniperelitev2.exe | 
"UDP Query User{E1492A6E-09B5-4C52-BF0B-641F1F343915}E:\games\steam\steam.exe" = protocol=17 | dir=in | app=e:\games\steam\steam.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.12
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B1F48088-2632-92BF-799C-16A5141B74EC}" = AMD Catalyst Install Manager
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Recuva" = Recuva
"sp6" = Logitech SetPoint 6.32
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}" = Mercenaries 2: World in Flames(tm)
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{83721450-E604-4C37-ABEB-CE7F18C587C8}" = LightScribe Template Labeler
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{THEGUILDREN-0010-2010-300520102330}_is1" = Patch v4.17b Update
"ActiveXControlPad" = Microsoft ActiveX Control Pad
"AIMP3" = AIMP3
"ALchemy" = Creative ALchemy
"Allway Sync_is1" = Allway Sync version 12.0.0
"Anti-Twin 2011-11-26 19.58.20" = Anti-Twin (Installation 26.11.2011)
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"ArmA2" = ArmA2 Uninstall
"AudioCS" = Creative Audio-Systemsteuerung
"avast" = avast! Free Antivirus
"Broken Sword: Shadow of the Templar's Directors Cut_is1" = Broken Sword: Shadow of the Templar's Directors Cut
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Fallout New Vegas Ultimate Edition_is1" = Fallout New Vegas Ultimate Edition
"Fraps" = Fraps (remove only)
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Jagged Alliance - Back in Action_is1" = Jagged Alliance - Back in Action
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"OpenAL" = OpenAL
"Opera 12.01.1532" = Opera 12.01
"Rockstar Games Social Club" = Rockstar Games Social Club
"Saints Row The Third_is1" = Saints Row The Third
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"Sniper Elite V2_is1" = Sniper Elite V2
"Steam App 34030" = Napoleon: Total War
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"Stronghold 3 (c) THQ_is1" = Stronghold 3 (c) THQ version 1
"SumatraPDF" = SumatraPDF
"The Elder Scrolls V - Skyrim_is1" = The Elder Scrolls V - Skyrim
"The KMPlayer" = The KMPlayer (remove only)
"Tunngle beta_is1" = Tunngle beta
"VirtualCloneDrive" = VirtualCloneDrive
"WaveStudio 7" = Creative WaveStudio 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.08.2012 04:54:56 | Computer Name = Virus | Source = ESENT | ID = 455
Description = Windows (2636) Windows: Fehler -1811 beim Öffnen von Protokolldatei
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0009E.log.
 
Error - 29.08.2012 04:54:56 | Computer Name = Virus | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 29.08.2012 04:54:56 | Computer Name = Virus | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 29.08.2012 04:54:56 | Computer Name = Virus | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 29.08.2012 04:54:56 | Computer Name = Virus | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 29.08.2012 04:54:57 | Computer Name = Virus | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 29.08.2012 04:54:59 | Computer Name = Virus | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 29.08.2012 04:54:59 | Computer Name = Virus | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 29.08.2012 04:54:59 | Computer Name = Virus | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 29.08.2012 04:54:59 | Computer Name = Virus | Source = Windows Search Service | ID = 7010
Description = 
 
[ System Events ]
Error - 26.08.2012 09:22:28 | Computer Name = Virus | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 27.08.2012 04:04:21 | Computer Name = Virus | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SysMain erreicht.
 
Error - 27.08.2012 04:07:41 | Computer Name = Virus | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 27.08.2012 04:14:25 | Computer Name = Virus | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 27.08.2012 04:14:25 | Computer Name = Virus | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 27.08.2012 08:40:29 | Computer Name = Virus | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 27.08.2012 08:40:29 | Computer Name = Virus | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 28.08.2012 08:08:00 | Computer Name = Virus | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "V!ru$" den Befehl "chkdsk" aus.
 
Error - 29.08.2012 04:54:59 | Computer Name = Virus | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 29.08.2012 04:54:59 | Computer Name = Virus | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >
--- --- ---
__________________
Alt 30.08.2012, 20:11   #4
t'john
/// Helfer-Team
 
Avast meldet Trj *System neu aufsetzen? - Standard

Avast meldet Trj *System neu aufsetzen?


Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1674337157-1655749545-1347997827-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-1674337157-1655749545-1347997827-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-1674337157-1655749545-1347997827-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1674337157-1655749545-1347997827-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-1674337157-1655749545-1347997827-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-1674337157-1655749545-1347997827-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - Startup: C:\Users\BadBoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NVI_GPU_Clock_Startup.lnk = C:\Users\Mister Niceguy\Desktop\nvidiaInspector.exe (Orbmu2k) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2011.11.15 20:54:40 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] 
O32 - AutoRun File - [2011.10.25 05:42:17 | 000,000,041 | R--- | M] () - G:\autorun.inf -- [ CDFS ] 

[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] 

[2012.08.26 11:05:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt 
 

:Files
C:\Users\BadBoy\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\BadBoy\AppData\Local\Temp\*.exe
C:\Users\BadBoy\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 17.10.2012, 14:56   #5
t'john
/// Helfer-Team
 
Avast meldet Trj *System neu aufsetzen? - Standard

Avast meldet Trj *System neu aufsetzen?


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Avast meldet Trj *System neu aufsetzen?
aufsetzen, avast, bereits, community, container, erstell, erstellt, gefunde, genutzt, infiziert, liebe, log, malware, malware gefunden, melde, meldet, neu, neu aufsetzen, pdf, secunia psi, suchfunktion, system, system neu, system neu aufsetzen, thread, tmp, usb 3.0, verschoben, virus


« Bedrohung: JS:Blacole-AV (Trj) von Avast gefunden, Ingdiba z.B: gesperrt | GVU Trojaner eingefangen! »


Ähnliche Themen: Avast meldet Trj *System neu aufsetzen?


  1. Windows7|64-bit System|Avast meldet 5 infizierte Dateien
    Log-Analyse und Auswertung - 14.08.2013 (7)
  2. Malwarefund! Muss ich das System neu aufsetzen?
    Log-Analyse und Auswertung - 11.02.2012 (43)
  3. avast meldet: Datei: system\cm106eye.exe - Geöfnet von: SysWOW64\rundll32.exe
    Antiviren-, Firewall- und andere Schutzprogramme - 03.11.2011 (17)
  4. W32/Ramnit.C -> Wie System wieder aufsetzen?
    Plagegeister aller Art und deren Bekämpfung - 23.03.2011 (5)
  5. system neu aufsetzen nach portwexexe
    Plagegeister aller Art und deren Bekämpfung - 28.01.2011 (1)
  6. flacor.dat erwischt - System neu aufsetzen
    Log-Analyse und Auswertung - 17.08.2010 (3)
  7. System neu aufsetzen - Frage !
    Diskussionsforum - 31.07.2010 (2)
  8. System neu aufsetzen
    Alles rund um Windows - 18.07.2009 (4)
  9. System neu aufsetzen, aber wie richtig?
    Plagegeister aller Art und deren Bekämpfung - 04.06.2009 (4)
  10. System neu aufsetzen oder säubern?
    Mülltonne - 05.11.2008 (0)
  11. zu faul zum system aufsetzen..
    Mülltonne - 10.10.2008 (0)
  12. Tip zum System Aufsetzen Restore
    Alles rund um Windows - 06.11.2007 (0)
  13. Muss ich das System neu aufsetzen?
    Log-Analyse und Auswertung - 16.10.2007 (1)
  14. System neu aufsetzen, wichtige Frage!
    Plagegeister aller Art und deren Bekämpfung - 17.04.2006 (4)
  15. System neu aufsetzen
    Log-Analyse und Auswertung - 14.04.2006 (1)
  16. System neu aufsetzen
    Plagegeister aller Art und deren Bekämpfung - 28.12.2005 (7)
  17. System neu aufsetzen für Laien machbar?
    Log-Analyse und Auswertung - 20.02.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Avast meldet Trj *System neu aufsetzen? - Hallo liebe Trj.Board- Community, ich habe bereits die Suchfunktion genutzt und wurde "nicht" fündig, deshalb habe ich den Thread erstellt, damit mir vielleicht jemand dabei behilflich ist, ob mein System - Avast meldet Trj *System neu aufsetzen?...
Archiv
Du betrachtest: Avast meldet Trj *System neu aufsetzen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131