BKA Trojaner Windows Vista 32 Bit

GBD1986 · 08.10.2012, 14:42

Hallo zusammen,

gestern Abend habe ich mir scheinbar den BKA Trojaner eingefangen.

Leider bin ich nicht der Experte in solchen Dingen und hoffe ihr könnt mir helfen.

Bis in den abgesicherten Modus komm ich.

Habe dort versucht mit OTL ein Log zu erstellen. Dieser Vorgang hängt sich leider bei folgenden Punkt auf:
Scannin FireFox settings....

Bitte helft mir

Danke schon mal

t'john · 08.10.2012, 14:58

Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

GBD1986 · 08.10.2012, 15:26

Danke für die schnelle antwort.

Das mit der BOOT Disk funtioniert irgenwie nicht. Brennvorgang wurde ganz normal abgeschlossen.

Beim Booten von der DISK erscheint der lade Balken "Starting Teatogo-X-PE"
Dieser läuft bis zum ende durch.
Dann fanängt jedoch Windows an zu starten, laut anzeige WinXP????
dort erscheint nun ein Bluescreen mit folgender Meldung :Technical information: STOP:0x0000007B (0xF78DA528, .....................)
er fordert mich auf chkdsk zu nutzen
Dies habe ich dann gemacht nix gefunden
Habe die CD nun schon das 2te mal gebrannt, dachte evt war die nicht ok

Noch ne Idee was ich machen kann..

t'john · 09.10.2012, 03:09

Im Bios die SATA Einstellungen von AHCI auf IDE aendern.

GBD1986 · 09.10.2012, 08:09

Danke nun funktioniert es

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10/9/2012 9:47:26 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Basic Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.04 Gb Total Space | 80.90 Gb Free Space | 59.47% Space Free | Partition Type: NTFS
Drive D: | 955.08 Mb Total Space | 874.55 Mb Free Space | 91.57% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - (Norton Internet Security) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Updatesrv) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe (BitDefender S.R.L.)
SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe (BitDefender S.R.L.)
SRV - (Update Server) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender)
SRV - (ePowerSvc) -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vhidmini) --  File not found
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) --  File not found
DRV - (NwlnkFwd) --  File not found
DRV - (NwlnkFlt) --  File not found
DRV - (moufiltr) --  File not found
DRV - (IpInIp) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Trufos) -- C:\Windows\System32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (bdselfpr) -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender LLC)
DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (BitDefender)
DRV - (avckf) -- C:\Windows\System32\drivers\avckf.sys (BitDefender)
DRV - (avc3) -- C:\Windows\System32\drivers\avc3.sys (BitDefender)
DRV - (Bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (bdfm) -- C:\Windows\System32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (Advanced Micro Devices, Inc)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vb32&d=0709&m=e625
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vb32&d=0709&m=e625
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vb32&d=0709&m=e625
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\***_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKU\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\System32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
 
 
[2012/10/08 14:02:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/15 10:05:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/11/15 10:05:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/15 16:56:26 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\Kerstin_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Kerstin_ON_C\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/08 19:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/10/08 19:06:07 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/10/08 19:06:05 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012/10/08 19:06:05 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/10/08 19:06:05 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/10/08 19:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/10/08 19:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/10/08 16:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner
[2012/10/08 16:35:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/10/08 15:21:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/10/08 15:21:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/10/08 15:21:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012/10/08 15:09:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2012/10/08 15:09:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012/10/08 15:08:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Samsung
[2012/10/08 15:07:33 | 000,000,000 | ---D | C] -- C:\Users\***\Favorites\Documents\samsung
[2012/10/08 15:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/10/08 15:01:01 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012/10/08 15:00:27 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012/10/08 15:00:27 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DIFxAPI.dll
[2012/10/08 15:00:27 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2012/10/08 14:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/10/08 14:55:41 | 081,131,360 | ---- | C] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Kerstin\Favorites\Documents\Kies_2.5.0.12094_27_11.exe
[2012/10/08 14:43:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/10/08 14:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/08 14:41:47 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/10/08 14:41:47 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/10/08 14:41:47 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/10/08 14:41:47 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/10/08 14:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/10/08 14:36:31 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/08 14:34:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012/10/08 14:34:16 | 006,722,216 | ---- | C] (Adobe Systems Inc.) -- C:\Users\Kerstin\Favorites\Documents\Shockwave_Installer_Slim.exe
[2012/10/08 14:32:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera
[2012/10/08 14:32:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera
[2012/10/08 14:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/10/08 14:24:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012/10/07 10:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\bmvzsdrrwogqksj
[2012/09/26 14:57:16 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2012/09/26 14:57:16 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
[2012/09/26 14:57:14 | 000,569,344 | ---- | C] ((c) MusicCity) -- C:\Windows\System32\muzdecode.ax
[2012/09/26 14:57:14 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.dll
[2012/09/26 14:57:14 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\Windows\System32\MSLUR71.dll
[2012/09/26 14:57:14 | 000,258,048 | ---- | C] ((c) PeeringPortal) -- C:\Windows\System32\muzoggsp.ax
[2012/09/26 14:57:14 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\Windows\System32\MSCLib.dll
[2012/09/26 14:57:14 | 000,200,704 | ---- | C] ( (c) MusicCity) -- C:\Windows\System32\muzwmts.dll
[2012/09/26 14:57:14 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.exe
[2012/09/26 14:57:14 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\Windows\System32\MSFLib.dll
[2012/09/26 14:57:14 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzaf1.dll
[2012/09/26 14:57:14 | 000,131,072 | ---- | C] ((c) MusicCity) -- C:\Windows\System32\muzmpgsp.ax
[2012/09/26 14:57:14 | 000,122,880 | ---- | C] ((c) MUSICCITY) -- C:\Windows\System32\muzeffect.ax
[2012/09/26 14:57:14 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\Windows\System32\MaDRM.dll
[2012/09/26 14:57:14 | 000,110,592 | ---- | C] ((c) MusicCity) -- C:\Windows\System32\muzmp4sp.ax
[2012/09/26 14:57:14 | 000,057,344 | ---- | C] (Marktek) -- C:\Windows\System32\MK_Lyric.dll
[2012/09/26 14:57:14 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\Windows\System32\MTXSYNCICON.dll
[2012/09/26 14:57:14 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MaJGUILib.dll
[2012/09/26 14:57:14 | 000,045,320 | ---- | C] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll
[2012/09/26 14:57:14 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MaXMLProto.dll
[2012/09/26 14:57:14 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MACXMLProto.dll
[2012/09/26 14:57:14 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\Windows\System32\MTTELECHIP.dll
[2012/09/26 14:57:14 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\Windows\System32\MASetupCleaner.exe
[2012/09/26 13:52:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012/09/26 13:52:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/09/26 13:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012/09/26 13:49:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenCandy
[2012/09/26 13:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012/09/26 13:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012/09/18 14:44:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\webkit
[2012/09/17 13:22:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\fontconfig
[2012/09/17 13:22:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\gegl-0.2
[2012/09/17 13:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/09 02:17:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/09 02:13:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/09 02:13:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/09 02:13:22 | 1877,065,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/08 19:06:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/10/08 19:06:22 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/10/08 15:38:05 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/10/08 15:38:05 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/08 15:38:05 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/10/08 15:38:05 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/08 15:34:44 | 000,000,945 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/08 15:27:03 | 000,364,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/08 15:07:02 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/10/08 15:01:24 | 000,001,799 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/10/08 15:01:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/10/08 14:56:28 | 081,131,360 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\***\Favorites\Documents\Kies_2.5.0.12094_27_11.exe
[2012/10/08 14:41:21 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/10/08 14:41:21 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/10/08 14:41:21 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/10/08 14:41:21 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/10/08 14:41:21 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/10/08 14:36:31 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/08 14:36:31 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/08 14:34:16 | 006,722,216 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\Favorites\Documents\Shockwave_Installer_Slim.exe
[2012/10/08 14:32:13 | 000,001,640 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/10/08 14:32:13 | 000,001,628 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012/10/08 14:32:13 | 000,001,616 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012/10/08 14:01:30 | 000,001,356 | ---- | M] () -- C:\Users\Kerstin\AppData\Local\d3d9caps.dat
[2012/10/08 09:01:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/07 10:48:55 | 000,076,342 | ---- | M] () -- C:\ProgramData\acjujctcqbfzntr
[2012/10/01 11:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012/09/26 14:57:22 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012/09/26 14:57:16 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2012/09/26 14:57:16 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
[2012/09/26 14:57:16 | 000,030,568 | ---- | M] () -- C:\Windows\MusiccityDownload.exe
[2012/09/26 14:57:14 | 000,974,848 | ---- | M] () -- C:\Windows\System32\cis-2.4.dll
[2012/09/26 14:57:14 | 000,569,344 | ---- | M] ((c) MusicCity) -- C:\Windows\System32\muzdecode.ax
[2012/09/26 14:57:14 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.dll
[2012/09/26 14:57:14 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\System32\MSLUR71.dll
[2012/09/26 14:57:14 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DIFxAPI.dll
[2012/09/26 14:57:14 | 000,258,048 | ---- | M] ((c) PeeringPortal) -- C:\Windows\System32\muzoggsp.ax
[2012/09/26 14:57:14 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\System32\MSCLib.dll
[2012/09/26 14:57:14 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\System32\muzwmts.dll
[2012/09/26 14:57:14 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.exe
[2012/09/26 14:57:14 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\System32\MSFLib.dll
[2012/09/26 14:57:14 | 000,143,360 | ---- | M] () -- C:\Windows\System32\3DAudio.ax
[2012/09/26 14:57:14 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzaf1.dll
[2012/09/26 14:57:14 | 000,131,072 | ---- | M] ((c) MusicCity) -- C:\Windows\System32\muzmpgsp.ax
[2012/09/26 14:57:14 | 000,122,880 | ---- | M] ((c) MUSICCITY) -- C:\Windows\System32\muzeffect.ax
[2012/09/26 14:57:14 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\System32\MaDRM.dll
[2012/09/26 14:57:14 | 000,110,592 | ---- | M] ((c) MusicCity) -- C:\Windows\System32\muzmp4sp.ax
[2012/09/26 14:57:14 | 000,081,920 | ---- | M] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/09/26 14:57:14 | 000,065,536 | ---- | M] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/09/26 14:57:14 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\System32\MK_Lyric.dll
[2012/09/26 14:57:14 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\System32\MTXSYNCICON.dll
[2012/09/26 14:57:14 | 000,057,344 | ---- | M] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/09/26 14:57:14 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MaJGUILib.dll
[2012/09/26 14:57:14 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll
[2012/09/26 14:57:14 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MaXMLProto.dll
[2012/09/26 14:57:14 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MACXMLProto.dll
[2012/09/26 14:57:14 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\System32\MTTELECHIP.dll
[2012/09/26 14:57:14 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\Windows\System32\MASetupCleaner.exe
[2012/09/26 14:57:12 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012/09/26 14:57:12 | 000,020,032 | ---- | M] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2012/09/26 13:50:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012/09/26 13:50:05 | 000,001,034 | ---- | M] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk
[2012/09/26 13:50:03 | 000,001,193 | ---- | M] () -- C:\Users\***\Desktop\Free YouTube to MP3 Converter.lnk
[2012/09/25 15:05:26 | 000,016,228 | ---- | M] () -- C:\Users\***\Desktop\lebenslaaaaaaaaaaaaauf.odt
[2012/09/25 15:02:44 | 000,006,802 | ---- | M] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2012/09/25 14:54:36 | 000,008,704 | ---- | M] () -- C:\Users\Kerstin\Desktop\aktueller lebenslauf.wps
[2012/09/24 03:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/09/18 14:37:37 | 000,001,464 | ---- | M] () -- C:\Users\Kerstin\AppData\Local\recently-used.xbel
[2012/09/17 13:21:23 | 000,000,882 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/09/13 04:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2012/10/08 19:06:22 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/10/08 16:39:55 | 1877,065,728 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/08 15:34:44 | 000,000,945 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/08 15:07:02 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/10/08 15:01:24 | 000,001,799 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/10/08 14:32:13 | 000,001,640 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/10/08 14:32:13 | 000,001,628 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012/10/08 14:32:13 | 000,001,616 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012/10/07 10:48:47 | 000,076,342 | ---- | C] () -- C:\ProgramData\acjujctcqbfzntr
[2012/09/26 14:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/09/26 14:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/09/26 14:57:14 | 000,143,360 | ---- | C] () -- C:\Windows\System32\3DAudio.ax
[2012/09/26 14:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/09/26 14:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/09/26 14:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/09/26 13:50:05 | 000,001,034 | ---- | C] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk
[2012/09/26 13:50:03 | 000,001,193 | ---- | C] () -- C:\Users\***\Desktop\Free YouTube to MP3 Converter.lnk
[2012/09/25 15:05:24 | 000,016,228 | ---- | C] () -- C:\Users\***\Desktop\lebenslaaaaaaaaaaaaauf.odt
[2012/09/18 14:37:36 | 000,001,464 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012/09/17 13:21:23 | 000,000,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/09/11 15:01:06 | 002,321,727 | ---- | C] () -- C:\Users\***\Desktop\SAM_2167.JPG
[2012/09/11 15:00:47 | 002,192,015 | ---- | C] () -- C:\Users\***\Desktop\SAM_2123.JPG
[2012/05/16 05:35:47 | 000,010,708 | ---- | C] () -- C:\Windows\System32\aiptbl.ini
[2012/05/16 05:22:35 | 000,000,105 | R--- | C] () -- C:\ProgramData\Ppster.ini
[2011/09/06 14:44:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\imwords.dat
[2011/09/06 14:44:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\im_markovian.dat
[2011/09/06 12:06:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\imblacklist.dat
[2011/09/06 11:06:27 | 000,552,172 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/08/27 05:37:06 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2011/06/21 09:05:38 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/05/04 13:39:23 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2011/02/10 21:07:00 | 000,000,038 | ---- | C] () -- C:\Windows\TETRIS.INI
[2010/08/17 11:16:15 | 000,019,456 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2010/07/08 04:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/02/12 08:03:58 | 000,000,850 | ---- | C] () -- C:\Users\***\AppData\RoamingProductTweaks.xml
[2010/02/11 08:21:54 | 000,000,385 | ---- | C] () -- C:\Users\***\AppData\Roaminguser_gensett.xml
[2010/02/06 08:04:49 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/02/06 08:04:48 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010/01/30 14:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2009/12/30 17:38:35 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2009/12/27 14:21:02 | 000,000,744 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/27 14:11:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/12/27 14:11:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/12/27 14:05:48 | 000,000,376 | ---- | C] () -- C:\Users\***\AppData\Roamingprivacy.xml
[2009/12/26 17:31:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/25 02:47:14 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2009/12/25 02:47:14 | 000,000,004 | ---- | C] () -- C:\Windows\System32\aspdict-en.dat
[2009/12/24 13:38:08 | 000,000,132 | ---- | C] () -- C:\Windows\System32\rezumatenoi.dat
[2009/12/24 10:16:35 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/24 09:14:34 | 000,006,802 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2009/07/30 05:52:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/03/03 16:43:42 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/03/03 16:43:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/03/03 16:43:42 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/03/03 09:40:19 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009/03/03 09:40:19 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/03/03 09:40:19 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/03/03 09:40:19 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/03/03 08:30:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/01/21 04:21:25 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 04:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 04:21:25 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 04:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007/10/25 12:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/01/31 08:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,364,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011/09/06 12:01:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitDefender
[2011/05/04 13:35:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Degener
[2012/09/26 13:50:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011/04/03 13:32:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/01/20 16:24:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo
[2012/09/26 13:49:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2011/11/15 10:12:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012/10/08 14:32:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011/09/06 11:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2012/10/08 15:07:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2009/12/24 09:15:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2012/09/26 13:54:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2012/05/16 06:05:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ulead Systems
[2009/12/24 09:04:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/10/04 10:04:25 | 000,000,000 | ---D | M] -- C:\ProgramData\bdch
[2011/09/06 12:05:29 | 000,000,000 | ---D | M] -- C:\ProgramData\BitDefender
[2012/10/07 10:48:56 | 000,000,000 | ---D | M] -- C:\ProgramData\bmvzsdrrwogqksj
[2012/07/15 16:56:27 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2012/09/26 13:52:05 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2011/07/17 05:55:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Degener
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/12/24 09:04:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/12/24 09:04:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/01/30 14:50:46 | 000,000,000 | ---D | M] -- C:\ProgramData\InterVideo
[2012/10/08 15:01:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/12/24 09:04:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/08/05 11:01:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Tablet
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/09/26 13:54:16 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2012/05/16 05:26:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2009/12/24 09:04:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/03/03 10:16:16 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2010/03/19 05:53:11 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/12/24 16:06:19 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/09/26 13:52:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2009/12/29 18:22:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2012/10/09 02:17:20 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

Hier die Extra

Code:

ATTFilter

OTL Extras logfile created on: 10/9/2012 9:47:26 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Basic Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.04 Gb Total Space | 80.90 Gb Free Space | 59.47% Space Free | Partition Type: NTFS
Drive D: | 955.08 Mb Total Space | 874.55 Mb Free Space | 91.57% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06A8FE5C-D836-FF51-0523-A2A625AAF6F8}" = ccc-core-static
"{08C30E6C-9E7C-19F8-923F-29881AC96968}" = Catalyst Control Center Graphics Light
"{0E24362B-2091-79D5-1BF5-B2D6ABF7FB5D}" = CCC Help English
"{1192E4DD-2A20-73BC-64B8-55A0DEB7F7DF}" = Catalyst Control Center Localization Greek
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1601F21D-245A-6CF1-E463-D531FA5E8DE3}" = Catalyst Control Center Localization Chinese Standard
"{173FF673-515B-F94A-1ED0-9710512095D5}" = Catalyst Control Center Localization Turkish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2244A1E7-C525-5D5C-064A-18BDF00E9E7D}" = Catalyst Control Center Localization Dutch
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26C85DDE-38FA-8D58-5110-19B00F46FABB}" = Catalyst Control Center Localization Thai
"{295C8DC2-953E-3C4C-BA8E-E0B12CB70587}" = ATI Catalyst Install Manager
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B463FAA-B1F6-B8DD-74FC-789F1855B26A}" = Catalyst Control Center Localization Chinese Traditional
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3246B736-3993-EAC8-4349-0B89E278B94F}" = CCC Help French
"{374A2986-A483-94E9-281A-BB6262CF51B6}" = Catalyst Control Center Localization French
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{3E7D43D6-8596-8F83-8A23-BDD2D347DC53}" = Catalyst Control Center Localization Korean
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{477461BB-6439-E292-1A63-D2E75A0C988A}" = Catalyst Control Center Localization Danish
"{480C2AF6-928F-8D8F-890B-60F423B24958}" = Catalyst Control Center Graphics Full New
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB7B60B-5BFE-E9BD-23A5-A59BEAC9CC9A}" = Catalyst Control Center Localization Norwegian
"{5285AB31-5B13-11B0-30AA-8989371C3187}" = CCC Help Czech
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616185CB-4F3F-B469-E820-F39C18812134}" = Catalyst Control Center Localization German
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6B958F51-EFCD-B548-A387-D70C91FDD743}" = Catalyst Control Center Localization Finnish
"{6C6C16FB-C009-85C4-1DE0-16A5259E82B2}" = ccc-utility
"{6D5ACB46-C2D4-A72A-9576-D890EB6601F8}" = Catalyst Control Center Localization Hungarian
"{6E434AAA-24B3-8550-5EAB-4D7BF4AC5563}" = Catalyst Control Center InstallProxy
"{6FD64B29-3743-4B9B-2A8E-09058D6D4084}" = CCC Help Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72FBCECF-1D9B-80EE-BDA9-6A1AE7BA1B67}" = Catalyst Control Center Localization Russian
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EC5E32C-AC18-E228-BBA2-D326D462129D}" = CCC Help Korean
"{7F6DCE52-E736-259E-66EE-993B037A2110}" = CCC Help Hungarian
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{83C5B0BD-FD82-BC9F-1AB1-97861D0FC285}" = CCC Help German
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{88731AD7-51B3-F878-F485-0D8FCBC55C23}" = Catalyst Control Center Localization Italian
"{8C63F89D-8F38-26FB-9B38-BCC35EBCDEB6}" = CCC Help Greek
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955B0760-04FF-90B6-FB9C-689A2DAB5E0F}" = Catalyst Control Center Localization Polish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FB7069F-53BB-CC75-ED87-2D0FC706BE3C}" = Catalyst Control Center Localization Japanese
"{A2351C4F-AB5C-7CE7-B902-A17AE3ABCD75}" = CCC Help Danish
"{A77B00B0-3D6B-85AB-D0F3-BD54C7327A22}" = CCC Help Japanese
"{AA66BC5E-2D8F-0281-848F-50BBBB9AC0EE}" = CCC Help Finnish
"{AAC6B463-EFFB-1C27-7191-BE816018D61E}" = Skins
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AD3735F6-99ED-07CE-369D-C8CFA60E1B69}" = Catalyst Control Center Localization Spanish
"{AE9A833A-4AFD-28A8-0D34-73CC4A49F7BA}" = Catalyst Control Center Localization Czech
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0B7B105-66E1-4C64-770D-6DAE8D7EBCDC}" = Catalyst Control Center Graphics Previews Vista
"{B11F6E12-2EBE-666A-1A46-B844B01E1C17}" = CCC Help Chinese Standard
"{B1E58B81-B607-65B5-6F95-7839E996C7EA}" = Catalyst Control Center Graphics Full Existing
"{B547E931-7B8D-A6FA-153D-07BAA8A2362F}" = CCC Help Chinese Traditional
"{B6CA7A3C-35FD-401F-9335-FFFD2BCD5FF3}" = BitDefender Antivirus Pro 2011
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE6BAF22-649B-F0B6-A293-95FD4BBC2AD8}" = CCC Help Spanish
"{BF1E7FE0-CBF1-95DD-7D1B-78B95E7169E5}" = CCC Help Thai
"{C0A1B7C2-8BA5-DF18-04BE-FBC7D51DA52E}" = Catalyst Control Center Localization Swedish
"{C3EB6CE4-02C1-3D6C-35BF-E680A6A2F699}" = CCC Help Dutch
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CA4EE5B1-5158-87F5-FBD8-2FAB51DBC731}" = CCC Help Italian
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCFB344A-638B-4EA6-3561-642F50E21384}" = CCC Help Portuguese
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0248296-8F9F-B422-2E81-88E9A8C5235C}" = CCC Help Russian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1CE24C9-FC4F-D497-A222-A40EA93F4FDA}" = CCC Help Turkish
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E601DDC5-7374-4BAC-5ECA-625459D910C0}" = Catalyst Control Center Core Implementation
"{EC154C5D-3295-F336-4E11-BA91705B1E8A}" = CCC Help Norwegian
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F174496B-5C47-92F1-C074-8369443D2433}" = CCC Help Polish
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FF960B70-DEF5-E739-A8FB-65E60509851B}" = Catalyst Control Center Localization Portuguese
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitDefender" = BitDefender Antivirus Pro 2011
"conduitEngine" = Conduit Engine
"eMachines Screensaver" = eMachines ScreenSaver
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"GIMP-2_is1" = GIMP 2.8.2
"iLivid" = iLivid
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Opera 12.02.1578" = Opera 12.02
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite_Wave3" = Windows Live Essentials
 
< End of report >

t'john · 09.10.2012, 22:35

Fixen mit OTLpe

Starte den unbootbaren Computer erneut mit der OTLPE-CD,
warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.

Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
Sollte das mangels Internet-Verbindung nicht möglich sein,
kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: [NPSStartup] File not found 
[2012/09/26 14:57:14 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.exe 
[2012/09/26 14:57:14 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\Windows\System32\MASetupCleaner.exe 
[2012/09/26 14:57:16 | 000,030,568 | ---- | M] () -- C:\Windows\MusiccityDownload.exe 
[2012/09/26 14:57:16 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll 
[2012/09/26 14:57:16 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx 
[2012/09/26 14:57:14 | 000,569,344 | ---- | C] ((c) MusicCity) -- C:\Windows\System32\muzdecode.ax 
[2012/09/26 14:57:14 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.dll 
[2012/09/26 14:57:14 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\Windows\System32\MSLUR71.dll 
[2012/09/26 14:57:14 | 000,258,048 | ---- | C] ((c) PeeringPortal) -- C:\Windows\System32\muzoggsp.ax 
[2012/09/26 14:57:14 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\Windows\System32\MSCLib.dll 
[2012/09/26 14:57:14 | 000,200,704 | ---- | C] ( (c) MusicCity) -- C:\Windows\System32\muzwmts.dll 
[2012/09/26 14:57:14 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\Windows\System32\MSFLib.dll 
[2012/09/26 14:57:14 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzaf1.dll 
[2012/09/26 14:57:14 | 000,131,072 | ---- | C] ((c) MusicCity) -- C:\Windows\System32\muzmpgsp.ax 
[2012/09/26 14:57:14 | 000,122,880 | ---- | C] ((c) MUSICCITY) -- C:\Windows\System32\muzeffect.ax 
[2012/09/26 14:57:14 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\Windows\System32\MaDRM.dll 
[2012/09/26 14:57:14 | 000,110,592 | ---- | C] ((c) MusicCity) -- C:\Windows\System32\muzmp4sp.ax 
[2012/09/26 14:57:14 | 000,057,344 | ---- | C] (Marktek) -- C:\Windows\System32\MK_Lyric.dll 
[2012/09/26 14:57:14 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\Windows\System32\MTXSYNCICON.dll 
[2012/09/26 14:57:14 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MaJGUILib.dll 
[2012/09/26 14:57:14 | 000,045,320 | ---- | C] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll 
[2012/09/26 14:57:14 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MaXMLProto.dll 
[2012/09/26 14:57:14 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MACXMLProto.dll 
[2012/09/26 14:57:14 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\Windows\System32\MTTELECHIP.dll 
[2012/09/26 14:57:22 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll 
[2012/09/26 14:57:14 | 000,974,848 | ---- | M] () -- C:\Windows\System32\cis-2.4.dll 
[2012/09/26 14:57:14 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DIFxAPI.dll 
[2012/09/26 14:57:14 | 000,143,360 | ---- | M] () -- C:\Windows\System32\3DAudio.ax 
[2012/09/26 14:57:14 | 000,081,920 | ---- | M] () -- C:\Windows\System32\issacapi_bs-2.3.dll 
[2012/09/26 14:57:14 | 000,065,536 | ---- | M] () -- C:\Windows\System32\issacapi_pe-2.3.dll 
[2012/09/26 14:57:14 | 000,057,344 | ---- | M] () -- C:\Windows\System32\issacapi_se-2.3.dll 
[2012/09/26 14:57:12 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll 
[2012/09/26 14:57:12 | 000,020,032 | ---- | M] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys  
[2009/12/30 17:38:35 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe 
[2012/07/15 16:56:27 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess 
:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Kerstin\*.tmp
C:\Users\Kerstin\AppData\Local\{*}
C:\Users\Kerstin\AppData\Local\Temp\*.exe
C:\Users\Kerstin\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

t'john · 25.11.2012, 07:53

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

09.10.2012, 03:09	#4
t'john /// Helfer-Team	BKA Trojaner Windows Vista 32 Bit Im Bios die SATA Einstellungen von AHCI auf IDE aendern. __________________ Mfg, t'john Das TB unterstützen

BKA Trojaner Windows Vista 32 Bit

Log-Analyse und Auswertung: BKA Trojaner Windows Vista 32 Bit