| |
| |||||||
Log-Analyse und Auswertung: Polizei Trojaner(Österreich) Log auswertungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
| |
13.11.2012, 18:54
| #1 |
| |  Polizei Trojaner(Österreich) Log auswertung Hallo erstmal ! Will gleich zur Sache kommen, habe wie im Titel schon angegeben einen Trojaner und hoffe mit eurer Hilfe das nervende Pferd los zu werden! Bitte um weitere Instruktionen !?  Hier die OTL Log: Code:
ATTFilter OTL logfile created on: 13.11.2012 18:21:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Exodus\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,57% Memory free 4,24 Gb Paging File | 3,22 Gb Available in Paging File | 75,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 110,16 Gb Total Space | 58,21 Gb Free Space | 52,84% Space Free | Partition Type: NTFS Drive D: | 216,40 Gb Total Space | 81,02 Gb Free Space | 37,44% Space Free | Partition Type: NTFS Drive L: | 5,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: EXODUS-PC | User Name: Exodus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Exodus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\JDownloader\jre\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Norton AntiVirus\Engine\19.9.0.9\ccsvchst.exe (Symantec Corporation) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe () SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Desura Install Service) -- C:\Programme\Common Files\Desura\desura_service.exe (Desura Pty Ltd) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20121005.002\BHDrvx86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121029.002\NAVEX15.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys () DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121029.002\NAVENG.SYS (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20121027.002\IDSvix86.sys (Symantec Corporation) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (SRTSP) -- C:\Windows\System32\drivers\NAV\1309000.009\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\NAV\1309000.009\srtspx.sys (Symantec Corporation) DRV - (ccSet_NAV) -- C:\Windows\System32\drivers\NAV\1309000.009\ccsetx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\NAV\1309000.009\symefa.sys (Symantec Corporation) DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NAV\1309000.009\symtdiv.sys (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\System32\drivers\NAV\1309000.009\ironx86.sys (Symantec Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\NAV\1309000.009\symds.sys (Symantec Corporation) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D B1 68 3E BC C1 CD 01 [binary data] IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={E8AEDDE5-5128-4F3E-8D4F-52B1CB04808E}&mid=d9ceb2f73dc847d0aef2d168c3e36fef-06ce4fc639803a2e3563922518183d8e94088cb9&lang=de&ds=AVG&pr=pr&d=2012-10-01 13:21:05&v=12.2.5.34&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher@ea.com:5.0.145.0 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\BYOND: C:\Program Files\BYOND\bin\npbyond.dll (BYOND) FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll (OnLive) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Exodus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Exodus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2012.11.12 00:05:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.30 01:53:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.30 01:53:30 | 000,000,000 | ---D | M] [2012.07.27 19:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Exodus\AppData\Roaming\mozilla\Extensions [2012.10.23 16:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Exodus\AppData\Roaming\mozilla\Firefox\Profiles\qmfgr1kj.default\extensions [2012.08.19 20:06:39 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Exodus\AppData\Roaming\mozilla\Firefox\Profiles\qmfgr1kj.default\extensions\battlefieldheroespatcher@ea.com [2012.10.30 01:53:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.30 01:53:28 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2012.10.30 01:53:37 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.16 01:03:52 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\mozilla firefox\plugins\npbyond.dll [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.10.01 12:21:00 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.09.04 21:46:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.26 20:10:26 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Exodus\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Exodus\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Exodus\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Exodus\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbyond.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\Exodus\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] FwebProt.exe File not found O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] FwebProt.exe File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2028157852-3969067451-341249778-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2028157852-3969067451-341249778-1000..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-2028157852-3969067451-341249778-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2028157852-3969067451-341249778-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Exodus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{369B177D-2325-4961-8CCF-0552EA4B77F7}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Exodus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Exodus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.10.10 13:01:08 | 000,000,051 | R--- | M] () - L:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.13 18:20:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Exodus\Desktop\OTL.exe [2012.11.13 17:30:46 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.11.12 00:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.11 22:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.11.11 22:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2012.11.11 22:20:20 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.11.09 22:45:30 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Roaming\BitTorrent [2012.11.07 23:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Skype [2012.11.01 17:50:48 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Local\Arktos [2012.11.01 17:50:46 | 000,000,000 | ---D | C] -- C:\Users\Exodus\Documents\Arktos [2012.11.01 17:50:45 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Local\CrashRpt [2012.10.30 18:15:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2012.10.30 18:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z [2012.10.30 01:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.27 18:41:19 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Roaming\uTorrent [2012.10.21 01:41:57 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Roaming\DwarfsF2P [2012.10.21 01:41:55 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Roaming\Dwarfs ========== Files - Modified Within 30 Days ========== [2012.11.13 18:20:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Exodus\Desktop\OTL.exe [2012.11.13 18:12:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.13 17:57:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2028157852-3969067451-341249778-1000UA.job [2012.11.13 17:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.13 17:31:10 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.13 17:30:48 | 000,000,774 | ---- | M] () -- C:\Users\Exodus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.11.13 17:30:46 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.11.13 17:23:52 | 000,002,337 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2012.11.13 17:23:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.13 17:23:45 | 000,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.13 17:23:45 | 000,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.13 17:23:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.13 17:23:39 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys [2012.11.12 22:54:37 | 000,051,712 | ---- | M] () -- C:\Users\Exodus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.12 13:57:03 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2028157852-3969067451-341249778-1000Core.job [2012.11.12 00:28:29 | 001,642,787 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1309000.009\Cat.DB [2012.11.11 22:11:13 | 000,000,680 | ---- | M] () -- C:\Users\Exodus\AppData\Local\d3d9caps.dat [2012.11.11 14:37:17 | 005,946,014 | ---- | M] () -- C:\Users\Exodus\Documents\Imagine Dragons, Radioactive HD.mp3 [2012.11.09 19:23:07 | 094,721,516 | ---- | M] () -- C:\Users\Exodus\Documents\[HQ] Hans Zimmer - Inception Soundtrack - OST (complete).mp3 [2012.11.06 19:21:28 | 007,605,312 | ---- | M] () -- C:\Users\Exodus\Documents\Borderlands 2 Intro Song - Soundtrack (The Heavy - Short Change Hero).mp3 [2012.11.06 19:18:13 | 005,683,669 | ---- | M] () -- C:\Users\Exodus\Documents\The Borderlands Theme Song- Aint No Rest For the Wicked.mp3 [2012.10.28 00:51:11 | 000,000,104 | ---- | M] () -- C:\Users\Exodus\Documents\Papierkorb - Verknüpfung.lnk [2012.10.26 17:26:57 | 186,464,390 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.16 11:29:46 | 000,010,074 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1309000.009\VT20121008.022 ========== Files Created - No Company Name ========== [2012.11.13 17:30:48 | 000,000,774 | ---- | C] () -- C:\Users\Exodus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.11.12 00:08:54 | 2146,689,024 | -HS- | C] () -- C:\hiberfil.sys [2012.11.11 22:00:45 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.11 14:37:00 | 005,946,014 | ---- | C] () -- C:\Users\Exodus\Documents\Imagine Dragons, Radioactive HD.mp3 [2012.11.09 19:18:14 | 094,721,516 | ---- | C] () -- C:\Users\Exodus\Documents\[HQ] Hans Zimmer - Inception Soundtrack - OST (complete).mp3 [2012.11.06 19:21:15 | 007,605,312 | ---- | C] () -- C:\Users\Exodus\Documents\Borderlands 2 Intro Song - Soundtrack (The Heavy - Short Change Hero).mp3 [2012.11.06 19:18:05 | 005,683,669 | ---- | C] () -- C:\Users\Exodus\Documents\The Borderlands Theme Song- Aint No Rest For the Wicked.mp3 [2012.10.28 00:51:11 | 000,000,104 | ---- | C] () -- C:\Users\Exodus\Documents\Papierkorb - Verknüpfung.lnk [2012.10.13 17:29:01 | 000,086,704 | ---- | C] () -- C:\Users\Exodus\tumblr_m1nwebxpUq1r5u0t3.png [2012.10.07 09:53:09 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2012.10.03 18:50:27 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2012.10.03 13:04:28 | 000,071,372 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012.09.03 19:44:33 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe [2012.09.03 19:44:10 | 000,216,158 | ---- | C] () -- C:\Users\Exodus\AppData\Local\census.cache [2012.09.03 19:43:54 | 000,149,652 | ---- | C] () -- C:\Users\Exodus\AppData\Local\ars.cache [2012.09.03 19:34:52 | 000,000,036 | ---- | C] () -- C:\Users\Exodus\AppData\Local\housecall.guid.cache [2012.08.30 08:20:09 | 000,000,000 | -H-- | C] () -- C:\Users\Exodus\AppData\Roaming\windrv32.sys [2012.08.25 10:38:54 | 000,000,000 | -H-- | C] () -- C:\Users\Exodus\AppData\Roaming\winbros.sys [2012.08.24 12:13:02 | 000,000,000 | -H-- | C] () -- C:\Users\Exodus\AppData\Roaming\ztddttud.sys [2012.08.21 11:38:45 | 000,000,000 | -H-- | C] () -- C:\Users\Exodus\AppData\Roaming\winbras.sys [2012.08.20 02:28:25 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.08.20 02:28:25 | 000,138,056 | ---- | C] () -- C:\Users\Exodus\AppData\Roaming\PnkBstrK.sys [2012.08.20 02:28:07 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012.08.20 02:28:02 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012.08.06 12:07:09 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012.07.28 23:11:47 | 000,051,712 | ---- | C] () -- C:\Users\Exodus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.28 15:04:28 | 003,495,784 | ---- | C] () -- C:\Windows\System32\d3dx9_33.dll [2012.07.28 12:19:16 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012.07.27 19:49:44 | 000,000,680 | ---- | C] () -- C:\Users\Exodus\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2011.11.18 21:23:34 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\@ [2012.10.01 14:11:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\L [2012.10.01 15:29:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\U [2012.10.01 15:06:33 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\L\00000004.@ [2012.10.01 12:42:26 | 000,002,048 | -HS- | M] () -- C:\Users\Exodus\AppData\Local\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\@ [2011.11.18 21:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Exodus\AppData\Local\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\L [2011.11.18 21:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Exodus\AppData\Local\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\U [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "ThreadingModel" = Apartment "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 14:18:30 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll\system32\wbem\wbemess.dll "ThreadingModel" = Apartment ========== LOP Check ========== [2012.10.06 13:13:25 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\.minecraft [2012.09.19 23:30:09 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Audacity [2012.07.30 00:52:30 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\avidemux [2012.08.06 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Awesomium [2012.07.27 20:02:04 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Babylon [2012.11.11 22:48:42 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\BitTorrent [2012.11.11 22:48:43 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\DAEMON Tools Pro [2012.08.02 18:59:51 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\DVDVideoSoft [2012.11.03 15:30:35 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Dwarfs [2012.10.21 16:08:58 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\DwarfsF2P [2012.10.01 15:20:51 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\FixZeroAccess [2012.09.02 23:44:28 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\FRITZ! [2012.08.22 01:50:09 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Gyazo [2012.09.24 12:35:09 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\LS [2012.09.04 16:22:36 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Mount&Blade Warband [2012.10.02 17:04:17 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\OnLive App [2012.08.23 19:42:18 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\RotMG.Production [2012.08.04 11:24:28 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\TEdit [2012.08.20 18:45:11 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Unity [2012.11.12 19:31:58 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.11.2012 18:21:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Exodus\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,57% Memory free
4,24 Gb Paging File | 3,22 Gb Available in Paging File | 75,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110,16 Gb Total Space | 58,21 Gb Free Space | 52,84% Space Free | Partition Type: NTFS
Drive D: | 216,40 Gb Total Space | 81,02 Gb Free Space | 37,44% Space Free | Partition Type: NTFS
Drive L: | 5,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: EXODUS-PC | User Name: Exodus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Exodus\M-10-7960-8588-3464\winsvc.exe" = C:\Users\Exodus\M-10-7960-8588-3464\winsvc.exe:*:Enabled:Microsoft Windows Service
"C:\Users\Exodus\M-50-8964-7854-4678\winmgr.exe" = C:\Users\Exodus\M-50-8964-7854-4678\winmgr.exe:*:Enabled:Microsoft Windows Manager
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05A6B1CD-AA10-46A0-8D5C-6AD2A9EEFC8B}" = Nero Burning ROM 11
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{77D5EF75-EB85-4C19-879B-D997E80FF40E}" = UPC Konfigurator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.2.0.9
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB87D276-2F4A-453A-A2D8-D597927C59A0}" = Tabellenbuch Metall digital 6.0
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D62576C2-C084-4698-974A-5BE77714FDDD}" = System Requirements Lab Test
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BYOND" = BYOND
"DAEMON Tools Pro" = DAEMON Tools Pro
"Desura" = Desura
"Desura_18829136625680" = Desura: Black Mesa
"Desura_40965398069264" = Desura: Half-Life 2: Wars
"Deus Ex" = Deus Ex
"Fraps" = Fraps (remove only)
"HDTP" = Deus Ex - HDTP
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"NAV" = Norton AntiVirus
"NCLauncher_GameForge" = NC Launcher (GameForge)
"OnLive" = OnLive
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Rechenbuch Metall_is1" = Bilder-CD für Rechenbuch Metall, 30. Aufl - Einzellizenz
"Steam App 105600" = Terraria
"Steam App 17700" = Insurgency
"Steam App 17740" = Empires
"Steam App 200210" = Realm of the Mad God
"Steam App 212800" = Super Crate Box
"Steam App 213650" = Dwarfs F2P
"Steam App 214850" = GameMaker: Studio
"Steam App 218" = Source SDK Base 2007
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 31270" = Puzzle Agent
"Steam App 4000" = Garry's Mod
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 6100" = Eets
"Steam App 630" = Alien Swarm
"Steam App 70" = Half-Life
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 99900" = Spiral Knights
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Walking Dead Episode 3 (c) TellTale Games_is1" = The Walking Dead Episode 3 (c) TellTale Games version 1
"The Walking Dead Episode 4 (c) Telltale Games_is1" = The Walking Dead Episode 4 (c) Telltale Games version 1
"UPC Konfigurator" = UPC Konfigurator
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2028157852-3969067451-341249778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.11.2012 19:12:16 | Computer Name = Exodus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
Error - 12.11.2012 08:57:36 | Computer Name = Exodus-PC | Source = WinMgmt | ID = 28
Description =
Error - 12.11.2012 08:59:09 | Computer Name = Exodus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
Error - 12.11.2012 13:21:04 | Computer Name = Exodus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Steam.exe, Version 1.0.1446.623, Zeitstempel
0x5004ae1a, fehlerhaftes Modul steamclient.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x509d88e5, Ausnahmecode 0xc0000005, Fehleroffset 0x38128865, Prozess-ID 0x22c0,
Anwendungsstartzeit 01cdc0f40a07445d.
Error - 12.11.2012 13:21:08 | Computer Name = Exodus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Steam.exe, Version 1.0.1446.623, Zeitstempel
0x5004ae1a, fehlerhaftes Modul steamservice.dll, Version 1.57.74.6, Zeitstempel
0x509d888a, Ausnahmecode 0xc0000005, Fehleroffset 0x000072d6, Prozess-ID 0x22c0,
Anwendungsstartzeit 01cdc0f40a07445d.
Error - 12.11.2012 14:12:02 | Computer Name = Exodus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_RpcSs, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024, Zeitstempel
0x49f05bcc, Ausnahmecode 0xc0000005, Fehleroffset 0x000132f3, Prozess-ID 0x3b4, Anwendungsstartzeit
01cdc0d5180d4ef9.
Error - 12.11.2012 14:14:47 | Computer Name = Exodus-PC | Source = WinMgmt | ID = 28
Description =
Error - 12.11.2012 14:16:47 | Computer Name = Exodus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
Error - 13.11.2012 12:24:09 | Computer Name = Exodus-PC | Source = WinMgmt | ID = 28
Description =
Error - 13.11.2012 12:26:06 | Computer Name = Exodus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
[ System Events ]
Error - 11.11.2012 18:54:49 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:00:07 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:05:44 | Computer Name = Exodus-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 11.11.2012 19:07:05 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:07:15 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:07:17 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:07:21 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:07:22 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 12.11.2012 11:54:29 | Computer Name = Exodus-PC | Source = bowser | ID = 8003
Description =
Error - 12.11.2012 14:12:22 | Computer Name = Exodus-PC | Source = WinHttpAutoProxySvc | ID = 12506
Description = Der WinHTTP-Web Proxy Auto-Discovery-Dienst ist auf einen Systemfehler
von RpcEpRegisterW() gestoßen: (Fehlercode = 1752) Der Serverendpunkt kann den
Vorgang nicht ausführen.
< End of report >
|
| Themen zu Polizei Trojaner(Österreich) Log auswertung |
| antivirus, autorun, avg secure search, bho, black, bonjour, clipgrab, dsl, error, firefox, flash player, google, helper, home, install.exe, jdownloader, logfile, mozilla, plug-in, realtek, registry, rundll, scan, secure search, security, software, soundtrack, super, svchost.exe, symantec, teamspeak, trojaner, vista |
Baum-Darstellung