Bundestrojaner eingefangen - Log beigefügt

Noobie85 · 12.01.2013, 15:25

Grüße,

also ich habe mir vor Kurzem auch den Bundestrojaner eingefangen und vorab schon einmal OTL durchlaufen lassen. Die beiden Logs füge ich direkt bei

cosinus · 12.01.2013, 17:21

Hallo und

Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?

Logfiles im Anhang erschweren die Auswertung massivst

Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.

Zitat:

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.

Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].

Setze den Curser zwischen die CODE-Tags und drücke STRG+V.

Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Noobie85 · 12.01.2013, 17:25

Oh, tut mir in diesem Falle natürlich Leid. Ich habe vor einigen Monaten schon einmal einen Log gepostet und nach Hilfe gesucht (jedoch im Auftrag eines Freundes), wo ich die Logs an den Post hängen sollte. Wird sofort geändert

Code:

ATTFilter

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\colortbl ;\red0\green0\blue255;}
{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\f0\fs20OTL Logfile:

	Code: 

 ATTFilter

  
	OTL logfile created on: 1/12/2013 2:13:42 PM - Run \par
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\\Programs\\OTLPE\par
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System\par
Internet Explorer (Version = 9.0.8112.16421)\par
Locale: 00000C07 | Country: \'d6sterreich | Language: DEA | Date Format: dd.MM.yyyy\par
 \par
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free\par
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free\par
Paging file location(s): ?:\\pagefile.sys [binary data]\par
 \par
%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files\par
Drive C: | 142.54 Gb Total Space | 67.93 Gb Free Space | 47.66% Space Free | Partition Type: NTFS\par
Drive D: | 142.54 Gb Total Space | 141.93 Gb Free Space | 99.57% Space Free | Partition Type: NTFS\par
Drive E: | 1.88 Gb Total Space | 1.63 Gb Free Space | 86.58% Space Free | Partition Type: FAT32\par
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS\par
 \par
Computer Name: REATOGO | User Name: SYSTEM\par
Boot Mode: Normal | Scan Mode: All users\par
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days\par
Using ControlSet: ControlSet001\par
 \par
========== Win32 Services (SafeList) ==========\par
 \par
SRV - (SkypeUpdate) -- C:\\Program Files\\Skype\\Updater\\Updater.exe (Skype Technologies)\par
SRV - (NisSrv) -- C:\\Program Files\\Microsoft Security Client\\NisSrv.exe (Microsoft Corporation)\par
SRV - (MsMpSvc) -- C:\\Program Files\\Microsoft Security Client\\MsMpEng.exe (Microsoft Corporation)\par
SRV - (MBAMService) -- C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamservice.exe (Malwarebytes Corporation)\par
SRV - (IAANTMON) Intel(R) -- C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\IAANTmon.exe (Intel Corporation)\par
SRV - (ETService) -- C:\\Program Files\\Acer\\Empowering Technology\\Service\\ETService.exe ()\par
SRV - (AgereModemAudio) -- C:\\Windows\\System32\\agrsmsvc.exe (Agere Systems)\par
SRV - (eDataSecurity Service) -- C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSService.exe (Egis Incorporated)\par
SRV - (WinDefend) -- C:\\Program Files\\Windows Defender\\MpSvc.dll (Microsoft Corporation)\par
SRV - (CLHNService) -- C:\\Program Files\\Acer Arcade Deluxe\\HomeMedia\\Kernel\\DMP\\CLHNService.exe ()\par
SRV - (MobilityService) -- C:\\Acer\\Mobility Center\\MobilityService.exe ()\par
 \par
 \par
========== Driver Services (SafeList) ==========\par
 \par
DRV - (NwlnkFwd) --  File not found\par
DRV - (NwlnkFlt) --  File not found\par
DRV - (IpInIp) --  File not found\par
DRV - (hwusbdev) --  File not found\par
DRV - (hwdatacard) --  File not found\par
DRV - (NisDrv) -- C:\\Windows\\System32\\drivers\\NisDrvWFP.sys (Microsoft Corporation)\par
DRV - (MBAMProtector) -- C:\\Windows\\System32\\drivers\\mbam.sys (Malwarebytes Corporation)\par
DRV - (nvlddmkm) -- C:\\Windows\\System32\\drivers\\nvlddmkm.sys (NVIDIA Corporation)\par
DRV - (athr) -- C:\\Windows\\System32\\drivers\\athr.sys (Atheros Communications, Inc.)\par
DRV - (\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796\}) -- C:\\Program Files\\Acer Arcade Deluxe\\PlayMovie\\000.fcl (Cyberlink Corp.)\par
DRV - (NETw5v32) Intel(R) -- C:\\Windows\\System32\\drivers\\NETw5v32.sys (Intel Corporation)\par
DRV - (JMCR) -- C:\\Windows\\System32\\drivers\\jmcr.sys (JMicron Technology Corp.)\par
DRV - (int15) -- C:\\Windows\\System32\\drivers\\int15.sys (Acer, Inc.)\par
DRV - (AgereSoftModem) -- C:\\Windows\\System32\\drivers\\AGRSM.sys (Agere Systems)\par
DRV - (NTIPPKernel) -- C:\\Program Files\\Acer Arcade Deluxe\\HomeMedia\\Kernel\\DMP\\NTIPPKernel.sys (Cyberlink Corp.)\par
DRV - (winbondcir) -- C:\\Windows\\System32\\drivers\\winbondcir.sys (Winbond Electronics Corporation)\par
 \par
 \par
========== Standard Registry (SafeList) ==========\par
 \par
 \par
========== Internet Explorer ==========\par
 \par
IE - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = {\field{\*\fldinst{HYPERLINK "hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0309&m=aspire_7730zg"}}{\fldrslt{\ul\cf1 hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0309&m=aspire_7730zg}}}\f0\fs20\par
IE - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = {\field{\*\fldinst{HYPERLINK "hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0309&m=aspire_7730zg"}}{\fldrslt{\ul\cf1 hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0309&m=aspire_7730zg}}}\f0\fs20\par
 \par
 \par
IE - HKU\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: "ProxyEnable" = 0\par
 \par
IE - HKU\\********_ON_C\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = {\field{\*\fldinst{HYPERLINK "hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0309&m=aspire_7730zg"}}{\fldrslt{\ul\cf1 hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0309&m=aspire_7730zg}}}\f0\fs20\par
IE - HKU\\*******_ON_C\\Software\\Microsoft\\Internet Explorer\\Main,Default_Secondary_Page_URL = {\field{\*\fldinst{HYPERLINK "hxxp://global.acer.com"}}{\fldrslt{\ul\cf1 hxxp://global.acer.com}}}\f0\fs20  [binary data]\par
IE - HKU\\*******_ON_C\\Software\\Microsoft\\Internet Explorer\\Main,SearchDefaultBranded = 1\par
IE - HKU\\*******_ON_C\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = {\field{\*\fldinst{HYPERLINK "hxxp://www.google.at/"}}{\fldrslt{\ul\cf1 hxxp://www.google.at/}}}\f0\fs20\par
IE - HKU\\*******_ON_C\\Software\\Microsoft\\Internet Explorer\\Main,StartPageCache = 1\par
IE - HKU\\*******_ON_C\\..\\URLSearchHook: \{D3D233D5-9F6D-436C-B6C7-E63F77503B30\} - Reg Error: Key error. File not found\par
IE - HKU\\*******_ON_C\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: "ProxyEnable" = 0\par
 \par
 \par
 \par
 \par
========== FireFox ==========\par
 \par
 \par
FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\System32\\Macromed\\Flash\\NPSWF32.dll ()\par
FF - HKLM\\Software\\MozillaPlugins\\@Google.com/GoogleEarthPlugin: C:\\Program Files\\Google\\Google Earth\\plugin\\npgeplugin.dll (Google)\par
FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=1.6.0_32: C:\\Windows\\System32\\npdeployJava1.dll (Sun Microsystems, Inc.)\par
FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin: C:\\Program Files\\Java\\jre6\\bin\\plugin2\\npjp2.dll (Sun Microsystems, Inc.)\par
FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\npctrl.dll ( Microsoft Corporation)\par
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=14.0.8081.0709: C:\\Program Files\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)\par
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WPF,version=3.5: C:\\Windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll (Microsoft Corporation)\par
FF - HKLM\\Software\\MozillaPlugins\\@real.com/nppl3260;version=15.0.4.53: C:\\Program Files\\Real\\RealPlayer\\Netscape6\\nppl3260.dll (RealNetworks, Inc.)\par
FF - HKLM\\Software\\MozillaPlugins\\@real.com/nprjplug;version=15.0.4.53: C:\\Program Files\\Real\\RealPlayer\\Netscape6\\nprjplug.dll (RealNetworks, Inc.)\par
FF - HKLM\\Software\\MozillaPlugins\\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\\ProgramData\\Real\\RealPlayer\\BrowserRecordPlugin\\MozillaPlugins\\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)\par
FF - HKLM\\Software\\MozillaPlugins\\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\\ProgramData\\Real\\RealPlayer\\BrowserRecordPlugin\\MozillaPlugins\\nprphtml5videoshim.dll (RealNetworks, Inc.)\par
FF - HKLM\\Software\\MozillaPlugins\\@real.com/nprpplugin;version=15.0.4.53: C:\\Program Files\\Real\\RealPlayer\\Netscape6\\nprpplugin.dll (RealPlayer)\par
FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Program Files\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll (Google Inc.)\par
FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Program Files\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll (Google Inc.)\par
 \par
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4\}: C:\\ProgramData\\Real\\RealPlayer\\BrowserRecordPlugin\\Firefox\\Ext [2013/01/10 06:46:41 | 000,000,000 | ---D | M]\par
 \par
[2010/11/29 10:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\*******\\AppData\\Roaming\\Mozilla\\Extensions\par
[2010/11/29 10:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\*******\\AppData\\Roaming\\Mozilla\\Extensions\\\{SbX-145655-9783706837583-stu10\}\par
[2012/04/11 11:44:51 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\*******\\AppData\\Roaming\\Mozilla\\Firefox\\extensions\par
[2012/04/11 11:44:54 | 000,000,000 | ---D | M] (MB2 Community Toolbar) -- C:\\Users\\*******\\AppData\\Roaming\\Mozilla\\Firefox\\extensions\\\{013a635f-e3aa-4371-b682-ece95ca974b0\}\par
 \par
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\\Windows\\System32\\drivers\\etc\\hosts\par
O1 - Hosts: 127.0.0.1       localhost\par
O1 - Hosts: ::1             localhost\par
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - \{3049C3E9-B461-4BC5-8870-4C09146192CA\} - C:\\ProgramData\\Real\\RealPlayer\\BrowserRecordPlugin\\IE\\rpbrowserrecordplugin.dll (RealPlayer)\par
O2 - BHO: (no name) - \{5C255C8A-E604-49b4-9D64-90988571CECB\} - No CLSID value found.\par
O2 - BHO: (Java(tm) Plug-In SSV Helper) - \{761497BB-D6F0-462C-B6EB-D4DAF1D92D43\} - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll (Sun Microsystems, Inc.)\par
O2 - BHO: (ShowBarObj Class) - \{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96\} - C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\ActiveToolBand.dll (Egis)\par
O2 - BHO: (Searchqu Toolbar) - \{99079a25-328f-4bd4-be04-00955acaa0a7\} - C:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\searchqudtx.dll ()\par
O2 - BHO: (SearchCore for Browsers) - \{9D717F81-9148-4f12-8568-69135F087DB0\} - C:\\Program Files\\SearchCore for Browsers\\SearchCore for Browsers\\BrowserConnection.dll (Bandoo Media, inc)\par
O3 - HKLM\\..\\Toolbar: (Acer eDataSecurity Management) - \{5CBE3B7C-1E47-477e-A7DD-396DB0476E29\} - C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStoolbar.dll (Egis Incorporated.)\par
O3 - HKLM\\..\\Toolbar: (Searchqu Toolbar) - \{99079a25-328f-4bd4-be04-00955acaa0a7\} - C:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\searchqudtx.dll ()\par
O3 - HKLM\\..\\Toolbar: (no name) - 10 - No CLSID value found.\par
O3 - HKU\\*******_ON_C\\..\\Toolbar\\ShellBrowser: (Acer eDataSecurity Management) - \{5CBE3B7C-1E47-477E-A7DD-396DB0476E29\} - C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStoolbar.dll (Egis Incorporated.)\par
O4 - HKLM..\\Run: [ArcadeDeluxeAgent] C:\\Program Files\\Acer Arcade Deluxe\\Acer Arcade Deluxe\\ArcadeDeluxeAgent.exe (CyberLink Corp.)\par
O4 - HKLM..\\Run: [CLMLServer] C:\\Program Files\\Acer Arcade Deluxe\\Acer Arcade Deluxe\\Kernel\\CLML\\CLMLSvc.exe (CyberLink)\par
O4 - HKLM..\\Run: [ControlCenter3] C:\\Program Files\\Brother\\ControlCenter3\\brctrcen.exe (Brother Industries, Ltd.)\par
O4 - HKLM..\\Run: [DATAMNGR] C:\\Program Files\\SearchCore for Browsers\\SearchCore for Browsers\\datamngrUI.exe (Bandoo Media, inc)\par
O4 - HKLM..\\Run: [eAudio] C:\\Program Files\\Acer\\Empowering Technology\\eAudio\\eAudio.exe (Acer Incorporated)\par
O4 - HKLM..\\Run: [eDataSecurity Loader] C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSLoader.exe (Egis Incorporated)\par
O4 - HKLM..\\Run: [ePower_DMC] C:\\Program Files\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe (Acer Inc.)\par
O4 - HKLM..\\Run: [eRecoveryService]  File not found\par
O4 - HKLM..\\Run: [IAAnotif] C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\IAAnotif.exe (Intel Corporation)\par
O4 - HKLM..\\Run: [LManager] C:\\Program Files\\Launch Manager\\QtZgAcer.EXE (Dritek System Inc.)\par
O4 - HKLM..\\Run: [Malwarebytes' Anti-Malware] C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe (Malwarebytes Corporation)\par
O4 - HKLM..\\Run: [MSC] C:\\Program Files\\Microsoft Security Client\\msseces.exe (Microsoft Corporation)\par
O4 - HKLM..\\Run: [NvCplDaemon] C:\\Windows\\System32\\NvCpl.dll (NVIDIA Corporation)\par
O4 - HKLM..\\Run: [NvMediaCenter] C:\\Windows\\System32\\NvMcTray.dll (NVIDIA Corporation)\par
O4 - HKLM..\\Run: [PlayMovie] C:\\Program Files\\Acer Arcade Deluxe\\PlayMovie\\PMVService.exe (Acer Corp.)\par
O4 - HKLM..\\Run: [PLFSetI] C:\\Windows\\PLFSetI.exe ()\par
O4 - HKLM..\\Run: [RtHDVCpl] C:\\Windows\\RtHDVCpl.exe (Realtek Semiconductor)\par
O4 - HKLM..\\Run: [TkBellExe] C:\\program files\\real\\realplayer\\Update\\realsched.exe (RealNetworks, Inc.)\par
O4 - HKLM..\\Run: [Windows Defender] C:\\Program Files\\Windows Defender\\MSASCui.exe (Microsoft Corporation)\par
O4 - HKU\\LocalService_ON_C..\\Run: [WindowsWelcomeCenter] C:\\Windows\\System32\\oobefldr.dll (Microsoft Corporation)\par
O4 - HKU\\NetworkService_ON_C..\\Run: [WindowsWelcomeCenter] C:\\Windows\\System32\\oobefldr.dll (Microsoft Corporation)\par
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoControlPanel = 0\par
O13 - gopher Prefix: missing\par
O16 - DPF: \{166B1BCA-3F9C-11CF-8075-444553540000\} {\field{\*\fldinst{HYPERLINK "hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab"}}{\fldrslt{\ul\cf1 hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab}}}\f0\fs20  (Reg Error: Key error.)\par
O16 - DPF: \{233C1507-6A77-46A4-9443-F871F945D258\} {\field{\*\fldinst{HYPERLINK "hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab"}}{\fldrslt{\ul\cf1 hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab}}}\f0\fs20  (Reg Error: Key error.)\par
O16 - DPF: \{26522409-8BBF-4C5B-A4D3-CF4B1D6F255B\} {\field{\*\fldinst{HYPERLINK "hxxp://www.umediaserver.net/bin/UMediaControl5.cab"}}{\fldrslt{\ul\cf1 hxxp://www.umediaserver.net/bin/UMediaControl5.cab}}}\f0\fs20  (UMediaPlayer Class)\par
O16 - DPF: \{8AD9C840-044E-11D1-B3E9-00805F499D93\} {\field{\*\fldinst{HYPERLINK "hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab"}}{\fldrslt{\ul\cf1 hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab}}}\f0\fs20  (Java Plug-in 1.6.0_32)\par
O16 - DPF: \{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B\} {\field{\*\fldinst{HYPERLINK "hxxp://game01.zylom.com/activex/zylomgamesplayer.cab"}}{\fldrslt{\ul\cf1 hxxp://game01.zylom.com/activex/zylomgamesplayer.cab}}}\f0\fs20  (Zylom Games Player)\par
O16 - DPF: \{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA\} {\field{\*\fldinst{HYPERLINK "hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab"}}{\fldrslt{\ul\cf1 hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab}}}\f0\fs20  (Java Plug-in 1.6.0_32)\par
O16 - DPF: \{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA\} {\field{\*\fldinst{HYPERLINK "hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab"}}{\fldrslt{\ul\cf1 hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab}}}\f0\fs20  (Java Plug-in 1.6.0_32)\par
O16 - DPF: \{E2883E8F-472F-4FB0-9522-AC9BF37916A7\} {\field{\*\fldinst{HYPERLINK "hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"}}{\fldrslt{\ul\cf1 hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab}}}\f0\fs20  (Reg Error: Key error.)\par
O16 - DPF: \{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6\} {\field{\*\fldinst{HYPERLINK "hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab"}}{\fldrslt{\ul\cf1 hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab}}}\f0\fs20  (IWinAmpActiveX Class)\par
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.2.1\par
O18 - Protocol\\Handler\\skype4com \{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D\} - C:\\Program Files\\Common Files\\Skype\\Skype4COM.dll (Skype Technologies)\par
O20 - AppInit_DLLs: (C:\\PROGRA~1\\SEARCH~1\\SEARCH~1\\datamngr.dll) - C:\\Program Files\\SearchCore for Browsers\\SearchCore for Browsers\\datamngr.dll (Bandoo Media, inc)\par
O20 - AppInit_DLLs: (C:\\PROGRA~1\\SEARCH~1\\SEARCH~1\\IEBHO.dll) - C:\\Program Files\\SearchCore for Browsers\\SearchCore for Browsers\\IEBHO.dll (Bandoo Media, inc)\par
O20 - AppInit_DLLs: (C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL) - C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktopNetwork3.dll (Google)\par
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)\par
O20 - Winlogon\\Notify\\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found\par
O24 - Desktop WallPaper: C:\\Windows\\Web\\Wallpaper\\img24.jpg\par
O24 - Desktop BackupWallPaper: C:\\Windows\\Web\\Wallpaper\\img24.jpg\par
O32 - HKLM CDRom: AutoRun - 1\par
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\\autoexec.bat -- [ NTFS ]\par
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\\AUTORUN.INF -- [ CDFS ]\par
O33 - MountPoints2\\\{3f15157c-cfc5-11e0-92a0-00238b90bbc6\}\\Shell - "" = AutoRun\par
O33 - MountPoints2\\\{3f15157c-cfc5-11e0-92a0-00238b90bbc6\}\\Shell\\AutoRun\\command - "" = F:\\AutoRun.exe\par
O33 - MountPoints2\\\{3f151589-cfc5-11e0-92a0-00238b90bbc6\}\\Shell - "" = AutoRun\par
O33 - MountPoints2\\\{3f151589-cfc5-11e0-92a0-00238b90bbc6\}\\Shell\\AutoRun\\command - "" = F:\\AutoRun.exe\par
O33 - MountPoints2\\\{d2fd78ee-d192-11e0-b526-00238b90bbc6\}\\Shell - "" = AutoRun\par
O33 - MountPoints2\\\{d2fd78ee-d192-11e0-b526-00238b90bbc6\}\\Shell\\AutoRun\\command - "" = F:\\AutoRun.exe\par
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found\par
O35 - HKLM\\..comfile [open] -- "%1" %*\par
O35 - HKLM\\..exefile [open] -- "%1" %*\par
O37 - HKLM\\...com [@ = comfile] -- "%1" %*\par
O37 - HKLM\\...exe [@ = exefile] -- "%1" %*\par
 \par
========== Files/Folders - Created Within 30 Days ==========\par
 \par
[2013/01/09 22:03:46 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\win32k.sys\par
[2013/01/09 22:02:54 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ncrypt.dll\par
[2012/12/21 21:01:44 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\\Windows\\System32\\atmfd.dll\par
[2012/12/21 21:01:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\\Windows\\System32\\atmlib.dll\par
[2012/12/14 10:16:49 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Skype\par
[2012/12/14 10:16:48 | 000,000,000 | ---D | C] -- C:\\Program Files\\Common Files\\Skype\par
[2012/12/14 10:16:38 | 000,000,000 | R--D | C] -- C:\\Program Files\\Skype\par
[2009/01/10 22:36:44 | 000,049,152 | ---- | C] ( ) -- C:\\Windows\\Interop.IWshRuntimeLibrary.dll\par
[2 C:\\Users\\*******\\AppData\\Roaming\\*.tmp files -> C:\\Users\\*******\\AppData\\Roaming\\*.tmp -> ]\par
 \par
========== Files - Modified Within 30 Days ==========\par
 \par
[2013/01/12 07:21:34 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat\par
[2013/01/12 07:21:23 | 000,000,000 | ---- | M] () -- C:\\Windows\\System32\\LogConfigTemp.xml\par
[2013/01/12 07:21:09 | 000,094,513 | ---- | M] () -- C:\\ProgramData\\nvModes.dat\par
[2013/01/12 07:21:09 | 000,094,513 | ---- | M] () -- C:\\ProgramData\\nvModes.001\par
[2013/01/12 07:21:08 | 000,003,216 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0\par
[2013/01/12 07:21:08 | 000,003,216 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0\par
[2013/01/12 07:21:02 | 000,001,094 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineCore.job\par
[2013/01/12 07:20:45 | 3215,843,328 | -HS- | M] () -- C:\\hiberfil.sys\par
[2013/01/12 07:09:18 | 000,628,742 | ---- | M] () -- C:\\Windows\\System32\\perfh007.dat\par
[2013/01/12 07:09:18 | 000,595,996 | ---- | M] () -- C:\\Windows\\System32\\perfh009.dat\par
[2013/01/12 07:09:18 | 000,126,454 | ---- | M] () -- C:\\Windows\\System32\\perfc007.dat\par
[2013/01/12 07:09:18 | 000,104,070 | ---- | M] () -- C:\\Windows\\System32\\perfc009.dat\par
[2013/01/12 06:57:01 | 000,001,098 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineUA.job\par
[2013/01/11 04:40:17 | 000,382,800 | ---- | M] () -- C:\\Windows\\System32\\FNTCACHE.DAT\par
[2013/01/03 13:09:27 | 000,000,680 | ---- | M] () -- C:\\Users\\*******\\AppData\\Local\\d3d9caps.dat\par
[2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\\Windows\\System32\\atmlib.dll\par
[2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\System32\\atmfd.dll\par
[2012/12/14 10:16:49 | 000,001,880 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Skype.lnk\par
[2012/12/14 10:16:49 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Skype\par
[2012/12/14 05:31:02 | 000,001,975 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Google Chrome.lnk\par
[2 C:\\Users\\*******\\AppData\\Roaming\\*.tmp files -> C:\\Users\\*******\\AppData\\Roaming\\*.tmp -> ]\par
 \par
========== Files Created - No Company Name ==========\par
 \par
[2012/12/14 10:16:49 | 000,001,880 | ---- | C] () -- C:\\Users\\Public\\Desktop\\Skype.lnk\par
[2012/10/02 12:35:01 | 000,106,496 | ---- | C] () -- C:\\ProgramData\\lietnoec.exe\par
[2012/10/02 12:34:58 | 000,074,128 | ---- | C] () -- C:\\ProgramData\\vbgwqcmbtspjkya\par
[2012/04/27 04:30:48 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe111.dll\par
[2012/04/26 05:26:39 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe110.dll\par
[2012/04/24 04:10:31 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe109.dll\par
[2012/04/23 04:46:54 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe108.dll\par
[2012/04/19 03:47:30 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe107.dll\par
[2012/04/18 03:26:03 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe106.dll\par
[2012/04/17 05:17:36 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe105.dll\par
[2012/04/16 04:05:54 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe104.dll\par
[2012/04/13 09:51:28 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe103.dll\par
[2012/04/11 04:03:51 | 000,007,384 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe101.dll\par
[2012/04/07 07:36:17 | 000,007,384 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe097.dll\par
[2012/04/03 09:00:02 | 000,226,808 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\AcroIEHelpe095.dll\par
[2012/03/30 04:39:32 | 000,259,576 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\AcroIEHelpe094.dll\par
[2012/03/28 04:27:49 | 000,259,576 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\AcroIEHelpe093.dll\par
[2012/03/23 11:45:59 | 000,280,056 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\AcroIEHelpe091.dll\par
[2012/03/21 11:42:06 | 000,005,624 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe.dll\par
[2012/03/20 13:26:09 | 000,000,441 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\urhtps.dat\par
[2011/05/11 17:01:33 | 000,000,680 | ---- | C] () -- C:\\Users\\**************\\AppData\\Local\\d3d9caps.dat\par
[2010/06/23 11:03:39 | 000,190,976 | ---- | C] () -- C:\\Windows\\System32\\WgaLogon.dll\par
[2010/06/23 11:03:05 | 000,414,208 | ---- | C] () -- C:\\Windows\\System32\\WgaTray.exe\par
[2009/10/31 05:08:11 | 000,207,808 | RHS- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\prapproxy32.dll\par
[2009/10/12 11:34:05 | 000,000,425 | ---- | C] () -- C:\\Windows\\BRWMARK.INI\par
[2009/10/12 11:34:05 | 000,000,027 | ---- | C] () -- C:\\Windows\\BRPP2KA.INI\par
[2009/10/12 11:18:23 | 000,000,050 | ---- | C] () -- C:\\Windows\\System32\\bridf08b.dat\par
[2009/10/12 11:07:37 | 000,031,664 | ---- | C] () -- C:\\Windows\\maxlink.ini\par
[2009/09/17 05:38:26 | 000,117,248 | ---- | C] () -- C:\\Windows\\System32\\EhStorAuthn.dll\par
[2009/09/17 05:38:26 | 000,107,612 | ---- | C] () -- C:\\Windows\\System32\\StructuredQuerySchema.bin\par
[2009/08/03 09:07:42 | 000,667,136 | ---- | C] () -- C:\\Windows\\System32\\OGACheckControl.dll\par
[2009/07/30 06:18:34 | 000,000,035 | ---- | C] () -- C:\\Windows\\cdplayer.ini\par
[2009/05/08 13:46:17 | 000,000,056 | -H-- | C] () -- C:\\ProgramData\\ezsidmv.dat\par
[2009/05/06 15:16:08 | 000,000,010 | ---- | C] () -- C:\\Windows\\popcinfo.dat\par
[2009/05/06 05:26:11 | 000,040,448 | ---- | C] () -- C:\\Users\\*******\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini\par
[2009/05/06 04:14:02 | 000,000,400 | ---- | C] () -- C:\\Windows\\ODBC.INI\par
[2009/05/06 03:48:54 | 000,094,513 | ---- | C] () -- C:\\ProgramData\\nvModes.001\par
[2009/03/20 03:36:45 | 000,094,513 | ---- | C] () -- C:\\ProgramData\\nvModes.dat\par
[2009/03/20 03:17:26 | 000,626,688 | ---- | C] () -- C:\\Windows\\Image.dll\par
[2009/03/20 03:17:26 | 000,200,704 | ---- | C] () -- C:\\Windows\\PLFSetI.exe\par
[2009/03/20 03:17:26 | 000,000,036 | ---- | C] () -- C:\\Windows\\PidList.ini\par
[2009/01/10 22:35:32 | 001,060,424 | ---- | C] () -- C:\\Windows\\System32\\WdfCoInstaller01000.dll\par
[2009/01/10 16:10:31 | 000,001,024 | RH-- | C] () -- C:\\Windows\\System32\\NTIOFM4.dll\par
[2009/01/10 16:10:31 | 000,001,024 | RH-- | C] () -- C:\\Windows\\System32\\NTIBUN5.dll\par
[2009/01/10 15:51:43 | 000,204,800 | ---- | C] () -- C:\\Windows\\System32\\SysHook.dll\par
[2009/01/10 15:28:29 | 000,487,424 | ---- | C] () -- C:\\Windows\\System32\\INT15.dll\par
[2009/01/10 15:16:14 | 000,001,694 | ---- | C] () -- C:\\Windows\\RtDefLvl.ini\par
[2009/01/10 15:16:14 | 000,000,520 | ---- | C] () -- C:\\Windows\\System32\\drivers\\RTEQEX1.dat\par
[2009/01/10 15:16:14 | 000,000,520 | ---- | C] () -- C:\\Windows\\System32\\drivers\\RTEQEX0.dat\par
[2009/01/10 15:16:14 | 000,000,008 | ---- | C] () -- C:\\Windows\\System32\\drivers\\rtkhdaud.dat\par
[2009/01/10 14:23:07 | 000,018,904 | ---- | C] () -- C:\\Windows\\System32\\StructuredQuerySchemaTrivial.bin\par
[2008/01/21 02:15:58 | 000,628,742 | ---- | C] () -- C:\\Windows\\System32\\perfh007.dat\par
[2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\\Windows\\System32\\perfi007.dat\par
[2008/01/21 02:15:58 | 000,126,454 | ---- | C] () -- C:\\Windows\\System32\\perfc007.dat\par
[2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\\Windows\\System32\\perfd007.dat\par
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\\Windows\\bootstat.dat\par
[2006/11/02 07:47:37 | 000,382,800 | ---- | C] () -- C:\\Windows\\System32\\FNTCACHE.DAT\par
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\\Windows\\System32\\sysprepMCE.dll\par
[2006/11/02 05:33:01 | 000,595,996 | ---- | C] () -- C:\\Windows\\System32\\perfh009.dat\par
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\\Windows\\System32\\perfi009.dat\par
[2006/11/02 05:33:01 | 000,104,070 | ---- | C] () -- C:\\Windows\\System32\\perfc009.dat\par
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\\Windows\\System32\\perfd009.dat\par
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\\Windows\\System32\\dssec.dat\par
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\\Windows\\mib.bin\par
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\\Windows\\System32\\NOISE.DAT\par
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\\Windows\\System32\\pacerprf.ini\par
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\\Windows\\System32\\mlang.dat\par
[2001/12/26 10:12:30 | 000,065,536 | ---- | C] () -- C:\\Windows\\System32\\multiplex_vcd.dll\par
[2001/09/03 17:46:38 | 000,110,592 | ---- | C] () -- C:\\Windows\\System32\\Hmpg12.dll\par
[2001/07/30 10:33:56 | 000,118,784 | ---- | C] () -- C:\\Windows\\System32\\HMPV2_ENC.dll\par
[2001/07/23 16:04:36 | 000,118,784 | ---- | C] () -- C:\\Windows\\System32\\HMPV2_ENC_MMX.dll\par
 \par
========== LOP Check ==========\par
 \par
[2012/10/30 12:18:42 | 000,000,000 | -HSD | M] -- C:\\Users\\*******\\AppData\\Roaming\\.#\par
[2009/01/10 16:08:40 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\Acer GameZone Console\par
[2009/05/19 04:39:16 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\Big Fish Games\par
[2009/06/17 06:45:21 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\eSobi\par
[2012/05/18 01:24:29 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\Fighters\par
[2009/05/14 03:23:42 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\FloodLightGames\par
[2009/05/17 14:57:13 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\Gaijin Ent\par
[2009/05/13 07:06:12 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\iWin\par
[2012/03/20 11:20:58 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\kock\par
[2010/11/29 10:17:17 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\Manz\par
[2009/07/06 07:49:11 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\PlayFirst\par
[2009/10/12 11:24:29 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\ScanSoft\par
[2011/08/26 04:42:24 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\T-Mobile\par
[2012/04/25 13:54:55 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\UAs\par
[2012/05/18 12:55:50 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\Uniblue\par
[2012/04/11 11:42:58 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\Unreal Streaming\par
[2012/12/09 08:12:14 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\Windows Live Writer\par
[2012/05/01 03:25:05 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\xmldm\par
[2009/01/10 16:08:40 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Acer GameZone Console\par
[2009/05/06 03:45:45 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Anwendungsdaten\par
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Application Data\par
[2009/05/17 15:08:13 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Arcade Lab\par
[2011/08/12 03:18:32 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Ask\par
[2012/10/02 12:35:02 | 000,000,000 | ---D | M] -- C:\\ProgramData\\axevzfkwlhwijhi\par
[2012/05/18 12:54:22 | 000,000,000 | ---D | M] -- C:\\ProgramData\\boost_interprocess\par
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Desktop\par
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Documents\par
[2009/05/06 03:45:45 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Dokumente\par
[2009/01/10 16:18:42 | 000,000,000 | ---D | M] -- C:\\ProgramData\\eSobi\par
[2012/06/12 09:47:05 | 000,000,000 | ---D | M] -- C:\\ProgramData\\F4D55F3B000C8EF80062A990570F1C8B\par
[2009/05/06 03:45:45 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Favoriten\par
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Favorites\par
[2012/05/22 18:13:56 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Fighters\par
[2009/01/10 15:58:52 | 000,000,000 | ---D | M] -- C:\\ProgramData\\FloodLightGames\par
[2009/05/17 14:59:42 | 000,000,000 | ---D | M] -- C:\\ProgramData\\InterAction studios\par
[2009/05/13 07:10:53 | 000,000,000 | ---D | M] -- C:\\ProgramData\\JollyBear\par
[2011/05/13 15:00:09 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Last.fm\par
[2009/08/04 10:27:07 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Oberon Games\par
[2009/07/06 07:49:11 | 000,000,000 | ---D | M] -- C:\\ProgramData\\PlayFirst\par
[2009/05/19 04:51:32 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Sandlot Games\par
[2009/11/19 10:16:55 | 000,000,000 | ---D | M] -- C:\\ProgramData\\ScanSoft\par
[2009/05/13 06:09:27 | 000,000,000 | ---D | M] -- C:\\ProgramData\\SpinTop Games\par
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Start Menu\par
[2009/05/06 03:45:45 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Startmen\'fc\par
[2010/04/08 19:21:30 | 000,000,000 | ---D | M] -- C:\\ProgramData\\TEMP\par
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Templates\par
[2009/05/06 03:45:45 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Vorlagen\par
[2012/02/15 05:21:06 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Windows\par
[2012/06/12 10:23:52 | 000,000,000 | ---D | M] -- C:\\ProgramData\\WindowsSearch\par
[2009/07/06 18:03:46 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Zylom\par
[2012/05/18 12:55:51 | 000,000,000 | ---D | M] -- C:\\ProgramData\\\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46\}\par
[2013/01/12 07:21:32 | 000,032,534 | ---- | M] () -- C:\\Windows\\Tasks\\SCHEDLGU.TXT\par
 \par
========== Purity Check ==========\par
 \par
 \par
 \par
========== Alternate Data Streams ==========\par
 \par
@Alternate Data Stream - 98 bytes -> C:\\ProgramData\\TEMP:9E22BBE8\par
@Alternate Data Stream - 134 bytes -> C:\\ProgramData\\TEMP:FEBEC560\par
@Alternate Data Stream - 132 bytes -> C:\\ProgramData\\TEMP:E36F5B57\par
@Alternate Data Stream - 128 bytes -> C:\\ProgramData\\TEMP:861A898F\par
@Alternate Data Stream - 121 bytes -> C:\\ProgramData\\TEMP:193426B4\par
@Alternate Data Stream - 120 bytes -> C:\\ProgramData\\TEMP:580E04D8\par
@Alternate Data Stream - 118 bytes -> C:\\ProgramData\\TEMP:8AB6C1D7\par
@Alternate Data Stream - 117 bytes -> C:\\ProgramData\\TEMP:8173A019\par
@Alternate Data Stream - 117 bytes -> C:\\ProgramData\\TEMP:2B99FE60\par
@Alternate Data Stream - 116 bytes -> C:\\ProgramData\\TEMP:9F683177\par
@Alternate Data Stream - 114 bytes -> C:\\ProgramData\\TEMP:B623B5B8\par
@Alternate Data Stream - 113 bytes -> C:\\ProgramData\\TEMP:C95B63DA\par
@Alternate Data Stream - 113 bytes -> C:\\ProgramData\\TEMP:793F316E\par
@Alternate Data Stream - 110 bytes -> C:\\ProgramData\\TEMP:FC420CE6\par
@Alternate Data Stream - 110 bytes -> C:\\ProgramData\\TEMP:4F636E25\par
@Alternate Data Stream - 109 bytes -> C:\\ProgramData\\TEMP:4CF61E54\par
@Alternate Data Stream - 103 bytes -> C:\\ProgramData\\TEMP:4BB26BE9\par
@Alternate Data Stream - 101 bytes -> C:\\ProgramData\\TEMP:131C0EE9\par
< End of report >
         
 --- --- ---
\par
}

Code:

ATTFilter

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\f0\fs20OTL Logfile:

	Code: 

 ATTFilter

  
	OTL Extras logfile created on: 1/12/2013 2:13:42 PM - Run \par
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\\Programs\\OTLPE\par
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System\par
Internet Explorer (Version = 9.0.8112.16421)\par
Locale: 00000C07 | Country: \'d6sterreich | Language: DEA | Date Format: dd.MM.yyyy\par
 \par
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free\par
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free\par
Paging file location(s): ?:\\pagefile.sys [binary data]\par
 \par
%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files\par
Drive C: | 142.54 Gb Total Space | 67.93 Gb Free Space | 47.66% Space Free | Partition Type: NTFS\par
Drive D: | 142.54 Gb Total Space | 141.93 Gb Free Space | 99.57% Space Free | Partition Type: NTFS\par
Drive E: | 1.88 Gb Total Space | 1.63 Gb Free Space | 86.58% Space Free | Partition Type: FAT32\par
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS\par
 \par
Computer Name: REATOGO | User Name: SYSTEM\par
Boot Mode: Normal | Scan Mode: All users\par
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days\par
Using ControlSet: ControlSet001\par
 \par
========== Extra Registry (SafeList) ==========\par
 \par
 \par
========== File Associations ==========\par
 \par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]\par
.cpl [@ = cplfile] -- C:\\Windows\\System32\\control.exe (Microsoft Corporation)\par
.hlp [@ = hlpfile] -- C:\\Windows\\winhlp32.exe (Microsoft Corporation)\par
 \par
========== Shell Spawning ==========\par
 \par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]\par
batfile [open] -- "%1" %*\par
cmdfile [open] -- "%1" %*\par
comfile [open] -- "%1" %*\par
cplfile [cplopen] -- %SystemRoot%\\System32\\control.exe "%1",%* (Microsoft Corporation)\par
exefile [open] -- "%1" %*\par
helpfile [open] -- Reg Error: Key error.\par
hlpfile [open] -- %SystemRoot%\\winhlp32.exe %1 (Microsoft Corporation)\par
inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe "%1" (Microsoft Corporation)\par
piffile [open] -- "%1" %*\par
regfile [merge] -- Reg Error: Key error.\par
scrfile [config] -- "%1"\par
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l\par
scrfile [open] -- "%1" /S\par
txtfile [edit] -- Reg Error: Key error.\par
Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1\par
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)\par
Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)\par
Folder [open] -- %SystemRoot%\\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)\par
Folder [explore] -- %SystemRoot%\\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)\par
Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)\par
 \par
========== Security Center Settings ==========\par
 \par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]\par
"cval" = 0\par
 \par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]\par
 \par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]\par
"AntiVirusOverride" = 0\par
"AntiSpywareOverride" = 0\par
"FirewallOverride" = 0\par
"VistaSp1" = Reg Error: Unknown registry data type -- File not found\par
"VistaSp2" = Reg Error: Unknown registry data type -- File not found\par
 \par
========== Firewall Settings ==========\par
 \par
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile]\par
"EnableFirewall" = 1\par
"DisableNotifications" = 0\par
 \par
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile]\par
"EnableFirewall" = 1\par
"DisableNotifications" = 0\par
 \par
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile]\par
"EnableFirewall" = 1\par
"DisableNotifications" = 0\par
 \par
========== Authorized Applications List ==========\par
 \par
 \par
========== HKEY_LOCAL_MACHINE Uninstall List ==========\par
 \par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]\par
"\{052FDD78-A6EA-3187-8386-C82F4CA3A929\}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu\par
"\{10F498FF-5392-4DF3-8F73-FE172A9F3800\}" = Winbond CIR Device Drivers\par
"\{11316260-6666-467B-AC34-183FCB5D4335\}" = Acer Mobility Center Plug-In\par
"\{12EFA1A4-AC3B-443C-8143-237EDE760403\}" = NTI Backup Now Standard\par
"\{13D85C14-2B85-419F-AC41-C7F21E68B25D\}" = Acer eSettings Management\par
"\{205C6BDD-7B73-42DE-8505-9A093F35A238\}" = Windows Live-Uploadtool\par
"\{22B775E7-6C42-4FC5-8E10-9A5E3257BD94\}" = MSVCRT\par
"\{2413930C-8309-47A6-BC61-5EF27A4222BC\}" = NTI Media Maker 8\par
"\{2637C347-9DAD-11D6-9EA2-00055D0CA761\}" = Acer Arcade Deluxe\par
"\{26604C7E-A313-4D12-867F-7C6E7820BE4C\}" = JMicron JMB38X Flash Media Controller\par
"\{26A24AE4-039D-4CA4-87B4-2F83216032FF\}" = Java(TM) 6 Update 32\par
"\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB\}" = RealUpgrade 1.1\par
"\{28E82311-8616-11E1-BEB0-B8AC6F97B88E\}" = Google Earth\par
"\{2BA722D1-48D1-406E-9123-8AE5431D63EF\}" = Windows Live Fotogalerie\par
"\{2BC2781A-F7F6-452E-95EB-018A522F1B2C\}" = PaperPort Image Printer\par
"\{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327\}" = Brother MFL-Pro Suite DCP-585CW\par
"\{3C3901C5-3455-3E0A-A214-0B093A5070A6\}" = Microsoft .NET Framework 4 Client Profile\par
"\{41E654A9-26D0-4EAC-854B-0FA824FFFABB\}" = Windows Live Messenger\par
"\{4A03706F-666A-4037-7777-5F2748764D10\}" = Java Auto Updater\par
"\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3\}" = Microsoft Works\par
"\{52B97218-98CB-4B8B-9283-D213C85E1AA4\}" = Windows Live Anmelde-Assistent\par
"\{57265292-228A-41FA-9AEC-4620CBCC2739\}" = Acer eAudio Management\par
"\{58E5844B-7CE2-413D-83D1-99294BF6C74F\}" = Acer ePower Management\par
"\{5B63A470-9334-44D1-AF61-6CE2DB565AE9\}" = Orion\par
"\{5FC68772-6D56-41C6-9DF1-24E868198AE6\}" = Windows Live Call\par
"\{612C34C7-5E90-47D8-9B5C-0F717DD82726\}" = swMSM\par
"\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2\}" = Microsoft Visual C++ 2005 Redistributable\par
"\{76618402-179D-4699-A66B-D351C59436BC\}" = Windows Live Sync\par
"\{770657D0-A123-3C07-8E44-1C83EC895118\}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053\par
"\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA\}" = RealNetworks - Microsoft Visual C++ 2008 Runtime\par
"\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC\}" = Acer ScreenSaver\par
"\{7A8FF745-BBC5-482B-88E4-18D3178249A9\}" = ScanSoft PaperPort 11\par
"\{7F811A54-5A09-4579-90E1-C93498E230D9\}" = Acer eRecovery Management\par
"\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00\}" = Microsoft Silverlight\par
"\{8F1B6239-FEA0-450A-A950-B05276CE177C\}" = Acer Empowering Technology\par
"\{90120000-0012-0000-0000-0000000FF1CE\}" = Microsoft Office Standard 2007\par
"\{90120000-0012-0000-0000-0000000FF1CE\}_STANDARD_\{6E107EB7-8B55-48BF-ACCB-199F86A2CD93\}" = Microsoft Office 2007 Service Pack 3 (SP3)\par
"\{90120000-0016-0407-0000-0000000FF1CE\}" = Microsoft Office Excel MUI (German) 2007\par
"\{90120000-0016-0407-0000-0000000FF1CE\}_STANDARD_\{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2\}" = Microsoft Office 2007 Service Pack 3 (SP3)\par
"\{90120000-0018-0407-0000-0000000FF1CE\}" = Microsoft Office PowerPoint MUI (German) 2007\par
"\{90120000-0018-0407-0000-0000000FF1CE\}_STANDARD_\{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2\}" = Microsoft Office 2007 Service Pack 3 (SP3)\par
"\{90120000-001A-0407-0000-0000000FF1CE\}" = Microsoft Office Outlook MUI (German) 2007\par
"\{90120000-001A-0407-0000-0000000FF1CE\}_STANDARD_\{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2\}" = Microsoft Office 2007 Service Pack 3 (SP3)\par
"\{90120000-001B-0407-0000-0000000FF1CE\}" = Microsoft Office Word MUI (German) 2007\par
"\{90120000-001B-0407-0000-0000000FF1CE\}_STANDARD_\{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2\}" = Microsoft Office 2007 Service Pack 3 (SP3)\par
"\{90120000-001F-0407-0000-0000000FF1CE\}" = Microsoft Office Proof (German) 2007\par
"\{90120000-001F-0407-0000-0000000FF1CE\}_STANDARD_\{928D7B99-2BEA-49F9-83B8-20FA57860643\}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)\par
"\{90120000-001F-0409-0000-0000000FF1CE\}" = Microsoft Office Proof (English) 2007\par
"\{90120000-001F-0409-0000-0000000FF1CE\}_STANDARD_\{1FF96026-A04A-4C3E-B50A-BB7022654D0F\}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)\par
"\{90120000-001F-040C-0000-0000000FF1CE\}" = Microsoft Office Proof (French) 2007\par
"\{90120000-001F-040C-0000-0000000FF1CE\}_STANDARD_\{71F055E8-E2C6-4214-BB3D-BFE03561B89E\}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)\par
"\{90120000-001F-0410-0000-0000000FF1CE\}" = Microsoft Office Proof (Italian) 2007\par
"\{90120000-001F-0410-0000-0000000FF1CE\}_STANDARD_\{A23BFC95-4A73-410F-9248-4C2B48E38C49\}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)\par
"\{90120000-002C-0407-0000-0000000FF1CE\}" = Microsoft Office Proofing (German) 2007\par
"\{90120000-006E-0407-0000-0000000FF1CE\}" = Microsoft Office Shared MUI (German) 2007\par
"\{90120000-006E-0407-0000-0000000FF1CE\}_STANDARD_\{A6353E8F-5B8D-47CC-8737-DFF032ED3973\}" = Microsoft Office 2007 Service Pack 3 (SP3)\par
"\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E\}" = Intel\'ae Matrix Storage Manager\par
"\{95120000-00B9-0409-0000-0000000FF1CE\}" = Microsoft Application Error Reporting\par
"\{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD\}" = Microsoft Security Client\par
"\{A5633652-3795-4829-BB0B-644F0279E279\}" = Acer eDataSecurity Management\par
"\{A64A5576-D862-44F8-89DC-2B17FCC9B86E\}" = Broadcom Gigabit Integrated Controller\par
"\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E\}" = Acer Crystal Eye Webcam 2.0.8\par
"\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2\}" = Google Update Helper\par
"\{AC76BA86-7AD7-1031-7B44-A90000000001\}" = Adobe Reader 9 - Deutsch\par
"\{B2544A03-10D0-4E5E-BA69-0362FFC20D18\}" = OGA Notifier 2.0.0048.0\par
"\{C4D738F7-996A-4C81-B8FA-C4E26D767E41\}" = Windows Live Mail\par
"\{CB099890-1D5F-11D5-9EA9-0050BAE317E1\}" = CyberLink PowerDirector\par
"\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9\}" = Microsoft .NET Framework 3.5 SP1\par
"\{CE386A4E-D0DA-4208-8235-BCE43275C694\}" = LightScribe  1.4.142.1\par
"\{D36DD326-7280-11D8-97C8-000129760CBE\}" = PhotoNow!\par
"\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E\}" = Acer Product Registration\par
"\{E0A4805D-280A-4DD7-9E74-3A5F85E302A1\}" = Windows Live Writer\par
"\{E2DFE069-083E-4631-9B6C-43C48E991DE5\}" = Junk Mail filter update\par
"\{E662F023-ACB2-445A-B7CE-65F487AFBEF5\}" = BMD55\par
"\{EA17F4FC-FDBF-4CF8-A529-2D983132D053\}" = Skype\'99 6.0\par
"\{ED00D08A-3C5F-488D-93A0-A04F21F23956\}" = Windows Live Communications Platform\par
"\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8\}" = Microsoft SQL Server 2005 Compact Edition [ENU]\par
"\{F0E12BBA-AD66-4022-A453-A1C8A0C4D570\}" = Microsoft Choice Guard\par
"\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC\}" = Realtek High Definition Audio Driver\par
"\{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F\}" = Windows Live Essentials\par
"\{SbX-145655-9783706837583-stu10\}\}_is1" = SbX Rechnungswesen HAS 3 10-11\par
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1\par
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX\par
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin\par
"Agere Systems Soft Modem" = Agere Systems HDA Modem\par
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4\par
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7\par
"Google Chrome" = Google Chrome\par
"Google Desktop" = Google Desktop\par
"GridVista" = Acer GridVista\par
"InstallShield_\{12EFA1A4-AC3B-443C-8143-237EDE760403\}" = NTI Backup Now 5\par
"InstallShield_\{2413930C-8309-47A6-BC61-5EF27A4222BC\}" = NTI Media Maker 8\par
"InstallShield_\{2637C347-9DAD-11D6-9EA2-00055D0CA761\}" = Acer Arcade Deluxe\par
"InstallShield_\{CB099890-1D5F-11D5-9EA9-0050BAE317E1\}" = CyberLink PowerDirector\par
"LastFM_is1" = Last.fm 1.5.4.27091\par
"LManager" = Launch Manager\par
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400\par
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU\par
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1\par
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile\par
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack\par
"Microsoft Security Client" = Microsoft Security Essentials\par
"NVIDIA Drivers" = NVIDIA Drivers\par
"RealPlayer 15.0" = RealPlayer\par
"SearchCore for Browsers" = SearchCore for Browsers\par
"Searchqu 406 MediaBar" = Windows iLivid Toolbar\par
"STANDARD" = Microsoft Office Standard 2007\par
"SynTPDeinstKey" = Synaptics Pointing Device Driver\par
"TTCO_is1" = Terrorist Takedown Covert Operations\par
"Uninstall_is1" = Uninstall 1.0.0.1\par
"WinLiveSuite_Wave3" = Windows Live Essentials\par
"YTdetect" = Yahoo! Detect\par
 \par
========== HKEY_USERS Uninstall List ==========\par
 \par
[HKEY_USERS\\*******_ON_C\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]\par
 \par
< End of report >
         
 --- --- ---
\par
}

cosinus · 12.01.2013, 17:28

Ist ja auch kein Problem

Ich wollte nur wissen ob das irgendwo vllt missverständlich ausgedrückt ist in der Anleitung.

Noobie85 · 15.01.2013, 13:43

Niemand?

cosinus · 15.01.2013, 15:12

Was hast du mit den Logs angestellt?!

Code:

ATTFilter

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\f0\fs20OTL Logfile:

Was soll das dadrin??!

Zitat:

\par

Warum steht da haufenweise \par drin??!

Noobie85 · 15.01.2013, 16:53

Ich hab' da gar nichts angestellt? D:

cosinus · 16.01.2013, 10:03

Komischerweise hat aber nie jmd die Logs so gepostet!
Erstell sie neu oder poste die bereits vorhanden einfach richtig

Noobie85 · 16.01.2013, 13:32

Ich habe die beiden Logs genau so bekommen, aber ich habe das Dateiformat jetzt von .txt in .rtf geändert, womöglich wurde dies ohne mein Wissen vorgenommen.

Code:

ATTFilter

OTL logfile created on: 1/12/2013 2:13:42 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.54 Gb Total Space | 67.93 Gb Free Space | 47.66% Space Free | Partition Type: NTFS
Drive D: | 142.54 Gb Total Space | 141.93 Gb Free Space | 99.57% Space Free | Partition Type: NTFS
Drive E: | 1.88 Gb Total Space | 1.63 Gb Free Space | 86.58% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) --  File not found
DRV - (NwlnkFlt) --  File not found
DRV - (IpInIp) --  File not found
DRV - (hwusbdev) --  File not found
DRV - (hwdatacard) --  File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0309&m=aspire_7730zg
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0309&m=aspire_7730zg
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\********_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0309&m=aspire_7730zg
IE - HKU\*******_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\*******_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\*******_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\*******_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\*******_ON_C\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
IE - HKU\*******_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\System32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/01/10 06:46:41 | 000,000,000 | ---D | M]
 
[2010/11/29 10:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\Mozilla\Extensions
[2010/11/29 10:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\Mozilla\Extensions\{SbX-145655-9783706837583-stu10}
[2012/04/11 11:44:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/11 11:44:54 | 000,000,000 | ---D | M] (MB2 Community Toolbar) -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0}
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (Bandoo Media, inc)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\*******_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} hxxp://www.umediaserver.net/bin/UMediaControl5.cab (UMediaPlayer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game01.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3f15157c-cfc5-11e0-92a0-00238b90bbc6}\Shell - "" = AutoRun
O33 - MountPoints2\{3f15157c-cfc5-11e0-92a0-00238b90bbc6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3f151589-cfc5-11e0-92a0-00238b90bbc6}\Shell - "" = AutoRun
O33 - MountPoints2\{3f151589-cfc5-11e0-92a0-00238b90bbc6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d2fd78ee-d192-11e0-b526-00238b90bbc6}\Shell - "" = AutoRun
O33 - MountPoints2\{d2fd78ee-d192-11e0-b526-00238b90bbc6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/09 22:03:46 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 22:02:54 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/12/21 21:01:44 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/21 21:01:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/14 10:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/14 10:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/12/14 10:16:38 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/01/10 22:36:44 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Users\*******\AppData\Roaming\*.tmp files -> C:\Users\*******\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/12 07:21:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/12 07:21:23 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013/01/12 07:21:09 | 000,094,513 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/01/12 07:21:09 | 000,094,513 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/01/12 07:21:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/12 07:21:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/12 07:21:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/12 07:20:45 | 3215,843,328 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/12 07:09:18 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/01/12 07:09:18 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/12 07:09:18 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/01/12 07:09:18 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/12 06:57:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/11 04:40:17 | 000,382,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/03 13:09:27 | 000,000,680 | ---- | M] () -- C:\Users\*******\AppData\Local\d3d9caps.dat
[2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/14 10:16:49 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/14 10:16:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/14 05:31:02 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2 C:\Users\*******\AppData\Roaming\*.tmp files -> C:\Users\*******\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/12/14 10:16:49 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/10/02 12:35:01 | 000,106,496 | ---- | C] () -- C:\ProgramData\lietnoec.exe
[2012/10/02 12:34:58 | 000,074,128 | ---- | C] () -- C:\ProgramData\vbgwqcmbtspjkya
[2012/04/27 04:30:48 | 000,007,368 | ---- | C] () -- C:\Users\*******\AppData\Roaming\BAcroIEHelpe111.dll
[2012/04/26 05:26:39 | 000,007,368 | ---- | C] () -- C:\Users\*******\AppData\Roaming\BAcroIEHelpe110.dll
[2012/04/24 04:10:31 | 000,007,368 | ---- | C] () -- C:\Users\*******\AppData\Roaming\BAcroIEHelpe109.dll
[2012/04/23 04:46:54 | 000,007,368 | ---- | C] () -- C:\Users\*******\AppData\Roaming\BAcroIEHelpe108.dll
[2012/04/19 03:47:30 | 000,007,368 | ---- | C] () -- C:\Users\*******\AppData\Roaming\BAcroIEHelpe107.dll
[2012/04/18 03:26:03 | 000,007,368 | ---- | C] () -- C:\Users\*******\AppData\Roaming\BAcroIEHelpe106.dll
[2012/04/17 05:17:36 | 000,007,368 | ---- | C] () -- C:\Users\*******\AppData\Roaming\BAcroIEHelpe105.dll
[2012/04/16 04:05:54 | 000,007,368 | ---- | C] () -- C:\Users\*******\AppData\Roaming\BAcroIEHelpe104.dll
[2012/04/13 09:51:28 | 000,007,368 | ---- | C] () -- C:\Users\*******\AppData\Roaming\BAcroIEHelpe103.dll
[2012/04/11 04:03:51 | 000,007,384 | ---- | C] () -- C:\Users\*******\AppData\Roaming\BAcroIEHelpe101.dll
[2012/04/07 07:36:17 | 000,007,384 | ---- | C] () -- C:\Users\*******\AppData\Roaming\BAcroIEHelpe097.dll
[2012/04/03 09:00:02 | 000,226,808 | ---- | C] () -- C:\Users\*******\AppData\Roaming\AcroIEHelpe095.dll
[2012/03/30 04:39:32 | 000,259,576 | ---- | C] () -- C:\Users\*******\AppData\Roaming\AcroIEHelpe094.dll
[2012/03/28 04:27:49 | 000,259,576 | ---- | C] () -- C:\Users\*******\AppData\Roaming\AcroIEHelpe093.dll
[2012/03/23 11:45:59 | 000,280,056 | ---- | C] () -- C:\Users\*******\AppData\Roaming\AcroIEHelpe091.dll
[2012/03/21 11:42:06 | 000,005,624 | ---- | C] () -- C:\Users\*******\AppData\Roaming\BAcroIEHelpe.dll
[2012/03/20 13:26:09 | 000,000,441 | ---- | C] () -- C:\Users\*******\AppData\Roaming\urhtps.dat
[2011/05/11 17:01:33 | 000,000,680 | ---- | C] () -- C:\Users\**************\AppData\Local\d3d9caps.dat
[2010/06/23 11:03:39 | 000,190,976 | ---- | C] () -- C:\Windows\System32\WgaLogon.dll
[2010/06/23 11:03:05 | 000,414,208 | ---- | C] () -- C:\Windows\System32\WgaTray.exe
[2009/10/31 05:08:11 | 000,207,808 | RHS- | C] () -- C:\Users\*******\AppData\Roaming\prapproxy32.dll
[2009/10/12 11:34:05 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/10/12 11:34:05 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/10/12 11:18:23 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2009/10/12 11:07:37 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/09/17 05:38:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 05:38:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 09:07:42 | 000,667,136 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/30 06:18:34 | 000,000,035 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/05/08 13:46:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/06 15:16:08 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/05/06 05:26:11 | 000,040,448 | ---- | C] () -- C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/06 04:14:02 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/06 03:48:54 | 000,094,513 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/20 03:36:45 | 000,094,513 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/03/20 03:17:26 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/03/20 03:17:26 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/03/20 03:17:26 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/01/10 22:35:32 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/01/10 16:10:31 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2009/01/10 16:10:31 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2009/01/10 15:51:43 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2009/01/10 15:28:29 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/01/10 15:16:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009/01/10 15:16:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/01/10 15:16:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/01/10 15:16:14 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/01/10 14:23:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/01/21 02:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 02:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,382,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 10:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 17:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 10:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 16:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2012/10/30 12:18:42 | 000,000,000 | -HSD | M] -- C:\Users\*******\AppData\Roaming\.#
[2009/01/10 16:08:40 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Acer GameZone Console
[2009/05/19 04:39:16 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Big Fish Games
[2009/06/17 06:45:21 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\eSobi
[2012/05/18 01:24:29 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Fighters
[2009/05/14 03:23:42 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\FloodLightGames
[2009/05/17 14:57:13 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Gaijin Ent
[2009/05/13 07:06:12 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\iWin
[2012/03/20 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\kock
[2010/11/29 10:17:17 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Manz
[2009/07/06 07:49:11 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PlayFirst
[2009/10/12 11:24:29 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\ScanSoft
[2011/08/26 04:42:24 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\T-Mobile
[2012/04/25 13:54:55 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\UAs
[2012/05/18 12:55:50 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Uniblue
[2012/04/11 11:42:58 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Unreal Streaming
[2012/12/09 08:12:14 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Windows Live Writer
[2012/05/01 03:25:05 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\xmldm
[2009/01/10 16:08:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console
[2009/05/06 03:45:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/05/17 15:08:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Arcade Lab
[2011/08/12 03:18:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Ask
[2012/10/02 12:35:02 | 000,000,000 | ---D | M] -- C:\ProgramData\axevzfkwlhwijhi
[2012/05/18 12:54:22 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/05/06 03:45:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/01/10 16:18:42 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2012/06/12 09:47:05 | 000,000,000 | ---D | M] -- C:\ProgramData\F4D55F3B000C8EF80062A990570F1C8B
[2009/05/06 03:45:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/05/22 18:13:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Fighters
[2009/01/10 15:58:52 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames
[2009/05/17 14:59:42 | 000,000,000 | ---D | M] -- C:\ProgramData\InterAction studios
[2009/05/13 07:10:53 | 000,000,000 | ---D | M] -- C:\ProgramData\JollyBear
[2011/05/13 15:00:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Last.fm
[2009/08/04 10:27:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Games
[2009/07/06 07:49:11 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayFirst
[2009/05/19 04:51:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Sandlot Games
[2009/11/19 10:16:55 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft
[2009/05/13 06:09:27 | 000,000,000 | ---D | M] -- C:\ProgramData\SpinTop Games
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/05/06 03:45:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010/04/08 19:21:30 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/05/06 03:45:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/02/15 05:21:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Windows
[2012/06/12 10:23:52 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2009/07/06 18:03:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Zylom
[2012/05/18 12:55:51 | 000,000,000 | ---D | M] -- C:\ProgramData\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
[2013/01/12 07:21:32 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:131C0EE9
< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 1/12/2013 2:13:42 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.54 Gb Total Space | 67.93 Gb Free Space | 47.66% Space Free | Partition Type: NTFS
Drive D: | 142.54 Gb Total Space | 141.93 Gb Free Space | 99.57% Space Free | Partition Type: NTFS
Drive E: | 1.88 Gb Total Space | 1.63 Gb Free Space | 86.58% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-585CW
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E662F023-ACB2-445A-B7CE-65F487AFBEF5}" = BMD55
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{SbX-145655-9783706837583-stu10}}_is1" = SbX Rechnungswesen HAS 3 10-11
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LastFM_is1" = Last.fm 1.5.4.27091
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 15.0" = RealPlayer
"SearchCore for Browsers" = SearchCore for Browsers
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"STANDARD" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TTCO_is1" = Terrorist Takedown Covert Operations
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\*******_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
< End of report >

cosinus · 16.01.2013, 15:45

Sieht aus als wäre da auch ein Bankingtrojaner, sieht für mich jedenfalls so aus.

1) Machst du Onlinebanking mit der Kiste und willst es in Zukunft auch weiterhin sicher tun?
2) Kannst du das System nur mit OTLPE booten, normal booten wird der Rechner gesperrt oder geht zumindest noch der abgesicherte Modus?

Noobie85 · 16.01.2013, 16:02

1) Ja
2) Der Rechner kann auch normal gebootet werden, jedoch sind alle Daten verschlüsselt.

cosinus · 17.01.2013, 00:58

Das System ist dann ja nicht nur so hinüber, nein auch die Daten sind es.
Mal wieder wurde nicht ans Backup gedacht, richtig?

Noobie85 · 17.01.2013, 05:32

Da es nicht mein PC ist: Nein.

cosinus · 17.01.2013, 15:43

Zitat:

Zitat von Noobie85

also ich habe mir vor Kurzem auch den Bundestrojaner eingefangen und vorab schon einmal OTL durchlaufen lassen. Die beiden Logs füge ich direkt bei

Wieso schreibst du denn sowas wenn es nicht dein PC sein soll?

Hast du selbst an diesem fremden Rechner gearbeitet als der Verschlüsselungstrojaner dann auftauchte?

Wessen Daten sind da drauf, auch deine und sind die auch alle verschlüsselt?

Eine Entschlüsselung ist unwahrscheinlich bis unmöglich!

Zitat:

3. Bei Dateien wie locked-<DATEINAME>.<ENDUNG>.wxyz entschlüsseln:Übersicht der 8 Entschlüsselungs-Tools
ansonsten Daten retten / Daten wiederherstellen: Daten retten nach Verschlüsselungstrojaner

Wenn das keine einfache Verschlüsselung mit "locked-" im Dateinamen ist, sollte man sich um Datenrettung und nicht um Entschlüsselung kümmern!
Wenn Vista oder Win7 im Einsatz sind, den ShadowExplorer testen! Aber keine unnötige Zeit mit Entschlüsselungsversuchen verschwenden

Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html

Noobie85 · 17.01.2013, 18:55

Hatte es eilig und nur der Einfachheit halber geschrieben, dass es meiner sei. Es ist der Laptop eines Arbeitskollegen und nein, ich habe nicht an jenem gearbeitet, als der Trojaner kam.

Ich danke Dir für Deine Mühe

12.01.2013, 17:28	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundestrojaner eingefangen - Log beigefügt Ist ja auch kein Problem Ich wollte nur wissen ob das irgendwo vllt missverständlich ausgedrückt ist in der Anleitung. __________________ Logfiles bitte immer in CODE-Tags posten

16.01.2013, 10:03	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundestrojaner eingefangen - Log beigefügt Komischerweise hat aber nie jmd die Logs so gepostet! Erstell sie neu oder poste die bereits vorhanden einfach richtig __________________ Logfiles bitte immer in CODE-Tags posten

17.01.2013, 00:58	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundestrojaner eingefangen - Log beigefügt Das System ist dann ja nicht nur so hinüber, nein auch die Daten sind es. Mal wieder wurde nicht ans Backup gedacht, richtig? __________________ Logfiles bitte immer in CODE-Tags posten

Bundestrojaner eingefangen - Log beigefügt

Log-Analyse und Auswertung: Bundestrojaner eingefangen - Log beigefügt