Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.Win32/Alureon.BT

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.01.2010, 21:54   #16
bedlam111
 
Trojan.Win32/Alureon.BT - Standard

Trojan.Win32/Alureon.BT



und hier die

EXTRAS.TXT

OTL Extras logfile created on: 06.01.2010 21:45:18 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\bedlam\Desktop\Virusbekämpfung
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 72,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 142,71 Gb Free Space | 61,28% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 24,60 Gb Free Space | 10,56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOM
Current User Name: bedlam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme1\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\programme1\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\programme1\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PR37B0~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme1\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme1\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme1\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\programme1\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\programme1\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PR37B0~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme1\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme1\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme1\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 12 6F 77 B2 5A BF C8 01 [binary data]
"VistaSp2" = 2D 8A 3D F4 80 33 CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme1\BitTorrent\bittorrent.exe" = C:\Programme1\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\Programme1\BitTorrent\bittorrent.exe" = C:\Programme1\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FFE2066-9206-427F-9B4B-07DD925142E9}" = lport=138 | protocol=17 | dir=in | app=system |
"{3D6D722E-0581-4C79-B890-90AD7171503D}" = lport=139 | protocol=6 | dir=in | app=system |
"{6088A66B-3C96-4ED3-BAF3-44FC805C1B0D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{62AA8F8B-1A0E-48F1-BC9F-86CDEB2600AA}" = lport=445 | protocol=6 | dir=in | app=system |
"{66077CCA-AA5D-4B15-B4B3-C783D1289AC0}" = rport=445 | protocol=6 | dir=out | app=system |
"{9DF1B6CB-CAF3-4629-9A96-D23B3F2BC590}" = rport=138 | protocol=17 | dir=out | app=system |
"{A246011E-7C8C-4747-8D36-3D4732D25DDE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A2F7C4D3-2FEE-43D3-8845-8B90810E04A2}" = rport=137 | protocol=17 | dir=out | app=system |
"{ABCD7E20-E4CD-4A55-A149-C665BB14403F}" = rport=139 | protocol=6 | dir=out | app=system |
"{DE6219D4-B24C-423B-997F-D40F896528F6}" = lport=137 | protocol=17 | dir=in | app=system |
"{F41A69BA-1D00-4B30-A50D-31D28B1D4E93}" = lport=6004 | protocol=17 | dir=in | app=c:\programme1\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05442CE2-6CC5-44A1-95C0-3001BD395928}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{0B2952FD-FA0F-4D3B-BD1B-0DBEF3871548}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{0B321BFB-D03D-4E30-BB0B-EAE437DC45DE}" = protocol=6 | dir=in | app=c:\programme1\microsoft office\office12\groove.exe |
"{0B7C24CD-644D-40F0-8685-1BFD54B5A545}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1549FA57-191E-4332-BFBD-89B0C138E0DA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{24C8F9E9-5574-480A-824B-E6F3BB282905}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{29B51075-146E-4A36-8D6B-702AC3101F77}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{3664D5D1-C848-4C4C-A25C-F10FB2523F83}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{37A99FA8-B258-497E-BDB8-D5B894381FCC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{414C2FF3-5FEF-4EA2-B59C-AF4121A54BDB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4A9AF30A-CA1F-4332-B309-854588F40499}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{4ADC1526-DC3B-44F7-8C49-808A46A13C92}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{4D9F432B-72B2-4655-AF06-DD556B7F778E}" = dir=in | app=c:\programme1\powerdvd8\powerdvd8\powerdvd8.exe |
"{5067FB17-3FE3-4CE6-A92E-AF0816027769}" = protocol=6 | dir=in | app=d:\games\frontlines-fuel of war\binaries\ffow.exe |
"{660C4D2D-E43F-4785-80BD-AD31B874FC8A}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{67F54B06-36F7-4059-8735-A00E3C9F8B0C}" = protocol=6 | dir=in | app=c:\programme1\microsoft office\office12\onenote.exe |
"{88A11D09-93B9-47C6-AFFB-E828C5B950B0}" = protocol=17 | dir=in | app=d:\games\wolfenstein\mp\wolf2mp.exe |
"{891B19EB-0197-4DA9-AABC-DD26B5C2FC8C}" = protocol=17 | dir=in | app=c:\programme1\microsoft office\office12\groove.exe |
"{8B41753A-71BC-4737-A86D-44AE14CA3296}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8F51C838-09C9-47C6-A6C9-02D2732815F1}" = protocol=17 | dir=in | app=c:\programme1\microsoft office\office12\onenote.exe |
"{9A5A5D0F-16B4-43A9-B047-D4AD5F582CDF}" = protocol=6 | dir=in | app=d:\games\wolfenstein\mp\wolf2mp.exe |
"{9C1ADC5F-61FB-4A80-8125-09489393E039}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A2D360F4-AE94-48A4-B0B1-6525228345D9}" = protocol=17 | dir=in | app=d:\games\frontlines-fuel of war\binaries\ffow.exe |
"{A74B8D76-4700-4D3C-8092-EC67A41F13AD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AB295F27-037E-4573-9CB2-D477E76D39B1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B1B4B484-C644-4F55-AA8E-57EE414CB48D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B61A9EC0-6B18-427B-875D-0724A0DF0A7F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BF6E71C9-F210-46D1-B133-EACB63871F93}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C1AB149B-E08D-4E75-B198-52FA9322F3B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE352407-7AE8-49E9-A64C-BD95D671DB83}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D3989362-0308-4AF2-8B2A-C7B3BBD63496}" = protocol=17 | dir=in | app=d:\games\wolfenstein\mp\wolf2mplite.exe |
"{DF9269C0-68E0-4D10-84EE-B6A859B6E52A}" = protocol=6 | dir=in | app=d:\games\wolfenstein\mp\wolf2mplite.exe |
"{EDE53454-C792-44E2-BE83-C4956A02DCB7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F32F2354-19C0-4022-AABB-CFEB78E12455}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F6CF4633-A0DE-4175-A31B-4566BFB21645}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{1C36892A-0745-4DF7-BF2E-4CD7EEAB9026}C:\users\bedlam\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\bedlam\program files (x86)\dna\btdna.exe |
"TCP Query User{2B650136-D11E-47C2-BED1-EC141AE07D89}D:\games\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\games\tmnationsforever\tmforever.exe |
"TCP Query User{341A452C-A640-4F6C-8768-599B296EEDFF}C:\programme1\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\programme1\bittorrent\bittorrent.exe |
"TCP Query User{3E5AC615-CFBF-48EC-811F-6DE6E15A722B}C:\programme1\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\programme1\mozilla firefox\firefox.exe |
"TCP Query User{4A42383B-8AEC-4CE3-ACC3-A4BEFC5B51D1}C:\programme1\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\programme1\mozilla firefox\firefox.exe |
"TCP Query User{4AC9C163-BC05-4677-BD16-D5A399565B7B}D:\games\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=d:\games\anno 1701\anno1701.exe |
"TCP Query User{5961EB1C-E589-43CF-AD90-A662EBA2D055}D:\games\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=6 | dir=in | app=d:\games\brothers in arms - hell's highway\binaries\biahh.exe |
"TCP Query User{7185B1C9-6DA0-4CDD-8397-263FDE6A84DC}D:\games\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=d:\games\far cry 2\bin\farcry2.exe |
"TCP Query User{73AB98E5-F074-4653-ADA0-E60BAE51EA03}C:\games\call of duty - world at war\codwaw.unpacked.exe" = protocol=6 | dir=in | app=c:\games\call of duty - world at war\codwaw.unpacked.exe |
"TCP Query User{8B8ED92E-ADB5-486C-85E7-E79C2EDB03DA}C:\programme1\mozilla firefox\plugins\alhlp.exe" = protocol=6 | dir=in | app=c:\programme1\mozilla firefox\plugins\alhlp.exe |
"TCP Query User{8C2FA9B0-F999-43D2-8646-3D729940B1CA}C:\users\bedlam\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\bedlam\program files (x86)\dna\btdna.exe |
"TCP Query User{A0940C07-A479-4295-AE4B-5404FE087C8C}C:\program files (x86)\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nero\nero web\setupx.exe |
"TCP Query User{B65695BF-8B3D-44AC-8D27-96BEFE6FAFE8}D:\games\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=6 | dir=in | app=d:\games\brothers in arms - hell's highway\binaries\biahh.exe |
"TCP Query User{CD60E8A4-6F60-4268-9B96-6932F0AF7B67}C:\users\bedlam\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=6 | dir=in | app=c:\users\bedlam\appdata\local\temp\onlineupdate8\setupxu.exe |
"TCP Query User{D2B2D552-0E3F-4E99-AD07-27866A904CA8}D:\games\medal of honor pacific assault\mohpa.exe" = protocol=6 | dir=in | app=d:\games\medal of honor pacific assault\mohpa.exe |
"TCP Query User{E2D5FC53-545E-48C6-B864-92C2EFDA34B3}C:\programme1\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\programme1\bittorrent\bittorrent.exe |
"TCP Query User{EEBA12A4-8FEC-43A5-9926-7CD61E5C1D9B}D:\games\kane and lynch dead men\kaneandlynch.exe" = protocol=6 | dir=in | app=d:\games\kane and lynch dead men\kaneandlynch.exe |
"UDP Query User{1D441E34-C9D7-465F-A3AA-9D359826233F}D:\games\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\games\tmnationsforever\tmforever.exe |
"UDP Query User{2E5C6599-8D8B-4125-A1E4-860F5E75F3A5}C:\programme1\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\programme1\mozilla firefox\firefox.exe |
"UDP Query User{37C3C8C1-80B8-4860-A244-6B86B9B56E78}C:\program files (x86)\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nero\nero web\setupx.exe |
"UDP Query User{3E3A2C39-C1E1-4974-B229-DD5954914374}C:\programme1\mozilla firefox\plugins\alhlp.exe" = protocol=17 | dir=in | app=c:\programme1\mozilla firefox\plugins\alhlp.exe |
"UDP Query User{438C72E9-FD32-4E26-868E-1527F0BE0AD4}C:\users\bedlam\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\bedlam\program files (x86)\dna\btdna.exe |
"UDP Query User{6523BCA4-D041-479D-9B11-E5415E6C4AFD}C:\users\bedlam\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\bedlam\program files (x86)\dna\btdna.exe |
"UDP Query User{70A710CE-E336-44D9-B5AA-8BF64ABC65F2}D:\games\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=17 | dir=in | app=d:\games\brothers in arms - hell's highway\binaries\biahh.exe |
"UDP Query User{78D8A71B-F403-4DD5-8370-CFD7B046C0E5}C:\programme1\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\programme1\bittorrent\bittorrent.exe |
"UDP Query User{78DE3C9B-8BE3-4063-9922-442D6036BB17}D:\games\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=17 | dir=in | app=d:\games\brothers in arms - hell's highway\binaries\biahh.exe |
"UDP Query User{7E1D0893-A490-4B14-9308-F47E5CD3A871}D:\games\medal of honor pacific assault\mohpa.exe" = protocol=17 | dir=in | app=d:\games\medal of honor pacific assault\mohpa.exe |
"UDP Query User{9B826BE1-4FE8-45C7-BAE3-DFBEAC59DC96}D:\games\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=d:\games\anno 1701\anno1701.exe |
"UDP Query User{A42B2FB9-46E5-41D6-B9C1-BE78F0A47D59}C:\users\bedlam\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=17 | dir=in | app=c:\users\bedlam\appdata\local\temp\onlineupdate8\setupxu.exe |
"UDP Query User{ACC85AE1-CA8B-474D-8B6B-8FFEC6F33D7F}C:\programme1\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\programme1\mozilla firefox\firefox.exe |
"UDP Query User{C5A1EA7E-A2BD-462C-B3B3-930FCB48E9A0}C:\programme1\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\programme1\bittorrent\bittorrent.exe |
"UDP Query User{F0171DFC-4DAD-4EC9-A24F-9100368BFE0F}D:\games\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=d:\games\far cry 2\bin\farcry2.exe |
"UDP Query User{FB15FC86-2460-41EE-AD60-06C16988F64F}D:\games\kane and lynch dead men\kaneandlynch.exe" = protocol=17 | dir=in | app=d:\games\kane and lynch dead men\kaneandlynch.exe |
"UDP Query User{FE8BEC90-7DA2-492B-9371-01046572D961}C:\games\call of duty - world at war\codwaw.unpacked.exe" = protocol=17 | dir=in | app=c:\games\call of duty - world at war\codwaw.unpacked.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PCSI" = Prevx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{005E738B-5A0A-4483-A900-877D183A8F45}_is1" = BlindWrite 6
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}" = Sound Blaster X-Fi
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5EDB9281-1F84-4195-9CDD-85985D17DDC7}" = WISO Sparbuch 2007
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24
"{8410B358-107A-4FB7-AB2B-6FD952F15A8F}" = Nero 8
"{86798B9C-A97F-47FB-B3DD-740551F33EF7}" = WISO Sparbuch 2007 - Multimedia-Erweiterung
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}" = WISO Sparbuch 2008
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{AEBC4CA2-B05F-47E3-8680-B2CDB6E12006}" = WISO Sparbuch 2006
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{CC038D57-788A-4544-BF8F-179E5CF50D2F}" = Microsoft Visual C++ 2005 SP1 CRT Redistributable
"{D4134B0B-EA9B-4835-A77A-60BEE6277101}" = Lightroom
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"CloneDVD2" = CloneDVD2
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diagnostics 4_5" = Creative-Diagnose
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD-CLONER VI_is1" = DVD-CLONER V6.00 Build 978
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"Host OpenAL" = Host OpenAL
"HyperSnap 6" = HyperSnap 6
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.8.0 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"OpenAL" = OpenAL
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VideoLAN VLC media player 0.8.4a
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06.01.2010 11:00:42 | Computer Name = Dom | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Programme1\Nero\Nero8\Nero
PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei "" in
Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 06.01.2010 11:00:42 | Computer Name = Dom | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Programme1\Nero\Nero8\Nero
PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile
. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 06.01.2010 11:00:45 | Computer Name = Dom | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Programme1\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine
für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer
anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind:
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 06.01.2010 14:17:53 | Computer Name = Dom | Source = VSS | ID = 8194
Description =

Error - 06.01.2010 14:20:51 | Computer Name = Dom | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Programme1\Nero\Nero8\Nero
PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei "" in
Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 06.01.2010 14:20:51 | Computer Name = Dom | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Programme1\Nero\Nero8\Nero
PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei "" in
Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 06.01.2010 14:20:51 | Computer Name = Dom | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Programme1\Nero\Nero8\Nero
PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile
. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 06.01.2010 14:20:51 | Computer Name = Dom | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Programme1\Nero\Nero8\Nero
PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile
. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 06.01.2010 14:20:52 | Computer Name = Dom | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Programme1\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine
für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer
anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind:
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 06.01.2010 14:20:52 | Computer Name = Dom | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Programme1\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine
für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer
anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind:
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

[ OSession Events ]
Error - 08.07.2008 15:11:06 | Computer Name = Mannheim | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 69
seconds with 0 seconds of active time. This session ended with a crash.

Error - 09.04.2009 07:17:54 | Computer Name = Mannheim | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 771
seconds with 420 seconds of active time. This session ended with a crash.

Error - 29.06.2009 15:54:32 | Computer Name = Mannheim | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9216
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19.07.2009 13:04:08 | Computer Name = Mannheim | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06.01.2010 09:01:14 | Computer Name = Dom | Source = Service Control Manager | ID = 7000
Description =

Error - 06.01.2010 09:01:14 | Computer Name = Dom | Source = Service Control Manager | ID = 7000
Description =

Error - 06.01.2010 09:26:59 | Computer Name = Dom | Source = Service Control Manager | ID = 7000
Description =

Error - 06.01.2010 09:26:59 | Computer Name = Dom | Source = Service Control Manager | ID = 7000
Description =

Error - 06.01.2010 11:01:47 | Computer Name = Dom | Source = Service Control Manager | ID = 7000
Description =

Error - 06.01.2010 11:01:47 | Computer Name = Dom | Source = Service Control Manager | ID = 7000
Description =

Error - 06.01.2010 11:27:33 | Computer Name = Dom | Source = Service Control Manager | ID = 7000
Description =

Error - 06.01.2010 11:27:33 | Computer Name = Dom | Source = Service Control Manager | ID = 7000
Description =

Error - 06.01.2010 14:21:52 | Computer Name = Dom | Source = Service Control Manager | ID = 7000
Description =

Error - 06.01.2010 14:21:52 | Computer Name = Dom | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Alt 06.01.2010, 22:48   #17
Chris4You
 
Trojan.Win32/Alureon.BT - Standard

Trojan.Win32/Alureon.BT



Hmm,

einige Mainfeste von Nero beschädigt, sonst ist eigentlich ausser einige Kleinigkeiten nichts zu finden (DANKE an den OTL-Fachmann!)...

Werde mich mal mit Kollegen beraten....

So, das SecurityCenter ist ausgeschaltet:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
Wenn Du Dich mit Regedit auskennst, kannst Du den Wert von cval auf 1 setzen (der ist lt. OTL auf 0 gesetzt, damit läuft es nicht). Sonst basteln wir uns morgen dafür was (ich mach jetzt die Fliege ins Bett)...

chris
__________________

__________________

Geändert von Chris4You (06.01.2010 um 23:36 Uhr)

Alt 07.01.2010, 12:12   #18
Chris4You
 
Trojan.Win32/Alureon.BT - Standard

Trojan.Win32/Alureon.BT



Hi,

Backup der Registry erstellen mit ERUNT:

* Lade Dir ERUNT von folgender Adresse: http://aumha.org/freeware/freeware.php
* Wähle die Installationsversion von ERUNT (nicht die gepackte) und installiere es auf deutsch
* Nach der Installation startet er gleich, alle Auswahlen so lassen
* Backup durchführen

Note: Um das Backup der Registry wieder einzuspielen, wechsele per commandline in das Backupverzeichns und starte ERDNT.exe (falls was schief gehen sollte, allerdings nur auf ausdrückliche Anweisung!)

Hier ein Script für OTL:
OTL starten, den Text in das Feld unten bei OTL reinkopieren (steht custom scans/fixes drüber) und dann "Run Fixes" oben links anklicken...

Log posten!

Code:
ATTFilter
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = dword:0x01
         
chris
__________________
__________________

Alt 07.01.2010, 13:39   #19
bedlam111
 
Trojan.Win32/Alureon.BT - Standard

Trojan.Win32/Alureon.BT



hey,

gestern abend war ich dann auch fix und fertig, nachdem ich den ganzen tag vorm pc saß. und den rechner fast
Im momment bin ich noch um büro. ich meld emich dann heute abend wieder mit den ergebissen.

Hast du noch ne idee, was ich mit dem sprachprogramm machen soll. Ich kann das ganz normal starten, bekomme es aber nicht deinstalliert. Das ist schon so ewig auf meinem rechner. das ich es aus den augen verloren hatte.

Alt 07.01.2010, 13:57   #20
Chris4You
 
Trojan.Win32/Alureon.BT - Standard

Trojan.Win32/Alureon.BT



Hi,

lass die von Prevx angegebenen Dateien bei Virustotal.com überprüfen, Prevx ist ein guter Scanner (beseitigt als Free-Edition leider nichts), neigt aber auch zu Fehlalarm. Wenn keine Deinstallationsanwendung "greifbar" ist und Du es nicht brauchst, einfach löschen (oder als Backup vorher packen)...

chris

__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 07.01.2010, 19:18   #21
bedlam111
 
Trojan.Win32/Alureon.BT - Standard

Trojan.Win32/Alureon.BT



Hi,

ich habe zuerst den Wert 0 auf 1 gesetzt in der regedit "cval". Das hat aber nix gebracht.

Hier mal der log von OTL nach dem ich dein script eingegeben habe.:

OTL logfile created on: 07.01.2010 19:07:31 - Run 2
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\bedlam\Desktop\Virusbekämpfung
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 82,00% Memory free
16,00 Gb Paging File | 15,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 143,23 Gb Free Space | 61,50% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 24,69 Gb Free Space | 10,60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOM
Current User Name: bedlam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\bedlam\Desktop\Virusbekämpfung\OTL.exe (OldTimer Tools)
PRC - C:\Programme1\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme1\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme1\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Programme1\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme1\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Programme1\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme1\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme1\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\Programme1\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Windows\system\w98eject.exe (Sigmatel)


========== Modules (SafeList) ==========

MOD - C:\Users\bedlam\Desktop\Virusbekämpfung\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (TomTomHOMEService) -- C:\Programme1\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirService) -- C:\Programme1\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme1\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (Microsoft Office Groove Audit Service) -- C:\programme1\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NMIndexingService) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 3) -- C:\Programme1\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 14:34:14 | 00,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (pxrts) -- C:\Windows\SysNative\drivers\pxrts.sys (Prevx)
DRV:64bit: - (pxscan) -- C:\Windows\SysNative\drivers\pxscan.sys (Prevx)
DRV:64bit: - (pxkbf) -- C:\Windows\SysNative\drivers\pxkbf.sys (Prevx)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (t3) -- C:\Windows\SysNative\drivers\t3.sys (Creative Technology Ltd.)
DRV:64bit: - (ezplay) -- C:\Windows\SysNative\Drivers\ezplay.sys (VSO Software)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Programme1\PowerDVD8\PowerDVD8\000.fcl (Cyberlink Corp.)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\drivers\ElbyCDIO.sys (Elaborate Bytes AG)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ftd.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.ftd.de"


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Programme1\Mozilla Firefox\components [2009.12.25 20:54:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Programme1\Mozilla Firefox\plugins [2010.01.06 15:58:06 | 00,000,000 | ---D | M]

[2008.10.03 19:05:35 | 00,000,000 | ---D | M] -- C:\Users\bedlam\AppData\Roaming\mozilla\Extensions
[2008.10.03 19:05:35 | 00,000,000 | ---D | M] -- C:\Users\bedlam\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.01.06 20:30:49 | 00,000,000 | ---D | M] -- C:\Users\bedlam\AppData\Roaming\mozilla\Firefox\Profiles\jte5xmi8.default\extensions

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme1\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme1\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme1\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme1\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme1\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme1\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [GrooveMonitor] C:\programme1\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme1\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme1\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AnyDVD] C:\Programme1\DVD\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\programme1\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\bedlam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme1\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme1\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme1\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme1\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme1\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme1\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{40b7dd3f-9174-11dd-bb49-001d7da643aa}\Shell\AutoRun\command - "" = M:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{5f60b683-ec83-11dc-bfb1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5f60b683-ec83-11dc-bfb1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe -- File not found
O33 - MountPoints2\{65a957bb-0651-11dd-9bb5-001d7da643aa}\Shell - "" = AutoRun
O33 - MountPoints2\{65a957bb-0651-11dd-9bb5-001d7da643aa}\Shell\AutoRun\command - "" = G:\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.01.07 19:04:39 | 00,000,000 | ---D | C] -- C:\_OTL
[2010.01.06 21:02:40 | 00,044,944 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
[2010.01.06 21:02:40 | 00,034,656 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys
[2010.01.06 21:02:39 | 00,022,296 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys
[2010.01.06 21:02:39 | 00,000,000 | ---D | C] -- C:\Programme\Prevx
[2010.01.06 21:01:52 | 00,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2010.01.06 20:47:28 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010.01.06 20:22:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010.01.06 20:22:41 | 00,000,000 | ---D | C] -- C:\rsit
[2010.01.06 16:17:21 | 00,000,000 | ---D | C] -- C:\Users\bedlam\Desktop\Virusbekämpfung
[2010.01.06 14:53:41 | 00,000,000 | ---D | C] -- C:\Users\bedlam\AppData\Roaming\Malwarebytes
[2010.01.06 14:53:38 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.01.06 14:53:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.01.06 14:53:36 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009.12.25 21:07:46 | 00,010,488 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2009.12.25 21:07:46 | 00,010,488 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2009.12.25 20:54:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009.12.14 23:41:18 | 00,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2009.12.14 23:41:18 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2009.12.14 23:41:18 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2009.12.14 23:41:18 | 00,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2009.12.14 23:41:17 | 05,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2009.12.14 23:41:17 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2009.12.14 23:41:17 | 02,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2009.12.14 23:41:17 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2009.12.14 23:41:16 | 00,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2009.12.14 23:41:16 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2009.12.14 23:41:15 | 02,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2009.12.14 23:41:15 | 00,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2009.12.14 23:41:11 | 00,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2009.12.14 23:41:11 | 00,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2009.12.14 23:41:05 | 00,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2009.12.14 23:41:05 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2009.12.14 23:41:04 | 00,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2009.12.14 23:41:04 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2009.12.14 23:41:03 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2009.12.14 23:41:03 | 00,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2009.12.14 23:41:02 | 00,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2009.12.14 23:41:02 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2009.12.14 23:41:00 | 00,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2009.12.14 23:41:00 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2009.12.14 23:41:00 | 00,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2009.12.14 23:41:00 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2009.12.14 23:40:59 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2009.12.14 23:40:59 | 00,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2009.12.09 21:20:11 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2009.12.09 21:20:11 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2009.12.09 21:20:09 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2009.12.09 21:20:09 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2009.12.09 21:13:52 | 02,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2009.12.09 21:13:52 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009.12.09 21:13:51 | 01,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2009.12.09 21:13:51 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009.12.09 21:13:51 | 01,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2009.12.09 21:13:51 | 00,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2009.12.09 21:13:51 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009.12.09 21:13:51 | 00,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2009.12.09 21:13:51 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009.12.09 21:13:51 | 00,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2009.12.09 21:13:51 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2009.12.09 21:13:51 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2009.12.09 21:13:51 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009.12.09 21:13:51 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009.12.09 21:13:51 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009.12.09 21:13:51 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009.12.09 21:13:51 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2009.12.09 21:13:51 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009.12.09 21:13:51 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2009.12.09 21:13:51 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009.12.09 21:13:51 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2009.12.09 21:13:51 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2009.12.09 21:13:51 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009.12.09 21:13:51 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009.12.09 21:13:51 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2009.12.09 21:13:51 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009.12.09 21:13:51 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009.12.09 21:13:51 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2009.12.09 21:13:51 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009.12.09 21:13:51 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009.12.09 21:13:51 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2009.12.09 21:13:12 | 00,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2009.12.09 21:13:12 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2008.12.30 12:44:27 | 00,118,400 | ---- | C] (VSO Software) -- C:\Users\bedlam\AppData\Roaming\ezplay.sys
[2008.06.06 19:24:03 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\bedlam\AppData\Roaming\pcouffin.sys
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.01.07 19:06:28 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB09B86F-21F9-4501-8762-62EDA0FDF34B}.job
[2010.01.07 19:05:23 | 02,883,584 | ---- | M] () -- C:\Users\bedlam\NTUSER.DAT
[2010.01.07 19:00:05 | 00,000,814 | ---- | M] () -- C:\Users\bedlam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.01.07 19:00:04 | 00,000,634 | ---- | M] () -- C:\Users\bedlam\Desktop\NTREGOPT.lnk
[2010.01.07 19:00:04 | 00,000,615 | ---- | M] () -- C:\Users\bedlam\Desktop\ERUNT.lnk
[2010.01.07 18:48:21 | 01,427,212 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.01.07 18:48:21 | 00,621,714 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.01.07 18:48:21 | 00,589,884 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.01.07 18:48:21 | 00,123,452 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.01.07 18:48:21 | 00,101,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.01.07 18:42:25 | 00,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010.01.07 18:42:15 | 00,034,990 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.01.07 18:42:14 | 00,034,990 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.01.07 18:41:50 | 00,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.01.07 18:41:50 | 00,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.01.07 18:41:47 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.01.07 18:41:44 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.01.07 18:39:56 | 00,524,288 | -HS- | M] () -- C:\Users\bedlam\NTUSER.DAT{e77957ec-ae5a-11de-8519-001a4f473cab}.TMContainer00000000000000000001.regtrans-ms
[2010.01.07 18:39:56 | 00,065,536 | -HS- | M] () -- C:\Users\bedlam\NTUSER.DAT{e77957ec-ae5a-11de-8519-001a4f473cab}.TM.blf
[2010.01.07 18:39:52 | 03,633,321 | -H-- | M] () -- C:\Users\bedlam\AppData\Local\IconCache.db
[2010.01.06 21:02:40 | 00,044,944 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
[2010.01.06 21:02:40 | 00,034,656 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys
[2010.01.06 21:02:39 | 00,022,296 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys
[2010.01.06 21:02:34 | 00,000,051 | ---- | M] () -- C:\Windows\wininit.ini
[2010.01.06 16:18:45 | 00,001,559 | ---- | M] () -- C:\Users\bedlam\Desktop\CCleaner.lnk
[2010.01.06 14:53:41 | 00,000,719 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.01.06 13:45:19 | 00,001,460 | ---- | M] () -- C:\Users\bedlam\AppData\Local\d3d9caps64.dat
[2010.01.06 11:41:31 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.01.06 10:53:35 | 00,000,008 | ---- | M] () -- C:\ProgramData\sysReserve.ini
[2010.01.05 17:25:37 | 00,000,885 | ---- | M] () -- C:\Windows\wiso.ini
[2010.01.05 17:18:03 | 00,001,790 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Sparbuch heute.lnk
[2010.01.05 17:18:03 | 00,001,709 | ---- | M] () -- C:\Users\Public\Desktop\WISO Sparbuch 2010.lnk
[2010.01.05 15:44:26 | 00,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.01.05 15:44:26 | 00,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.01.05 15:44:26 | 00,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.01.05 15:44:26 | 00,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.01.05 15:42:32 | 00,000,959 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010.01.03 21:40:39 | 00,026,276 | ---- | M] () -- C:\Users\bedlam\Desktop\Analyse.xlsx
[2010.01.02 18:23:46 | 00,089,600 | ---- | M] () -- C:\Users\bedlam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009.12.30 14:55:06 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009.12.25 21:09:02 | 00,001,788 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009.12.25 21:07:43 | 00,001,869 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom.lnk
[2009.12.25 20:54:54 | 00,001,627 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009.12.11 20:49:04 | 00,001,770 | ---- | M] () -- C:\Windows\ShowSetup.mif
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.01.07 19:00:05 | 00,000,814 | ---- | C] () -- C:\Users\bedlam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.01.07 19:00:04 | 00,000,634 | ---- | C] () -- C:\Users\bedlam\Desktop\NTREGOPT.lnk
[2010.01.07 19:00:04 | 00,000,615 | ---- | C] () -- C:\Users\bedlam\Desktop\ERUNT.lnk
[2010.01.06 21:01:52 | 00,000,051 | ---- | C] () -- C:\Windows\wininit.ini
[2010.01.06 16:18:45 | 00,001,559 | ---- | C] () -- C:\Users\bedlam\Desktop\CCleaner.lnk
[2010.01.06 14:53:41 | 00,000,719 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.01.06 10:53:35 | 00,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2010.01.05 17:20:40 | 00,436,332 | ---- | C] () -- C:\Users\bedlam\AppData\Local\dd_vcredistMSI3A35.txt
[2010.01.05 17:20:40 | 00,011,698 | ---- | C] () -- C:\Users\bedlam\AppData\Local\dd_vcredistUI3A35.txt
[2010.01.05 17:18:03 | 00,001,790 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Sparbuch heute.lnk
[2010.01.05 17:18:03 | 00,001,709 | ---- | C] () -- C:\Users\Public\Desktop\WISO Sparbuch 2010.lnk
[2010.01.05 15:50:54 | 00,034,990 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.01.05 15:50:54 | 00,034,990 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.12.25 21:07:43 | 00,001,869 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom.lnk
[2009.12.25 20:54:54 | 00,001,627 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009.12.05 18:16:50 | 00,000,306 | ---- | C] () -- C:\Windows\game.ini
[2009.11.06 10:58:04 | 00,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.10.22 13:53:41 | 00,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.09.11 19:25:21 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.11 19:24:43 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.22 21:39:45 | 00,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2009.07.22 21:39:45 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2009.06.05 08:22:31 | 00,024,226 | ---- | C] () -- C:\Users\bedlam\AppData\Roaming\UserTile.png
[2009.03.22 17:28:33 | 00,421,730 | ---- | C] () -- C:\Users\bedlam\AppData\Local\dd_vcredistMSI0BCF.txt
[2009.03.22 17:28:33 | 00,011,482 | ---- | C] () -- C:\Users\bedlam\AppData\Local\dd_vcredistUI0BCF.txt
[2009.03.11 17:13:38 | 00,809,368 | ---- | C] () -- C:\Users\bedlam\AppData\Local\dd_NET_Framework35_LangPack_MSI24EE.txt
[2009.03.11 17:13:22 | 00,036,032 | ---- | C] () -- C:\Users\bedlam\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009.03.11 17:13:16 | 00,078,574 | ---- | C] () -- C:\Users\bedlam\AppData\Local\dd_dotnetfx35install_lp.txt
[2009.03.11 17:13:16 | 00,000,002 | ---- | C] () -- C:\Users\bedlam\AppData\Local\dd_dotnetfx35error_lp.txt
[2009.02.03 21:55:04 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2009.01.14 02:47:24 | 00,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2009.01.14 02:47:24 | 00,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2009.01.14 02:47:24 | 00,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2009.01.14 02:47:24 | 00,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2009.01.14 02:47:24 | 00,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2009.01.14 02:47:24 | 00,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2009.01.14 02:47:24 | 00,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2009.01.14 02:47:24 | 00,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2009.01.14 02:47:24 | 00,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2009.01.14 02:47:24 | 00,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2009.01.14 02:47:24 | 00,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2009.01.14 02:47:24 | 00,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2009.01.14 02:47:24 | 00,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2009.01.14 02:47:24 | 00,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2009.01.14 02:47:24 | 00,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2009.01.14 02:47:24 | 00,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2009.01.14 02:47:24 | 00,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2009.01.14 02:47:24 | 00,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2009.01.14 02:47:24 | 00,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2009.01.14 02:47:24 | 00,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2009.01.14 02:47:24 | 00,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2009.01.14 02:47:24 | 00,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2009.01.14 02:47:24 | 00,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2009.01.14 02:47:24 | 00,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2009.01.14 02:47:24 | 00,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2009.01.14 02:47:24 | 00,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2009.01.14 02:47:24 | 00,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2009.01.14 02:47:24 | 00,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2009.01.14 02:47:24 | 00,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2009.01.14 02:47:24 | 00,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2009.01.14 02:47:24 | 00,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2008.12.30 13:06:39 | 00,056,340 | ---- | C] () -- C:\Users\bedlam\AppData\Local\dd_depcheckdotnetfx30.txt
[2008.12.30 13:06:35 | 00,064,802 | ---- | C] () -- C:\Users\bedlam\AppData\Local\dd_dotnetfx3install.txt
[2008.12.30 13:06:35 | 00,007,102 | ---- | C] () -- C:\Users\bedlam\AppData\Local\uxeventlog.txt
[2008.12.30 13:06:35 | 00,001,434 | ---- | C] () -- C:\Users\bedlam\AppData\Local\dd_dotnetfx3error.txt
[2008.12.30 12:44:55 | 00,000,034 | ---- | C] () -- C:\Users\bedlam\AppData\Roaming\ezplay.log
[2008.12.30 12:44:27 | 00,007,833 | ---- | C] () -- C:\Users\bedlam\AppData\Roaming\ezplay.cat
[2008.12.30 12:44:27 | 00,001,126 | ---- | C] () -- C:\Users\bedlam\AppData\Roaming\ezplay.inf
[2008.12.30 12:44:27 | 00,000,125 | ---- | C] () -- C:\Users\bedlam\AppData\Roaming\ezplay.ini
[2008.10.17 01:33:50 | 00,150,016 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2008.06.14 14:37:57 | 00,099,384 | ---- | C] () -- C:\Users\bedlam\AppData\Roaming\ezpinst.exe
[2008.06.07 12:26:31 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.06.06 19:24:27 | 00,000,034 | ---- | C] () -- C:\Users\bedlam\AppData\Roaming\pcouffin.log
[2008.06.06 19:24:03 | 00,099,384 | ---- | C] () -- C:\Users\bedlam\AppData\Roaming\inst.exe
[2008.06.06 19:24:03 | 00,007,859 | ---- | C] () -- C:\Users\bedlam\AppData\Roaming\pcouffin.cat
[2008.06.06 19:24:03 | 00,001,167 | ---- | C] () -- C:\Users\bedlam\AppData\Roaming\pcouffin.inf
[2008.05.25 22:19:17 | 00,002,048 | ---- | C] () -- C:\Windows\SysWow64\syscvchk.dll
[2008.05.25 22:16:27 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.05.12 16:09:53 | 00,000,245 | ---- | C] () -- C:\Windows\BUHL.INI
[2008.05.12 11:13:23 | 00,000,253 | ---- | C] () -- C:\Windows\tm.ini
[2008.05.05 20:05:24 | 00,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.05.04 15:30:54 | 00,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.04.12 18:33:39 | 00,000,178 | ---- | C] () -- C:\Windows\Clony2.ini
[2008.04.12 12:53:06 | 00,215,144 | ---- | C] () -- C:\Windows\patchw32.dll
[2008.04.04 16:10:43 | 01,491,338 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008.03.16 17:53:18 | 00,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2008.03.16 17:53:16 | 00,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.03.16 17:53:16 | 00,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008.03.16 17:53:15 | 00,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2008.03.16 17:53:15 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2008.03.15 14:38:41 | 00,000,885 | ---- | C] () -- C:\Windows\wiso.ini
[2008.03.15 13:04:13 | 00,004,626 | ---- | C] () -- C:\Windows\SysWow64\AudioDrv.ini
[2008.03.15 13:03:13 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg03RMi.ini
[2008.03.15 13:03:13 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg03RLI.ini
[2008.03.15 13:03:13 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg03FMi.ini
[2008.03.15 13:03:13 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg03DI.ini
[2008.03.15 13:03:13 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg02RMi.ini
[2008.03.15 13:03:13 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg02RLI.ini
[2008.03.15 13:03:12 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg02FMi.ini
[2008.03.15 13:03:12 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg02DI.ini
[2008.03.15 13:03:12 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg01Mic.ini
[2008.03.15 13:03:12 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg01LI.ini
[2008.03.15 13:03:12 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg01DI.ini
[2008.03.15 13:03:04 | 00,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2008.03.15 13:03:04 | 00,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2008.03.12 19:10:39 | 00,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.08 07:19:18 | 00,089,600 | ---- | C] () -- C:\Users\bedlam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.07 22:12:50 | 00,000,680 | ---- | C] () -- C:\Users\bedlam\AppData\Local\d3d9caps.dat
[2008.03.07 21:56:13 | 00,000,552 | ---- | C] () -- C:\Users\bedlam\AppData\Local\d3d8caps.dat
[2008.03.07 21:27:06 | 00,001,460 | ---- | C] () -- C:\Users\bedlam\AppData\Local\d3d9caps64.dat
[2007.07.23 08:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007.07.23 08:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007.07.23 08:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007.07.23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007.07.23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007.07.23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007.07.23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007.07.23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007.07.23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2002.06.28 10:43:44 | 00,438,272 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2002.05.16 00:38:40 | 00,091,136 | ---- | C] () -- C:\Windows\SysWow64\mp4fil32.dll
[2002.05.04 14:19:00 | 00,049,152 | ---- | C] () -- C:\Windows\SysWow64\avisynthEx.dll
< End of report >

Alt 07.01.2010, 19:27   #22
bedlam111
 
Trojan.Win32/Alureon.BT - Standard

Trojan.Win32/Alureon.BT



so, ich habe einen Neustart durchgeführt.

Das Sicherheistcenter lässt sich aber immer noch nicht aktivieren

Was soll ich den jetzt machen?
brauchst du noch ein anderes logfile?

Alt 07.01.2010, 19:32   #23
Chris4You
 
Trojan.Win32/Alureon.BT - Standard

Trojan.Win32/Alureon.BT



Hi,

seltsam...
Sehe wir mal nach...
Start->ins suchfeld eingeben msconfig enter, Reiter Dienste, dort den Dienst "Sicherheitscenter" suchen und prüfen ob er gestartet ist...

Weiter auf den Reiter "Tools" navigieren, und dort "Sicherheitscenter" starten...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 07.01.2010, 19:36   #24
bedlam111
 
Trojan.Win32/Alureon.BT - Standard

Trojan.Win32/Alureon.BT



Hi Chris,

also der Entrag ist garnicht vorhanden.
Das einzige was da so ungefähr passt ist "Sicherheistkonto-Manager" und das ist gestartet.

Alt 07.01.2010, 19:46   #25
Chris4You
 
Trojan.Win32/Alureon.BT - Standard

Trojan.Win32/Alureon.BT



Hi,

nicht da?
Test:
Folgende Zeile in Start->Suchfeld kopieren und enter, das Sicherheitscenter sollte starten...
Code:
ATTFilter
C:\Windows\System32\wscui.cpl
         
chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 07.01.2010, 19:49   #26
bedlam111
 
Trojan.Win32/Alureon.BT - Standard

Trojan.Win32/Alureon.BT



jupp,
das klappt jetzt.
das programm öffnet sich. aber wenn ich auf "jetzt einschalten" gehe, sagt er mir
"Der Sicherheitsdienst konnte nicht gestartet werden"

P.S. Unten rechts in der Taskleiste neben der Uhr ist auch das entsprechende Sysmbol. Ich habe den Eintrag nur nicht in der config.sys unter dienste gesehen. Warum auch immer

Alt 07.01.2010, 19:56   #27
Chris4You
 
Trojan.Win32/Alureon.BT - Standard

Trojan.Win32/Alureon.BT



Stufe tiefer, next turn...

Start->Suchfeld (kennst Du ja jetzt schon ) computerverwaltung enter.

Navigieren auf "Dienste" (ziemlich weit unten im linken Bereich), draufklicken, jetzt im rechten Bereich "Sicherheitscenter" suchen, Doppelklick drauf machen.
Im ersten Reiter des sich jetzt öffnenden Fensters "Starttyp" prüfen, sollte sein: "Automatisch (verzögerter Start)"

Ansonsten liegt ein Berechtigungsproblem vor, das wäre der zweite Reiter "Anmelden", da verlassen wir aber dann
mein "Gebiet" wo ich mich auskenne... Sollte sein "Lokaler Dienst", Passwort (keine Ahnung, Deines von der Anmeldung?)...

chris
Ps.: Gibt es auch eine Fehlernummer zur Meldung?
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Geändert von Chris4You (07.01.2010 um 20:19 Uhr)

Alt 07.01.2010, 21:34   #28
Chris4You
 
Trojan.Win32/Alureon.BT - Standard

Trojan.Win32/Alureon.BT



Hi,

das Security-Center wird von dem Teil gestoppt, der Dienst wird disabled.

Wenn das vorhin nicht geklapt hat, wie folgt vorgehen:
Öffne eine Commandline-Shell mit Adminrechten. Am Einfachsten Du erstellst eine entsprechende Verknüpfung auf dem Desktop. Ziel der Verknüpfung ist "C:\Windows\System32\cmd.exe". Ausführen als Administrator ankreuzen nicht vergessen...

Dort reinschreiben:
Code:
ATTFilter
sc config wscsvc start=auto
         
dann
Code:
ATTFilter
net start wscsvc
         
Weiterhin werden zwei Dateien in das Temp-Verzeichnis "getropped":
%Temp%\wow64main.exe und %Temp%\wscsvc32.exe, Beide sind bei Dir nicht zu finden...
In der Registry werden verschiedene Einträge modifiziert, die bis auf die Runanweisung nicht so kritisch sind...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 07.01.2010, 23:34   #29
bedlam111
 
Trojan.Win32/Alureon.BT - Standard

Trojan.Win32/Alureon.BT



Hi,

ich habe jetzt erstmal das gemacht, was du im vorhergehenden Beitrag geschrieben hast. Immerhin ist jetzt das Securitycenter wieder am laufen.

Ich habe dann gleich nochmal MAM laufen lassen. Das hat noch einen Eintrag gefunden. "Malware.Trace c:\32788R22FWJFW\combo-Fix.sys"
Soll ich das entfernen?

Morgen lass ich Prevx und Antivir nochmal drüber laufen.

Jetzt verschwinde ich aber erstmal in die Koje, bin hunde müde.

Alt 08.01.2010, 11:39   #30
Chris4You
 
Trojan.Win32/Alureon.BT - Standard

Trojan.Win32/Alureon.BT



Hi,

nein, lass das stehen, das gehört zu Combofix (c:\32788R22FWJFW\combo-Fix.sys").
Deinstalliere Combofix bevor Du den Scan anstösst über:
Start->combofix /u

Wenn wieder was gefunden würde, dann hätten es wir mit einer neuen Variante zu tun...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu Trojan.Win32/Alureon.BT
deaktiviert, defender, desktop, entfernen, explorer, files, folge, folgende, frage, gleichzeitig, hallo zusammen, hinweis, icons, link, malware, maus, netzwerk, newbee, nicht mehr, rechner, scan, sicherheitscenter, updates, windows, wlan, wlan netzwerk, öffnet




Ähnliche Themen: Trojan.Win32/Alureon.BT


  1. Kaspersky findet Backdoor.Win32.Zaccess, Trojan-Ransom.Win32.Gimeno, Trojan.Win32.Inject
    Log-Analyse und Auswertung - 01.02.2014 (17)
  2. Windows 8.1: Trojan:Win32/Meredrop, Trojan:Win32/Malagent, Trojan:Win32/Matsnu.L und Worm:Win32/Ainslot.A
    Log-Analyse und Auswertung - 19.01.2014 (5)
  3. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  4. Trojan:DOS/Alureon.E
    Plagegeister aller Art und deren Bekämpfung - 14.05.2012 (25)
  5. Trojan:Win32/Alureon.FL | PWS:Win32/Fareit.A | Trojan:Win32/Sirefef.P....Auch MBR infiziert?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (7)
  6. Trojan:Win32/FakeSysdef und Trojan:Win32/Alureon.FE
    Plagegeister aller Art und deren Bekämpfung - 30.10.2011 (4)
  7. Maßnahmen nach XP-Recovery und Trojan:Win32/Alureon Microsoft
    Log-Analyse und Auswertung - 11.06.2011 (25)
  8. DOS/Alureon.A und Win32/Sirefef.B
    Plagegeister aller Art und deren Bekämpfung - 02.06.2011 (1)
  9. Alureon-G@mbr / Win32:FakeAlert-AHH
    Log-Analyse und Auswertung - 26.05.2011 (1)
  10. Virus:Win32/alureon.h
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (11)
  11. Virus: Win32/Alureon.G
    Plagegeister aller Art und deren Bekämpfung - 07.04.2010 (10)
  12. Trojan:Win32/Alureon.gen!U
    Log-Analyse und Auswertung - 29.11.2009 (2)
  13. Trojan:Win32/Alureon.gen!U eingefangen
    Plagegeister aller Art und deren Bekämpfung - 26.10.2009 (21)
  14. Trojan:Win32/Alureon.gen!U eingefangen
    Log-Analyse und Auswertung - 26.10.2009 (1)
  15. Packed.Win32.TDSS.y Trojaner Win32/Alureon.BF
    Plagegeister aller Art und deren Bekämpfung - 08.10.2009 (3)
  16. Trojan:Win32/Alureon!inf gefunden von "MS Windows-Tool zum Entfernen bösartiger Sw"
    Plagegeister aller Art und deren Bekämpfung - 05.05.2009 (18)
  17. Trojan:Win32/Alureon.A / Trojan.Win32.DNSChanger.hk
    Log-Analyse und Auswertung - 13.04.2007 (14)

Zum Thema Trojan.Win32/Alureon.BT - und hier die EXTRAS.TXT OTL Extras logfile created on: 06.01.2010 21:45:18 - Run 1 OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\bedlam\Desktop\Virusbekämpfung 64bit-Windows Vista Home Premium Edition Service Pack - Trojan.Win32/Alureon.BT...
Archiv
Du betrachtest: Trojan.Win32/Alureon.BT auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.