TR/Shutdowner.fft.5 in System32

fuccce · 28.12.2010, 13:49

hallo,
antivir meldet mir seit ein paar tagen ständig den TR/Shutdowner.fft.5 Virus in der Datei C:\WINNT\system32\kb.dll
is echt nervig da der Virus net zu löschen geht und die Meldung andauernd wieder auftaucht. Ich bitte um hilfe um den Virus zu löschen.

So hier erstmal die Log Dateien von Malwarbytes:
1. Scan:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5392

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

25.12.2010 16:01:00
mbam-log-2010-12-25 (16-01-00).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 183831
Laufzeit: 12 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\COM+ Manager (Trojan.Agent) -> Value: COM+ Manager -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\onweretetr.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Profile\administrator\lokale einstellungen\Temp\owcnexsmra.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Profile\administrator\lokale einstellungen\Temp\0.30231295366262156.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Profile\administrator\lokale einstellungen\Temp\0.3780111164638432.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\onweretetr.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

2. Scan:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5392

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

28.12.2010 13:03:29
mbam-log-2010-12-28 (13-03-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 467576
Laufzeit: 2 Stunde(n), 9 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 13

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\system volume information\_restore{857389fb-6e29-473e-9d65-bf9c3f99364b}\RP1\A0000018.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\system volume information\_restore{857389fb-6e29-473e-9d65-bf9c3f99364b}\rp1\a0000017.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{857389fb-6e29-473e-9d65-bf9c3f99364b}\rp1\a0000019.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\system volume information\_restore{857389fb-6e29-473e-9d65-bf9c3f99364b}\rp1\a0000020.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\system volume information\_restore{857389fb-6e29-473e-9d65-bf9c3f99364b}\rp1\a0000021.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\system volume information\_restore{857389fb-6e29-473e-9d65-bf9c3f99364b}\rp1\a0000022.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\system volume information\_restore{857389fb-6e29-473e-9d65-bf9c3f99364b}\rp1\a0000023.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\system volume information\_restore{857389fb-6e29-473e-9d65-bf9c3f99364b}\RP1\A0000024.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\system volume information\_restore{857389fb-6e29-473e-9d65-bf9c3f99364b}\rp1\a0000025.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\system volume information\_restore{857389fb-6e29-473e-9d65-bf9c3f99364b}\rp1\a0000026.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\system volume information\_restore{857389fb-6e29-473e-9d65-bf9c3f99364b}\rp1\a0000027.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\system volume information\_restore{857389fb-6e29-473e-9d65-bf9c3f99364b}\rp1\a0000028.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\system volume information\_restore{857389fb-6e29-473e-9d65-bf9c3f99364b}\RP1\A0000029.exe (Trojan.Crypt) -> Quarantined and deleted successfully.

Hier die OTL.txt :

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.12.2010 13:10:30 - Run 1
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Profile\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 4,62 Gb Free Space | 9,46% Space Free | Partition Type: NTFS
Drive D: | 126,96 Gb Total Space | 9,76 Gb Free Space | 7,69% Space Free | Partition Type: NTFS
Drive E: | 122,30 Gb Total Space | 16,23 Gb Free Space | 13,27% Space Free | Partition Type: NTFS
Drive F: | 6,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 3,82 Gb Total Space | 1,07 Gb Free Space | 27,85% Space Free | Partition Type: NTFS
Drive K: | 29,29 Gb Total Space | 29,21 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive L: | 488,28 Gb Total Space | 488,18 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive M: | 345,58 Gb Total Space | 341,17 Gb Free Space | 98,73% Space Free | Partition Type: NTFS
Drive N: | 68,36 Gb Total Space | 54,96 Gb Free Space | 80,39% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER-N01 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Profile\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe ()
PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\WINNT\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Foxit Software\Foxit Reader\Foxit Reader.exe ()
PRC - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Programme\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Programme\Common\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Winamp\winampa.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Profile\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (UPS) -- C:\WINNT\System32\ups.exe File not found
SRV - (Akamai) -- c:\Programme\Common\Akamai\netsession_win_aeec0f0.dll ()
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (mitsijm2011) -- C:\Programme\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe ()
SRV - (AntiVirScheduler) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (pgsql-8.3) -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (IDriverT) -- C:\Programme\Common\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programme\Common\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (GVTDrv) -- C:\WINNT\system32\drivers\GVTDrv.sys ()
DRV - (avipbb) -- C:\WINNT\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (atksgt) -- C:\WINNT\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINNT\system32\drivers\lirsgt.sys ()
DRV - (HDAudBus) -- C:\WINNT\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (sptd) -- C:\WINNT\System32\Drivers\sptd.sys ()
DRV - (gdrv) -- C:\WINNT\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (ssmdrv) -- C:\WINNT\system32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (ET5Drv) -- C:\WINNT\system32\drivers\ET5Drv.sys (Windows (R) 2000 DDK provider)
DRV - (RTLE8023xp) -- C:\WINNT\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINNT\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINNT\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (speedfan) -- C:\WINNT\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (se59obex) -- C:\WINNT\system32\drivers\se59obex.sys (MCCI)
DRV - (se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM) -- C:\WINNT\system32\drivers\se59mgmt.sys (MCCI)
DRV - (se59mdm) -- C:\WINNT\system32\drivers\se59mdm.sys (MCCI)
DRV - (se59mdfl) -- C:\WINNT\system32\drivers\se59mdfl.sys (MCCI)
DRV - (se59bus) Sony Ericsson Device 089 driver (WDM) -- C:\WINNT\system32\drivers\se59bus.sys (MCCI)
DRV - (se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS) -- C:\WINNT\system32\drivers\se59nd5.sys (MCCI)
DRV - (se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM) -- C:\WINNT\system32\drivers\se59unic.sys (MCCI)
DRV - (A4S2) -- C:\WINNT\System32\drivers\a4s2.sys (Microsoft Corporation)
DRV - (giveio) -- C:\WINNT\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.04 14:19:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.22 20:56:49 | 000,000,000 | ---D | M]
 
[2010.11.24 18:56:42 | 000,000,000 | ---D | M] -- C:\Profile\Administrator\Anwendungsdaten\Mozilla\Extensions
[2008.11.25 20:49:30 | 000,000,000 | ---D | M] -- C:\Profile\Administrator\Anwendungsdaten\Mozilla\Extensions-BackupByFirefoxPortable
[2008.11.25 20:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Profile\Administrator\Anwendungsdaten\Mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.12.27 17:25:09 | 000,000,000 | ---D | M] -- C:\Profile\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\4ux8v487.default\extensions
[2009.09.23 16:09:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Profile\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\4ux8v487.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.25 21:24:20 | 000,000,000 | ---D | M] -- C:\Profile\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\4ux8v487.default\extensions\firefox@tvunetworks.com
[2008.12.19 19:45:55 | 000,000,523 | ---- | M] () -- C:\Profile\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\4ux8v487.default\searchplugins\daemon-search.xml
[2010.02.10 19:11:16 | 000,000,687 | ---- | M] () -- C:\Profile\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\4ux8v487.default\searchplugins\icq-search.xml
[2010.02.23 20:21:47 | 000,000,950 | ---- | M] () -- C:\Profile\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\4ux8v487.default\searchplugins\icqplugin-1.xml
[2010.02.25 21:19:43 | 000,000,950 | ---- | M] () -- C:\Profile\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\4ux8v487.default\searchplugins\icqplugin-2.xml
[2010.04.06 19:41:18 | 000,000,950 | ---- | M] () -- C:\Profile\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\4ux8v487.default\searchplugins\icqplugin-3.xml
[2010.02.13 18:31:46 | 000,000,950 | ---- | M] () -- C:\Profile\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\4ux8v487.default\searchplugins\icqplugin.xml
[2010.12.27 17:25:09 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.07.15 11:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.02.16 20:31:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.16 20:31:16 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.16 20:31:17 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.16 20:31:17 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.16 20:31:17 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2002.08.29 12:00:00 | 000,000,820 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\BitComet\tools\BitCometBHO.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Download_Bho Class) - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Programme\PPLiveVA\DownloaderManager.dll (Synacast)
O3 - HKLM\..\Toolbar: (pcwPrivilegien) - {1D7A52EE-FBCB-4F46-AD2A-9C0ABAA20BC0} - C:\Programme\PC-WELT\pcwRunAs3\pcwPrivilegien.dll ()
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINNT\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EasyTuneVPro] C:\Programme\Gigabyte\ET5Pro\ETcall.exe ()
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe ()
O4 - HKLM..\Run: [SkyTel] C:\WINNT\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\Winampa.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Common\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Profile\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B5 00 00 00  [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo  = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.24 20:04:02 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008.04.01 12:43:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.02.15 17:06:05 | 000,000,000 | ---D | M] - E:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{a4b0620c-dc1a-11df-9309-001a4d5f5533}\Shell - "" = AutoRun
O33 - MountPoints2\{a4b0620c-dc1a-11df-9309-001a4d5f5533}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a4b0620c-dc1a-11df-9309-001a4d5f5533}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{da45beac-d6b3-11de-9111-001a4d5f5533}\Shell\AutoRun\command - "" = K:\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.28 13:08:40 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Profile\Administrator\Desktop\OTL.exe
[2010.12.28 00:54:17 | 000,000,000 | RH-D | C] -- C:\Profile\Administrator\Recent
[2010.12.27 17:16:48 | 000,000,000 | ---D | C] -- C:\Profile\Administrator\Desktop\Studienarbeit
[2010.12.25 14:33:31 | 000,000,000 | ---D | C] -- C:\Profile\Administrator\Anwendungsdaten\Malwarebytes
[2010.12.25 14:32:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010.12.25 14:32:50 | 000,000,000 | ---D | C] -- C:\Profile\All Users\Anwendungsdaten\Malwarebytes
[2010.12.25 14:32:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010.12.25 14:32:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.12.25 14:31:56 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Profile\Administrator\Desktop\mbam-setup.exe
[2010.12.17 18:25:20 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ndproxy.sys
[2010.12.17 18:24:46 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wab.exe
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[2 C:\Profile\All Users\Anwendungsdaten\*.tmp files -> C:\Profile\All Users\Anwendungsdaten\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.28 13:08:43 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Profile\Administrator\Desktop\OTL.exe
[2010.12.28 13:03:37 | 000,054,016 | ---- | M] () -- C:\WINNT\System32\drivers\wndmxcwp.sys
[2010.12.28 10:55:07 | 000,003,584 | ---- | M] () -- C:\WINNT\System32\kb.dll
[2010.12.28 09:07:17 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010.12.28 09:06:47 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010.12.27 12:02:44 | 000,024,944 | ---- | M] () -- C:\WINNT\System32\drivers\GVTDrv.sys
[2010.12.27 12:02:43 | 000,000,004 | ---- | M] () -- C:\WINNT\System32\GVTunner.ref
[2010.12.26 19:40:25 | 000,000,095 | ---- | M] () -- C:\WINNT\winamp.ini
[2010.12.25 14:32:52 | 000,000,756 | ---- | M] () -- C:\Profile\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.25 14:32:01 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Profile\Administrator\Desktop\mbam-setup.exe
[2010.12.23 16:52:41 | 000,371,123 | ---- | M] () -- C:\Profile\Administrator\Desktop\KM1_Verständnisfragen.pdf
[2010.12.23 16:50:20 | 005,219,905 | ---- | M] () -- C:\Profile\Administrator\Desktop\KM1-Zusammenfassung_1.pdf
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010.12.18 02:45:13 | 000,000,116 | ---- | M] () -- C:\WINNT\NeroDigital.ini
[2010.12.18 02:43:22 | 000,267,800 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2010.12.17 19:17:41 | 000,000,593 | ---- | M] () -- C:\WINNT\imsins.BAK
[2010.12.14 21:07:06 | 000,105,984 | ---- | M] () -- C:\Profile\Administrator\Desktop\Labor KM1 Kennfeldpunkte.xls
[2010.12.08 19:50:44 | 000,023,040 | ---- | M] () -- C:\Profile\Administrator\Desktop\InitiativbewerbungLTAA.doc
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[2 C:\Profile\All Users\Anwendungsdaten\*.tmp files -> C:\Profile\All Users\Anwendungsdaten\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.28 13:03:37 | 000,054,016 | ---- | C] () -- C:\WINNT\System32\drivers\wndmxcwp.sys
[2010.12.25 14:32:52 | 000,000,756 | ---- | C] () -- C:\Profile\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.25 14:12:35 | 000,003,584 | ---- | C] () -- C:\WINNT\System32\kb.dll
[2010.12.23 16:52:41 | 000,371,123 | ---- | C] () -- C:\Profile\Administrator\Desktop\KM1_Verständnisfragen.pdf
[2010.12.23 16:50:14 | 005,219,905 | ---- | C] () -- C:\Profile\Administrator\Desktop\KM1-Zusammenfassung_1.pdf
[2010.12.14 20:07:42 | 000,105,984 | ---- | C] () -- C:\Profile\Administrator\Desktop\Labor KM1 Kennfeldpunkte.xls
[2010.08.25 23:13:40 | 000,002,592 | ---- | C] () -- C:\Profile\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009.03.04 18:34:58 | 000,001,777 | ---- | C] () -- C:\WINNT\PartyGrabber.ini
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\WINNT\System32\xlive.dll.cat
[2008.07.24 18:41:09 | 000,000,357 | ---- | C] () -- C:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\postgresinstall.bat
[2008.07.19 10:12:37 | 000,278,984 | ---- | C] () -- C:\WINNT\System32\drivers\atksgt.sys
[2008.07.19 10:12:36 | 000,025,416 | ---- | C] () -- C:\WINNT\System32\drivers\lirsgt.sys
[2008.04.13 19:15:57 | 000,000,095 | ---- | C] () -- C:\WINNT\winamp.ini
[2008.04.09 21:04:23 | 000,000,126 | ---- | C] () -- C:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.04.07 21:31:34 | 000,054,784 | ---- | C] () -- C:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.07 17:34:08 | 000,000,116 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2008.04.04 21:06:50 | 000,717,296 | ---- | C] () -- C:\WINNT\System32\drivers\sptd.sys
[2008.04.01 15:48:49 | 000,024,944 | ---- | C] () -- C:\WINNT\System32\drivers\GVTDrv.sys
[2008.04.01 13:37:35 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2008.04.01 13:30:55 | 000,000,394 | ---- | C] () -- C:\WINNT\ODBC.INI
[2008.04.01 13:02:30 | 001,703,936 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll
[2008.04.01 13:02:30 | 001,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll
[2008.04.01 13:02:29 | 000,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll
[2008.04.01 13:02:28 | 000,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll
[2008.04.01 13:02:27 | 001,474,560 | ---- | C] () -- C:\WINNT\System32\nview.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\AgCPanelSwedish.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\AgCPanelSpanish.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\AgCPanelPortugese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\AgCPanelKorean.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\AgCPanelJapanese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\AgCPanelGerman.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\AgCPanelFrench.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINNT\System32\giveio.sys
 
========== Files - Unicode (All) ==========
[2009.04.03 19:32:08 | 000,903,680 | ---- | M] ()(C:\Profile\Administrator\Eigene Dateien\Ich schmei?e ne Party und Ihr seid Eingeladen, Dima.htm) -- C:\Profile\Administrator\Eigene Dateien\Ich schmei�e ne Party und Ihr seid Eingeladen, Dima.htm
[2009.04.03 19:32:08 | 000,903,680 | ---- | C] ()(C:\Profile\Administrator\Eigene Dateien\Ich schmei?e ne Party und Ihr seid Eingeladen, Dima.htm) -- C:\Profile\Administrator\Eigene Dateien\Ich schmei�e ne Party und Ihr seid Eingeladen, Dima.htm
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\Profile\All Users\Anwendungsdaten\TEMP:8CEFE51A
@Alternate Data Stream - 111 bytes -> C:\Profile\All Users\Anwendungsdaten\TEMP:23BEBB72

< End of report >

--- --- ---

Extras.txt :
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 28.12.2010 13:10:31 - Run 1
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Profile\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 4,62 Gb Free Space | 9,46% Space Free | Partition Type: NTFS
Drive D: | 126,96 Gb Total Space | 9,76 Gb Free Space | 7,69% Space Free | Partition Type: NTFS
Drive E: | 122,30 Gb Total Space | 16,23 Gb Free Space | 13,27% Space Free | Partition Type: NTFS
Drive F: | 6,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 3,82 Gb Total Space | 1,07 Gb Free Space | 27,85% Space Free | Partition Type: NTFS
Drive K: | 29,29 Gb Total Space | 29,21 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive L: | 488,28 Gb Total Space | 488,18 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive M: | 345,58 Gb Total Space | 341,17 Gb Free Space | 98,73% Space Free | Partition Type: NTFS
Drive N: | 68,36 Gb Total Space | 54,96 Gb Free Space | 80,39% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER-N01 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Opera\Opera.exe" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"16726:TCP" = 16726:TCP:*:Enabled:BitComet 16726 TCP
"16726:UDP" = 16726:UDP:*:Enabled:BitComet 16726 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1037:TCP" = 1037:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Assassin's Creed\AssassinsCreed_Dx9.exe" = E:\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"E:\Assassin's Creed\AssassinsCreed_Dx10.exe" = E:\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"E:\Assassin's Creed\AssassinsCreed_Launcher.exe" = E:\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)
"G:\Programme\ICQ6\ICQ.exe" = G:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ Library -- File not found
"D:\ProENGINEER Student Edition\i486_nt\obj\ptcvconf.exe" = D:\ProENGINEER Student Edition\i486_nt\obj\ptcvconf.exe:*:Enabled:ptcvconf -- (PTC)
"C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)
"G:\Programme\VideoLAN\VLC\vlc.exe" = G:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- File not found
"C:\Programme\PPLive\PPLive.exe" = C:\Programme\PPLive\PPLive.exe:*:Enabled:PPLive -- ()
"C:\Programme\Opera\Opera.exe" = C:\Programme\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"E:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = E:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"D:\PokerStrategy Elephant\PokerStrategy Elephant.exe" = D:\PokerStrategy Elephant\PokerStrategy Elephant.exe:*:Enabled:PokerStrategy Elephant -- File not found
"C:\Programme\PokerStrategy\PokerStrategy Elephant\PokerStrategy Elephant.exe" = C:\Programme\PokerStrategy\PokerStrategy Elephant\PokerStrategy Elephant.exe:*:Enabled:PokerStrategy Elephant -- ()
"C:\Programme\PokerStrategy\PokerStrategy Equilator\Equilator.exe" = C:\Programme\PokerStrategy\PokerStrategy Equilator\Equilator.exe:*:Enabled:PokerStrategy Equilator -- (PokerStrategy)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Programme\PPLiveVA\PPLiveVA.exe" = C:\Programme\PPLiveVA\PPLiveVA.exe:*:Enabled:PPLiveVA -- (Synacast)
"D:\UnrealTournament\System\UnrealTournament.exe" = D:\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"H:\UnrealTournament\System\UnrealTournament.exe" = H:\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A9CE281-8B9E-39C1-4600-AA3DE7AB1031}" = Nero 7 Demo
"{1BC4026B-1957-4514-9058-2B542557F143}" = Opera 9.63
"{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = Der Pate® Das Spiel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35A0C956-ACF1-41AB-89DE-1772C8A27ACB}" = Dracula Origin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71F89FF7-C913-4A99-B4D9-C05BAA20790B}" = Autodesk Inventor Content Center Libraries 2011 (Desktop Content)
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738B1101-02CB-4608-A2A5-B55D6EC1CE2A}" = Texas Grab'em
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F4DD591-1532-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2011
"{7F4DD591-1532-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2011 Language Pack - Deutsch
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-0052-0407-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = The Godfather™ II
"{A27CAF84-656A-4D4D-9D95-D5B1368074C7}" = PokerStrategy Elephant
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4EB3763-9586-405D-B376-DE98C8C9285E}" = PokerStrategy Equilator
"{D52A721B-E44C-4AD7-AD4F-29D83144384B}" = Microsoft Tool Web Package : EXTRACT.EXE
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F69FD33C-8815-46BF-9134-A643DE68F3C0}" = WinFast(R) Display Driver
"{FE6397C1-CECA-4EC3-B064-42AED7676898}" = Sony Ericsson PC Suite
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Autodesk Inventor Professional 2011" = Autodesk Inventor Professional 2011 Deutsch
"AutoHotkey" = AutoHotkey 1.0.48.03
"bwin" = bwin Poker (remove only)
"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"doPDF 6  printer_is1" = doPDF 6.3  printer
"DWG TrueView 2010" = DWG TrueView 2010
"EADM" = EA Download Manager
"EasyTune5Pro" = EasyTune5Pro
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mansion Poker" = MansionPoker
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PartyPoker" = PartyPoker
"pcwRunAs3_is1" = pcwRunAs 0.3
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"PPLive" = PPLive 1.9
"Pro/ENGINEER Student Edition Release Wildfire 3.0 Datecode M030" = Pro/ENGINEER Student Edition Release Wildfire 3.0 Datecode M030
"SecondLife" = SecondLife (remove only)
"SlimBrowser" = SlimBrowser (remove only)
"SopCast" = SopCast 3.0.3
"SpeedFan" = SpeedFan (remove only)
"Titan Poker" = Titan Poker
"TVUPlayer" = TVUPlayer 2.5.2.1
"Uninstall_is1" = Uninstall 1.0.0.1
"WIC" = Windows Imaging Component
"Winamp" = Winamp (nur entfernen)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Companion" = Yahoo! Companion
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"pdfsam" = pdfsam
"PPLiveVA" = PPLive Video Accelerator
"SpadeEye" = SpadeEye
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.12.2010 11:42:12 | Computer Name = COMPUTER-N01 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 23.12.2010 05:18:57 | Computer Name = COMPUTER-N01 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 24.12.2010 13:00:11 | Computer Name = COMPUTER-N01 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 24.12.2010 22:00:47 | Computer Name = COMPUTER-N01 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 25.12.2010 09:07:43 | Computer Name = COMPUTER-N01 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 25.12.2010 20:50:02 | Computer Name = COMPUTER-N01 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 26.12.2010 12:05:54 | Computer Name = COMPUTER-N01 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 26.12.2010 19:16:29 | Computer Name = COMPUTER-N01 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 27.12.2010 07:02:13 | Computer Name = COMPUTER-N01 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 28.12.2010 04:06:55 | Computer Name = COMPUTER-N01 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
[ System Events ]
Error - 29.10.2010 23:06:35 | Computer Name = COMPUTER-N01 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "H:" aus.
 
Error - 30.10.2010 06:01:01 | Computer Name = COMPUTER-N01 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "H:" aus.
 
Error - 30.10.2010 06:01:01 | Computer Name = COMPUTER-N01 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "H:" aus.
 
Error - 30.10.2010 09:55:49 | Computer Name = COMPUTER-N01 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "H:" aus.
 
Error - 30.10.2010 09:55:49 | Computer Name = COMPUTER-N01 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "H:" aus.
 
Error - 30.10.2010 11:01:19 | Computer Name = COMPUTER-N01 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "H:" aus.
 
Error - 30.10.2010 11:01:19 | Computer Name = COMPUTER-N01 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "H:" aus.
 
Error - 30.10.2010 11:31:45 | Computer Name = COMPUTER-N01 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "H:" aus.
 
Error - 30.10.2010 11:31:45 | Computer Name = COMPUTER-N01 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "H:" aus.
 
Error - 25.12.2010 20:50:13 | Computer Name = COMPUTER-N01 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
 
< End of report >

--- --- ---

[/CODE]

cosinus · 28.12.2010, 20:09

Wir müssen beim shutdowner zwei Datei ersetzen, bitte runterladen und entpacken, direkt nach c: ins Hauptverzeichnis => c:\cosinus

Dann gehts so weiter:

PartedMagic

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 70 MB sein
2. Entpack die ZIP-Datei in einen beliebigen Pfad, es wird eine ISO-Datei (CD-Abbild) von PartedMagic entpackt

3. Brenn die ISO-Datei per Imagebrennfunktion auf CD, geht zB mit ImgBurn oder Nero per Imagebrennfunktion unter Windows
4. Boote den Rechner mit defektem Windows von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist

5. Du müsstest ein Symbol Mount Devices finden, das doppelklicken
6. Mounte die Partition wo Windows installiert ist, meistens ist es /dev/sda1
7. Benenne auf sda1 (bzw. die Partition wo Windows ist, falls es nicht sda1 sein sollte) folgende Dateien um, einfach ein .vir dranhängen:

Code:

ATTFilter

/windows/system32/winlogon.exe.vir
/windows/explorer.exe.vir

8. Die sauberen Dateien aus dem cosinus ordner in den jew. Windows-Systempfad kopieren

Code:

ATTFilter

/cosinus/winlogon.exe => /windows/system32/winlogon.exe
/cosinus/explorer.exe => /windows/explorer.exe

(müsste eigentlich alles ganz easy über den graphischen Dateibowser in Linux gehen)

9. Starte den Rechner neu und boote Windows
10. Falls Windows wieder normal bootet => die in Linux umbenannt Datei (die mit .vir) bei uns hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
11. Gib Bescheid wenn alles durch ist.

TR/Shutdowner.fft.5 in System32

Plagegeister aller Art und deren Bekämpfung: TR/Shutdowner.fft.5 in System32

TR/Shutdowner.fft.5 in System32

TR/Shutdowner.fft.5 in System32

Ähnliche Themen: TR/Shutdowner.fft.5 in System32