Hier auch: BKA-Trojaner

blaZZin · 15.04.2011, 15:40

Hallo zusammen,
mich hat ebenfalls der BKA-Trojaner erwischt.
Habe bereits den OTLPE-Scan per Live-CD ausgeführt.
Hier die Logs:

OTL.txt

Code:

ATTFilter

OTL logfile created on: 4/15/2011 5:27:44 PM - Run 
OTLPE by OldTimer - Version 3.1.46.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 146.48 Gb Total Space | 97.34 Gb Free Space | 66.45% Space Free | Partition Type: NTFS
Drive D: | 151.61 Gb Total Space | 109.80 Gb Free Space | 72.43% Space Free | Partition Type: NTFS
Drive E: | 7.52 Gb Total Space | 6.96 Gb Free Space | 92.63% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) --  File not found
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (BlueSoleilCS) -- C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
SRV - (BsHelpCS) -- C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
SRV - (BsMobileCS) -- C:\Programme\IVT Corporation\BlueSoleil\BsMobileCS.exe ()
SRV - (CTUPnPSv) -- C:\Programme\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (CTDevice_Srv) -- C:\Programme\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (Tosrfusb) --  File not found
DRV - (TosRfSnd) --  File not found
DRV - (tosrfnds) --  File not found
DRV - (Tosrfhid) --  File not found
DRV - (Tosrfcom) --  File not found
DRV - (tosrfbnp) --  File not found
DRV - (tosrfbd) --  File not found
DRV - (tosporte) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (Lavasoft Kernexplorer) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)
DRV - (BtHidBus) -- C:\WINDOWS\system32\drivers\BtHidBus.sys (IVT Corporation.)
DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.)
DRV - (btnetBUs) -- C:\WINDOWS\system32\drivers\btnetBus.sys ()
DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (IvtBtBUs) -- C:\WINDOWS\system32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (Cam5607) -- C:\WINDOWS\system32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (KMWDFilter) -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS (Windows (R) Codename Longhorn DDK provider)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (BTNetFilter) -- C:\Programme\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys (IVT Corporation.)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Jens_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.045
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.90
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..extensions.enabledItems: {9220f99f-5b7d-4a4d-97ca-209991796400}:1.5.1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/04/09 09:49:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/03/23 15:46:40 | 000,000,000 | ---D | M]
 
[2009/03/24 17:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Extensions
[2011/04/15 04:19:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions
[2011/01/05 19:00:40 | 000,000,000 | ---D | M] (FireShot) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/12/24 15:57:05 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2011/03/04 14:54:52 | 000,000,000 | ---D | M] (Stylish) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/12/24 15:57:07 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011/04/09 14:33:40 | 000,000,000 | ---D | M] (Gutscheinaffe) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}
[2011/04/09 14:33:40 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2011/04/09 14:33:38 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/04/09 14:33:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/12 15:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/12 15:44:16 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/04/09 14:33:39 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/04/09 14:33:37 | 000,000,000 | ---D | M] (Lazarus: Form Recovery) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\lazarus@interclue.com
[2011/04/09 14:33:36 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\unplug@compunach
[2011/03/12 15:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011/04/15 04:19:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009/05/05 08:37:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/06 07:29:26 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/03/06 07:29:26 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/03/06 07:29:26 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/03/06 07:29:26 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/03/06 07:29:26 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BtTray] C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [DeLay] C:\WINDOWS\BisonCam\DeLay.exe (Bison Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Programme\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\Jens_ON_C..\Run: [Freebie Notes] C:\Programme\Power Soft\Freebie Notes\FreebieNotes.exe (Power Soft)
O4 - HKU\Jens_ON_C..\Run: [Miranda IM472] C:\Programme\Miranda IM\miranda32.exe ( )
O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jens_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Per Mitteilung versenden(&M) ... - C:\Programme\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O8 - Extra context menu item: Über Bluetooth senden - C:\Programme\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Programme\Mozilla Firefox\null0.3948125339650338.exe) - C:\Programme\Mozilla Firefox\null0.3948125339650338.exe (Vmfdyadxd Vitipbuc)
O20 - HKLM Winlogon: UIHost - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/24 15:21:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/11 17:17:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jens\Desktop\MS Office 2007
[2011/04/09 16:59:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Sierra
[2011/04/09 16:59:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jens\Eigene Dateien\Empire Earth II
[2011/04/09 16:47:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sierra
[2011/04/09 16:46:50 | 000,000,000 | ---D | C] -- C:\Programme\Sierra
[2011/04/01 13:04:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jens\Eigene Dateien\PassportPhoto settings
[2011/04/01 13:04:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\passport_photo
[2011/04/01 13:04:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jens\Startmenü\Programme\PassportPhoto
[2011/04/01 13:04:06 | 000,000,000 | ---D | C] -- C:\Programme\PassportPhoto
[2011/03/27 08:23:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jens\Startmenü\Programme\BrowserPlus
[2011/03/27 08:22:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jens\Lokale Einstellungen\Anwendungsdaten\Yahoo!
[2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/15 10:02:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/15 10:01:42 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini
[2011/04/15 09:14:25 | 000,006,278 | ---- | M] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2011/04/15 09:14:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/15 09:14:10 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/15 05:07:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/15 04:09:21 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/04/10 13:27:40 | 009,993,462 | ---- | M] () -- C:\Dokumente und Einstellungen\Jens\Desktop\Internetanbieter Vergliech.bmp
[2011/04/09 17:21:01 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/04/09 16:47:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sierra
[2011/04/07 13:04:53 | 000,002,295 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk
[2011/04/06 15:14:24 | 000,408,628 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/04/06 15:14:24 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/06 15:14:24 | 000,071,590 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/04/06 15:14:24 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/02 11:46:07 | 000,002,521 | ---- | M] () -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/04/10 13:27:40 | 009,993,462 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\Desktop\Internetanbieter Vergliech.bmp
[2011/04/09 17:21:01 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/12/30 16:00:52 | 000,000,125 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI
[2010/12/30 15:57:30 | 000,006,278 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2010/12/30 15:57:29 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI
[2010/12/30 15:53:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI
[2010/12/23 06:11:08 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2010/12/23 06:11:08 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2010/10/23 15:12:49 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2010/10/06 11:14:41 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\.recently-used.xbel
[2010/10/06 11:14:37 | 000,007,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\OnlineBanking.20101006171437.xac
[2010/10/06 11:14:30 | 000,001,476 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\OnlineBanking.20101006171430.xac
[2010/10/06 11:03:13 | 000,001,094 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\OnlineBanking.20101006170313.xac
[2010/10/06 11:00:12 | 000,000,938 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\OnlineBanking.20101006170012.xac
[2010/10/06 10:54:24 | 000,007,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\OnlineBanking
[2010/10/04 17:38:33 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/09/24 03:49:00 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a_gui.exe
[2010/09/24 03:49:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.exe
[2010/09/24 03:48:58 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
[2010/05/01 09:20:00 | 002,185,518 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/10/02 12:22:45 | 000,000,030 | ---- | C] () -- C:\WINDOWS\USDL_GrandPrix_v1.6.4_XP.INI
[2009/09/29 11:29:39 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\$_hpcst$.hpc
[2009/08/12 16:50:05 | 000,000,996 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/05/24 15:33:13 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/05/19 08:47:44 | 000,000,309 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\ds2sge.conf
[2009/05/11 08:43:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/07 05:42:08 | 000,000,123 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\default.pls
[2009/03/25 11:09:36 | 000,198,916 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2009/03/25 10:42:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/25 10:42:36 | 000,044,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/25 10:05:03 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009/03/25 08:32:09 | 000,000,602 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/24 17:08:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/24 15:55:14 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/03/24 15:55:08 | 000,000,188 | R--- | C] () -- C:\WINDOWS\OEM.ini
[2009/03/24 15:31:31 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/03/24 15:22:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/24 15:18:27 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/24 15:11:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/24 15:10:26 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/27 12:04:46 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini
[2009/02/27 11:45:16 | 000,405,589 | ---- | C] () -- C:\WINDOWS\System32\BsUI.dll
[2009/02/27 11:44:50 | 000,278,647 | ---- | C] () -- C:\WINDOWS\System32\outlookAddin.dll
[2009/02/27 11:44:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\HtmPrintHelper.dll
[2009/02/27 11:44:10 | 000,622,693 | ---- | C] () -- C:\WINDOWS\System32\BSShell.dll
[2009/02/27 11:41:02 | 000,122,976 | ---- | C] () -- C:\WINDOWS\System32\BsMobileSDK.dll
[2009/02/27 11:40:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll
[2009/02/27 11:38:38 | 000,106,595 | ---- | C] () -- C:\WINDOWS\System32\Bs2Res.dll
[2008/12/17 12:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 12:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 12:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 12:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 11:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/07 07:44:54 | 000,030,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2008/10/22 10:30:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,408,628 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008/04/14 08:00:00 | 000,395,200 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,071,590 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008/04/14 08:00:00 | 000,059,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/03/07 08:54:22 | 017,907,824 | ---- | C] () -- C:\WINDOWS\System32\BsLangInDepRes.dll
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/11/02 11:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
 
========== LOP Check ==========
 
[2010/10/04 17:38:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\System32\config\systemprofile\Anwendungsdaten\Application Updater
[2010/09/25 12:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\.minecraft
[2010/10/06 07:30:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\BayCalculator
[2009/12/21 12:50:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Canon
[2010/10/03 14:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\CursorArts
[2010/10/20 14:34:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\de.comdirect.ticker.CD5696F93DD370A1D14916944CB4AC4A409DD315.1
[2010/10/02 12:23:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\FireShot
[2010/10/06 11:08:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\gtk-2.0
[2010/10/03 14:48:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\IconTweaker
[2010/10/02 09:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\IrfanView
[2009/05/05 08:44:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\JCreator
[2010/12/27 08:56:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\My Games
[2009/04/16 10:05:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Opera
[2011/04/01 13:04:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\passport_photo
[2009/03/24 16:00:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Protector Suite
[2010/10/17 14:46:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\QuickScan
[2011/04/09 16:59:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Sierra
[2010/10/28 10:36:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\temp
[2010/12/30 13:53:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\TOSHIBA
[2009/12/20 21:15:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\TS3Client
[2009/03/25 08:05:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\TuneUp Software
[2010/05/11 05:15:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2009/08/27 08:05:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2009/12/21 12:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJ
[2010/10/03 14:48:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IconTweaker
[2009/05/05 08:44:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\JCreator
[2010/10/06 07:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Power Soft
[2010/10/04 18:48:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010/11/01 16:19:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield
[2010/10/03 07:22:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\System Restore
[2010/12/30 15:46:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TOSHIBA
[2009/03/25 08:15:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009/03/24 15:58:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2009/08/11 12:34:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{4D18D6A0-D216-4470-B464-1F2DC271458B}
[2009/08/11 12:34:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{6608C652-8B5C-4778-BAC8-B59DD368D024}
[2011/03/04 12:15:42 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
 
========== Purity Check ==========
 
 
< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 4/15/2011 5:27:44 PM - Run 
OTLPE by OldTimer - Version 3.1.46.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 146.48 Gb Total Space | 97.34 Gb Free Space | 66.45% Space Free | Partition Type: NTFS
Drive D: | 151.61 Gb Total Space | 109.80 Gb Free Space | 72.43% Space Free | Partition Type: NTFS
Drive E: | 7.52 Gb Total Space | 6.96 Gb Free Space | 92.63% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
"C:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\HPWUCli.exe" = C:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe" = C:\Programme\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
"C:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\HPWUCli.exe" = C:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\KONAMI\Pro Evolution Soccer 2011\pes2011.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\Steam\SteamApps\blazzinflame\counter-strike\hl.exe" = C:\Programme\Steam\SteamApps\blazzinflame\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Programme\Steam\SteamApps\blazzinflame\condition zero\hl.exe" = C:\Programme\Steam\SteamApps\blazzinflame\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero -- (Valve)
"C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"C:\Programme\Steam\SteamApps\common\america's army 3\Binaries\AA3Game.exe" = C:\Programme\Steam\SteamApps\common\america's army 3\Binaries\AA3Game.exe:*:Enabled:America's Army 3 -- ()
"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{17857C69-7BF4-4821-9626-76C1597FD9F0}" = hpg3800
"{1A1A9F0B-2C77-40EE-9052-42B2EBBDD52B}" = HP Scanjet 3800
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{2D7D9D86-923A-41A8-919F-437332AB1031}" = Nero 7 Ultra Edition
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = BisonCam
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}" = Dungeon Siege 2 Broken World
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C0A871F9-D580-4404-9A69-A02CF3078C87}" = Bluesoleil 6.4.249.0
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"4C806F98217A7FD4E853F458FF399F052625F21C" = Windows-Treiberpaket - Hewlett-Packard Image  (12/28/2006 8.0.0.0)
"Access" = Microsoft Office Access 2007
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"C&C - Zero Hour - Full Uncut Patch Final v.2.5" = C&C - Zero Hour - Full Uncut Patch Final v.2.5
"Canon MP620 series Benutzerregistrierung" = Canon MP620 series Benutzerregistrierung
"CCleaner" = CCleaner
"Creative Centrale" = Creative Centrale
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DungeonSiege2" = Dungeon Siege 2
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EXCEL" = Microsoft Office Excel 2007
"Freecorder Toolbar3.0" = Freecorder Toolbar 3.0 Application
"FreeNotes2_is1" = Freebie Notes
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"nLite_is1" = nLite 1.4.9.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OUTLOOK" = Microsoft Office Outlook 2007
"ProInst" = Intel PROSet Wireless
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Steam App 10" = Counter-Strike
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 13140" = America's Army 3
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 410" = Portal: First Slice
"Steam App 80" = Counter-Strike: Condition Zero
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UltraDefrag" = Ultra Defragmenter
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"WORD" = Microsoft Office Word 2007
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"xp-AntiSpy" = xp-AntiSpy 3.96-4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Jens_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PassportPhoto" = PassportPhoto (remove)
"Warcraft III" = Warcraft III: All Products
"WinSetupFromUSB" = WinSetupFromUSB
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
< End of report >

Danke schonmal für eure Hilfe. :-)

markusg · 15.04.2011, 15:50

na da haben wir ja schon übung :
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:

Code:

ATTFilter

:OTL
O20 - HKLM Winlogon: Shell - (C:\Programme\Mozilla Firefox\null0.3948125339650338.exe) - C:\Programme\Mozilla Firefox\null0.3948125339650338.exe (Vmfdyadxd Vitipbuc)
:Files
C:\Programme\Mozilla Firefox\null0.3948125339650338.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt auf deinem stick.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

öffne arbeitsplatz, öffne c: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
lade das archiv in unserem upload channel hoch.
http://www.trojaner-board.de/54791-a...ner-board.html

blaZZin · 15.04.2011, 16:09

Bin so vorgegangen, aber der Computer hat den Neustart nicht selbst ausgeführt. Das habe ich dann manuell gemacht und komme wieder ganz normal auf den Desktop. Nun öffnet sich leider keine OTL.txt.
Wo finde ich diese?

EDIT:
Habe die MovedFiles jetzt hochgeladen.

markusg · 15.04.2011, 16:25

ist angekommen und log ist da drinn im ordner, sehe ich mir an.
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

blaZZin · 15.04.2011, 17:12

Schonmal vielen, vielen Dank für die schnelle und effektive Hilfe. :-)
Hier der Malwarebytes Log:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6369

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15.04.2011 19:08:30
mbam-log-2011-04-15 (19-08-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 247860
Laufzeit: 24 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programme\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\programme\cryptload\router\fritz!box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
c:\usb_multiboot2\u_content\wintools\othertools\iehv.exe (PUP.HistoryTool) -> Quarantined and deleted successfully.
c:\usb_multiboot2\u_content\wintools\othertools\ProduKey.exe (PUP.PSWTool.ProductKey) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\04152011_180312\c_programme\mozilla firefox\null0.3948125339650338.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
e:\sonstiges\cracks & keys\keygeneratoren\fff-ea146.exe (Trojan.Orsam) -> Quarantined and deleted successfully.
e:\sonstiges\Setups\usb_multiboot2\u_content\wintools\othertools\iehv.exe (PUP.HistoryTool) -> Not selected for removal.
e:\sonstiges\Setups\usb_multiboot2\u_content\wintools\othertools\ProduKey.exe (PUP.PSWTool.ProductKey) -> Not selected for removal.

Habe 5 Objekte nicht enfternt, bei denen ich mir sicher bin, dass sie keine Bedrohung darstellen. ;-)

markusg · 15.04.2011, 17:14

illegale software unterstützen wir hier nicht
e:\sonstiges\cracks & keys\keygeneratoren\fff-ea146.exe (Trojan.Orsam) -> Quarantined and deleted successfully.
außer beim formatieren gibts hilfe

blaZZin · 15.04.2011, 17:28

da kann ich mich jetzt wohl schlecht rausreden. ;-)
mein fehler.

trotzdem vielen dank!

15.04.2011, 17:14	#6
markusg /// Malware-holic	Hier auch: BKA-Trojaner illegale software unterstützen wir hier nicht e:\sonstiges\cracks & keys\keygeneratoren\fff-ea146.exe (Trojan.Orsam) -> Quarantined and deleted successfully. außer beim formatieren gibts hilfe __________________ --> Hier auch: BKA-Trojaner

Hier auch: BKA-Trojaner

Log-Analyse und Auswertung: Hier auch: BKA-Trojaner