Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.01.2012, 22:26   #1
Bananaphone
 
Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit - Standard

Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit



Hallo alle,

scheinbar gibt es zur Zeit eine richtige Welle von diesen Trojanern... und leider hat's mich auch erwischt und ersuche euch nun um Hilfe. Betroffen ist die Windows 7 Partition meines Laptops(den ich auch fürs Studium nutze :/), diese startet nicht mehr (nur noch im abgesicherten Modus) und es wird nur das übliche Abzock-Bild gezeigt. Meine Windows XP (SP3) Partition funktioniert, zumindest augenscheinlich, noch. Zusätzlich habe ich noch einen alten Rechner zur Verfügung, der unbetroffen ist.
Avira habe ich durchlaufen lassen, hat aber keine Funde geliefert.
Defogger habe ich wie beschrieben ausgeführt.
OTL habe ich durchlaufen lassen.

Über Hilfe wäre ich echt dankbar ,

mfg

OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.01.2012 21:57:56 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\chris2\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 81,75% Memory free
7,93 Gb Paging File | 7,32 Gb Available in Paging File | 92,31% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,00 Gb Total Space | 12,86 Gb Free Space | 32,14% Space Free | Partition Type: NTFS
Drive E: | 226,38 Gb Total Space | 79,28 Gb Free Space | 35,02% Space Free | Partition Type: NTFS
Drive G: | 40,00 Gb Total Space | 26,02 Gb Free Space | 65,05% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOLEON | User Name: chris2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.26 21:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris2\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.04 02:51:20 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.07.02 11:53:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.01 10:59:43 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.17 23:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.12 13:25:17 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.07.02 11:53:08 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.02 11:53:08 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.24 14:05:00 | 000,144,688 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.01.28 16:07:47 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.04 03:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.08.04 03:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.04 02:15:44 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.10.09 07:50:50 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.09 04:18:20 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.28 14:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2008.08.28 10:52:56 | 000,324,656 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.01.10 19:34:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2011.03.18 17:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009.08.27 06:30:17 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 D2 37 81 D2 D1 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.14
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Programme\Java\jre6_64\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Programme\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: E:\Programme\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: E:\Programme\Mozilla Firefox\components [2011.12.21 17:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2011.12.21 17:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: E:\Programme\Mozilla Thunderbird\components [2011.09.25 17:15:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: E:\Programme\Mozilla Thunderbird\plugins
 
[2011.03.08 11:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris2\AppData\Roaming\Mozilla\Extensions
[2010.10.04 13:55:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris2\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.21 13:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris2\AppData\Roaming\Mozilla\Firefox\Profiles\1u9xfgkt.default\extensions
[2012.01.21 13:37:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\chris2\AppData\Roaming\Mozilla\Firefox\Profiles\1u9xfgkt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.01.21 13:37:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\chris2\AppData\Roaming\Mozilla\Firefox\Profiles\1u9xfgkt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.04.07 22:46:02 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\chris2\AppData\Roaming\Mozilla\Firefox\Profiles\1u9xfgkt.default\extensions\2020Player@2020Technologies.com
[2010.04.11 14:22:25 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2011.05.23 17:52:07 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 	127.0.0.1       localhost
O1 - Hosts: 	::1             localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\Java\jre6_64\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Run StartupMonitor] C:\Windows\StartupMonitor.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe (ICQ Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3C49D00-35F3-45BA-9A00-F4BDB0D646F6}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.11 11:08:26 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3cbc554e-0d14-11e1-a208-0024540612a2}\Shell - "" = AutoRun
O33 - MountPoints2\{3cbc554e-0d14-11e1-a208-0024540612a2}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.26 21:08:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\chris2\Desktop\OTL.exe
[2012.01.15 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\chris2\Desktop\gldemo_rock_e
[2012.01.12 21:31:37 | 000,000,000 | ---D | C] -- C:\Users\chris2\Desktop\gldemo_rock
[2012.01.12 17:06:26 | 000,000,000 | ---D | C] -- E:\Documents\Visual Studio 2010
[2012.01.12 16:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012.01.12 16:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012.01.12 16:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
[2012.01.12 16:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012.01.12 16:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012.01.12 16:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.01.12 16:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012.01.12 16:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.01.12 16:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
[2012.01.12 16:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.01.12 16:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2012.01.12 16:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2012.01.12 16:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS
[2012.01.12 16:50:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2012.01.12 16:50:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2012.01.12 16:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
[2012.01.12 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F#
[2012.01.12 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2012.01.12 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
[2012.01.12 16:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2012.01.12 16:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2012.01.12 16:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2012.01.12 16:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2012.01.12 16:48:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2012.01.12 16:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.01.12 16:40:01 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.01.09 13:52:48 | 000,000,000 | ---D | C] -- C:\Users\chris2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\#Start Menu#
[2012.01.07 15:49:16 | 000,000,000 | ---D | C] -- C:\Users\chris2\AppData\Roaming\Canneverbe Limited
[2012.01.07 15:48:00 | 000,000,000 | ---D | C] -- E:\Documents\CDBurnerXP Projects
[2012.01.07 15:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.01.06 16:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos Interactive
[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\chris2\AppData\Local\CDRip.dll
[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\chris2\AppData\Local\No23 Recorder.exe
[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\chris2\AppData\Local\basscd.dll
[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\chris2\AppData\Local\bass.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.26 21:09:36 | 000,000,000 | ---- | M] () -- C:\Users\chris2\defogger_reenable
[2012.01.26 21:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris2\Desktop\OTL.exe
[2012.01.26 21:08:03 | 000,050,477 | ---- | M] () -- C:\Users\chris2\Desktop\Defogger.exe
[2012.01.26 20:57:20 | 000,655,732 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.26 20:57:20 | 000,124,472 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.26 20:52:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.26 20:52:49 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.26 19:38:02 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.26 19:38:02 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.26 19:35:48 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.26 17:22:11 | 000,001,051 | ---- | M] () -- C:\Users\chris2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.5893427876083296.exe.lnk
[2012.01.26 14:20:36 | 000,002,062 | -H-- | M] () -- E:\Documents\Default.rdp
[2012.01.22 23:21:15 | 000,000,600 | ---- | M] () -- C:\Users\chris2\AppData\Roaming\winscp.rnd
[2012.01.22 18:46:23 | 000,075,571 | ---- | M] () -- C:\Users\chris2\Desktop\Postal-v3.4.13.zip
[2012.01.21 13:32:35 | 000,008,209 | ---- | M] () -- C:\Users\chris2\Desktop\grooveshark_unlocker-1.0-fx.zip
[2012.01.19 23:56:42 | 000,000,881 | ---- | M] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012.01.16 11:36:38 | 000,314,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.15 13:18:23 | 000,000,999 | ---- | M] () -- C:\Users\chris2\Desktop\Microsoft Visual Studio 2010.lnk
[2012.01.13 22:05:05 | 000,075,562 | ---- | M] () -- C:\Users\chris2\Desktop\tagettes.zip
[2012.01.12 21:31:20 | 017,649,835 | ---- | M] () -- C:\Users\chris2\Desktop\gldemo_rock.zip
[2012.01.12 16:48:06 | 000,764,126 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.09 13:54:22 | 000,000,032 | ---- | M] () -- C:\Windows\a1b2c3.INI
[2012.01.07 15:59:14 | 000,001,086 | ---- | M] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\DTLite.exe - Shortcut.lnk
[2012.01.07 15:49:12 | 001,556,992 | ---- | M] () -- C:\Windows\is-2S9V8.exe
[2012.01.07 15:49:12 | 000,021,031 | ---- | M] () -- C:\Windows\is-2S9V8.msg
[2012.01.07 15:49:12 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.01.07 15:49:12 | 000,000,331 | ---- | M] () -- C:\Windows\is-2S9V8.lst
[2012.01.06 13:36:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.01.03 16:50:07 | 000,001,136 | ---- | M] () -- C:\Users\chris2\Desktop\HWMonitor.exe.lnk
[2012.01.03 16:48:25 | 000,001,037 | ---- | M] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\notepad++.exe.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.26 21:09:36 | 000,000,000 | ---- | C] () -- C:\Users\chris2\defogger_reenable
[2012.01.26 21:08:02 | 000,050,477 | ---- | C] () -- C:\Users\chris2\Desktop\Defogger.exe
[2012.01.26 17:22:06 | 000,001,051 | ---- | C] () -- C:\Users\chris2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.5893427876083296.exe.lnk
[2012.01.22 18:46:19 | 000,075,571 | ---- | C] () -- C:\Users\chris2\Desktop\Postal-v3.4.13.zip
[2012.01.21 13:32:35 | 000,008,209 | ---- | C] () -- C:\Users\chris2\Desktop\grooveshark_unlocker-1.0-fx.zip
[2012.01.15 13:18:23 | 000,000,999 | ---- | C] () -- C:\Users\chris2\Desktop\Microsoft Visual Studio 2010.lnk
[2012.01.13 22:05:05 | 000,075,562 | ---- | C] () -- C:\Users\chris2\Desktop\tagettes.zip
[2012.01.12 21:26:22 | 017,649,835 | ---- | C] () -- C:\Users\chris2\Desktop\gldemo_rock.zip
[2012.01.12 16:48:03 | 000,764,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.09 13:52:54 | 000,000,032 | ---- | C] () -- C:\Windows\a1b2c3.INI
[2012.01.07 15:59:14 | 000,001,086 | ---- | C] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\DTLite.exe - Shortcut.lnk
[2012.01.07 15:49:12 | 001,556,992 | ---- | C] () -- C:\Windows\is-2S9V8.exe
[2012.01.07 15:49:12 | 000,021,031 | ---- | C] () -- C:\Windows\is-2S9V8.msg
[2012.01.07 15:49:12 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.01.07 15:49:12 | 000,000,734 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.01.07 15:49:12 | 000,000,331 | ---- | C] () -- C:\Windows\is-2S9V8.lst
[2012.01.06 13:36:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.01.03 16:50:07 | 000,001,136 | ---- | C] () -- C:\Users\chris2\Desktop\HWMonitor.exe.lnk
[2012.01.03 16:48:25 | 000,001,037 | ---- | C] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\notepad++.exe.lnk
[2011.11.02 16:01:51 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.10.19 19:12:17 | 000,000,600 | ---- | C] () -- C:\Users\chris2\AppData\Roaming\winscp.rnd
[2011.08.04 12:57:59 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.08.04 12:54:51 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.07.22 19:43:21 | 000,001,470 | ---- | C] () -- C:\Users\chris2\AppData\Local\RecConfig.xml
[2011.04.18 21:45:35 | 000,046,790 | ---- | C] () -- C:\Users\chris2\AppData\Roaming\room.dat
[2011.03.18 18:43:59 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2011.03.18 18:43:59 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe
[2010.12.13 23:04:46 | 000,001,063 | ---- | C] () -- C:\Users\chris2\AppData\Roaming\MPQEditor.ini
[2010.12.02 17:22:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.10.04 15:36:42 | 000,007,605 | ---- | C] () -- C:\Users\chris2\AppData\Local\Resmon.ResmonCfg
[2010.10.04 13:55:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.04 01:01:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\chris2\AppData\Local\lame_enc.dll
[2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\chris2\AppData\Local\vorbisenc.dll
[2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\chris2\AppData\Local\vorbisfile.dll
[2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\chris2\AppData\Local\vorbis.dll
[2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\chris2\AppData\Local\ogg.dll
[2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\chris2\AppData\Local\no23xwrapper.dll
[2004.03.30 21:47:44 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\nl_msgs.dll
[2004.03.30 21:47:41 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\nl_msgc.dll
[2000.05.20 16:23:48 | 000,086,016 | ---- | C] () -- C:\Windows\StartupMonitor.exe
 
========== LOP Check ==========
 
[2011.04.15 23:14:01 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\.minecraft
[2010.12.17 23:34:07 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Amazon
[2012.01.07 15:49:16 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Canneverbe Limited
[2011.12.07 21:26:32 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Canon
[2011.11.12 13:28:19 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\DAEMON Tools Lite
[2011.04.27 21:26:30 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Dev-Cpp
[2012.01.24 08:26:53 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\foobar2000
[2011.05.30 01:05:24 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\gtk-2.0
[2012.01.26 13:51:58 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\ICQ
[2010.10.04 15:47:49 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\ICQLite
[2010.10.08 20:53:19 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\LockTime
[2011.10.31 00:32:52 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\LolClient
[2010.10.04 16:10:07 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Miranda
[2011.10.31 16:13:10 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Notepad++
[2010.12.07 16:55:12 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\OpenOffice.org
[2010.10.04 01:51:54 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Opera
[2010.10.24 00:54:08 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\RayV
[2010.12.08 13:34:43 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Subversion
[2010.12.07 22:39:03 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\syntevo
[2011.10.09 11:43:30 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Thinstall
[2010.10.04 13:55:11 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Thunderbird
[2011.11.06 01:42:30 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\VBA-M
[2010.11.30 19:12:39 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\wsIRC
[2010.10.05 21:35:41 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Youtube Downloader HD
[2011.11.30 13:28:37 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.10.04 01:12:47 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.10.04 02:49:10 | 000,000,000 | ---D | M] -- C:\AMD
[2010.10.04 02:55:14 | 000,000,000 | ---D | M] -- C:\ATI
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.10.04 02:33:17 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.12 16:59:10 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.12 16:59:00 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.07 15:47:58 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.11.27 13:05:41 | 000,000,000 | ---D | M] -- C:\Programme
[2010.10.04 01:12:29 | 000,000,000 | -HSD | M] -- C:\Recovery
[2010.10.26 20:37:05 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.10.04 16:38:45 | 000,000,000 | ---D | M] -- C:\symbols
[2012.01.26 19:34:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.10.04 01:12:38 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.26 17:23:56 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
[2007.01.18 20:09:54 | 000,623,616 | ---- | M] (Ivan Bischof ©2003 - 2005) -- C:\Users\chris2\AppData\Local\No23 Recorder.exe
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7631EA83

< End of report >
         
--- --- ---





Extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.01.2012 21:57:56 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\chris2\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 81,75% Memory free
7,93 Gb Paging File | 7,32 Gb Available in Paging File | 92,31% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,00 Gb Total Space | 12,86 Gb Free Space | 32,14% Space Free | Partition Type: NTFS
Drive E: | 226,38 Gb Total Space | 79,28 Gb Free Space | 35,02% Space Free | Partition Type: NTFS
Drive G: | 40,00 Gb Total Space | 26,02 Gb Free Space | 65,05% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOLEON | User Name: chris2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- E:\Programme\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- E:\Programme\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "E:\Programme\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "E:\Programme\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "E:\Programme\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "E:\Programme\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4808" = CanoScan 5600F Scanner Driver
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1DABE61D-DE02-4404-939A-925C202B3721}" = Oracle VM VirtualBox 4.0.10
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{64A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22 (64-bit)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{69D65833-4A83-267A-7DB4-9FCBBE72675D}" = ATI Catalyst Install Manager
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{A269F383-3E55-DAFF-F948-655FDB3DB58A}" = ccc-utility64
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"nbi-nb-base-7.0.0.0.0" = NetBeans IDE 7.0
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Aero (Tahoma Font)_is1" = Windows Aero (Tahoma Font)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15353551-375C-8E5A-5CAF-A4564C1CC2A5}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{485B9C29-6B47-22AF-022A-F9D65292F3A7}" = CCC Help English
"{4893B2BB-5C9B-7E6C-4BAD-BDFBAB33184A}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{5725E5CA-A91D-C903-99DB-F8C010E0B637}" = Catalyst Control Center InstallProxy
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6BB3D375-1CFC-4E8A-86F9-CC0D7C2AE15B}" = SmartSVN 6.6
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{716DF934-6FDC-47E8-879A-4AD63BFF02F9}" = PHOTORECOVERY for Digital Media DEMO
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB7D24EC-BB5A-E746-C5D2-526BBE6C36AD}" = Catalyst Control Center Graphics Previews Vista
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACCEB7C3-4F3A-4C43-93CA-644951D08B0D}" = TortoiseSVN 1.6.12.20536 (32 bit)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}" = POV-Ray for Windows v3.62
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battle.net" = Battle.net
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo" = Diablo
"Fraps" = Fraps (remove only)
"ghsw.info-ams_is1" = ghsw.info Inventarverwaltung 1.1.4
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"GSview 4.9" = GSview 4.9
"HEXwrite_is1" = HEXwrite
"hon" = Heroes of Newerth
"ICQLite" = ICQ 5.1
"Kain 2" = Legacy of Kain: Soul Reaver
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"MiKTeX 2.9" = MiKTeX 2.9
"Miranda IM" = Miranda IM 0.9.4
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NClass_is1" = NClass 2.03
"NetLimiter" = NetLimiter 1.30 (remove only)
"Opera 11.60.1185" = Opera 11.60
"Puhbert's Quest Demo" = Puhbert's Quest Demo
"RayV" = DTVblizzcon
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"SpeedFan" = SpeedFan (remove only)
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.3.5
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"xampp" = XAMPP 1.7.4
"XN Resource Editor_is1" = XNResourceEditor 3.0.0.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BorderLayoutDemo" = BorderLayoutDemo
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"MiG Calendar Demo" = MiG Calendar Demo
"MiG Layout Swing Demo Application" = MiG Layout Swing Demo Application
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.01.2012 13:00:42 | Computer Name = laptoleon | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 12.01.2012 13:00:42 | Computer Name = laptoleon | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 12.01.2012 13:01:08 | Computer Name = laptoleon | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 12.01.2012 13:01:08 | Computer Name = laptoleon | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 22.01.2012 18:06:48 | Computer Name = laptoleon | Source = Application Error | ID = 1000
Description = Faulting application name: VirtualBox.exe, version: 4.0.10.0, time
 stamp: 0x4e048ba3  Faulting module name: QtCoreVBox4.dll, version: 4.4.3.0, time 
stamp: 0x49d69ee1  Exception code: 0x80000001  Fault offset: 0x00000000001b4f25  Faulting
 process id: 0xd00  Faulting application start time: 0x01ccd951dcc9534f  Faulting application
 path: E:\Programme\Oracle\VirtualBox\VirtualBox.exe  Faulting module path: E:\Programme\Oracle\VirtualBox\QtCoreVBox4.dll
Report
 Id: 6083ddab-4545-11e1-9edf-0024540612a2
 
Error - 22.01.2012 18:07:52 | Computer Name = laptoleon | Source = Application Hang | ID = 1002
Description = The program VirtualBox.exe version 4.0.10.0 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: fdc    Start
 Time: 01ccd951e281f683    Termination Time: 10    Application Path: E:\PROGRA~1\Oracle\VIRTUA~1\VirtualBox.exe

Report
 Id: 85571a89-4545-11e1-9edf-0024540612a2  
 
Error - 22.01.2012 18:07:57 | Computer Name = laptoleon | Source = Application Hang | ID = 1002
Description = The program VirtualBox.exe version 4.0.10.0 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: d00    Start
 Time: 01ccd951dcc9534f    Termination Time: 3    Application Path: E:\Programme\Oracle\VirtualBox\VirtualBox.exe

Report
 Id: 8890e449-4545-11e1-9edf-0024540612a2  
 
Error - 26.01.2012 15:57:17 | Computer Name = laptoleon | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
 correctly. The malformed string is 8316. The first DWORD in the Data section contains
 the index value to the malformed string while the second and third DWORDs in the
 Data section contain the last valid index values.
 
Error - 26.01.2012 15:57:17 | Computer Name = laptoleon | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
Error - 26.01.2012 15:57:20 | Computer Name = laptoleon | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
 correctly. The malformed string is 8316. The first DWORD in the Data section contains
 the index value to the malformed string while the second and third DWORDs in the
 Data section contain the last valid index values.
 
[ Cisco AnyConnect VPN Client Events ]
Error - 25.01.2012 09:52:09 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CIpcDepot::writeIpc File: .\IPC\IPCDepot.cpp Line: 596 Invoked
 Function: CIpcTransport::writeIpc Return Code: -31522805 (0xFE1F000B) Description:
 SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 25.01.2012 09:52:09 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::OnTunnelStateChange File: .\VpnMgr.cpp Line: 4135
Invoked
 Function: CVpnMgr::sendStateTlv Return Code: -31522805 (0xFE1F000B) Description: 
SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1257 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
 An existing connection was forcibly closed by the remote host.   
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1258 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
 unknown 
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 823 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 811 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801 
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1644 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: An existing
 connection was forcibly closed by the remote host.   
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 385 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 25.01.2012 13:31:14 | Computer Name = laptoleon | Source = vpnagent | ID = 67110873
Description = Termination reason code 5: The user is logging off the system.
 
Error - 25.01.2012 13:31:14 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\BrowserProxy.cpp Line:
 1040 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: The system
 cannot find the file specified.   
 
[ System Events ]
Error - 26.01.2012 16:50:00 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 26.01.2012 16:52:18 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 26.01.2012 16:52:18 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 26.01.2012 16:52:18 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 26.01.2012 16:57:06 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 26.01.2012 16:57:06 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 26.01.2012 16:57:06 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 26.01.2012 16:59:24 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 26.01.2012 16:59:24 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 26.01.2012 16:59:24 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
 
< End of report >
         
--- --- ---
Angehängte Dateien
Dateityp: txt OTL.Txt (87,0 KB, 179x aufgerufen)
Dateityp: txt Extras.Txt (48,2 KB, 907x aufgerufen)

Geändert von Bananaphone (26.01.2012 um 23:02 Uhr)

Alt 27.01.2012, 10:41   #2
kira
/// Helfer-Team
 
Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit - Standard

Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Achtung!:
Wenn Du nur im abgesicherten Modus starten kannst, dann bitte dort einen Vollscan machen. Danach versuche Malwarebytes nochmal im normalen Modus zu starten-> updaten -> und erneut einen Vollscan durchführen! Jedes Protokoll posten!

Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3cbc554e-0d14-11e1-a208-0024540612a2}\Shell - "" = AutoRun
O33 - MountPoints2\{3cbc554e-0d14-11e1-a208-0024540612a2}\Shell\AutoRun\command - "" = F:\autorun.exe
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7631EA83

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

4.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 27.01.2012, 14:10   #3
Bananaphone
 
Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit - Standard

Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit



Hi kira,

danke für deine Hilfe. Habe nun die einzelnen Schritte ausgeführt, malwarebytes hat scheinbar was gefunden:

Edit1:
Mist, jetzt habe ich ganz vergessen Malwarebytes nochmal im Normal-Modus auszuführen, ich werde das direkt tun/versuchen und den log hier rein editieren.

1. Malwarebytes
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.27.02

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
chris2 :: LAPTOLEON [Administrator]

27.01.2012 10:59:47
mbam-log-2012-01-27 (10-59-47).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 515595
Laufzeit: 1 Stunde(n), 18 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\chris2\AppData\Local\Temp\0.5893427876083296.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\chris2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\64962ae1-56006d53 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\chris2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.5893427876083296.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
--- --- ---

2. OTL-Fix (Laufwerk F:\ war bei mir ein Daemontools-Laufwerk (habs jetzt erstmal gelöscht), mein normales DVD-Laufwerk D:\ tauchte bislang scheinbar nicht in den logs auf, wollts nur gesagt haben, falls es irgendwie wichtig ist).
Code:
ATTFilter
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cbc554e-0d14-11e1-a208-0024540612a2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cbc554e-0d14-11e1-a208-0024540612a2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cbc554e-0d14-11e1-a208-0024540612a2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cbc554e-0d14-11e1-a208-0024540612a2}\ not found.
File F:\autorun.exe not found.
ADS C:\ProgramData\TEMP:7631EA83 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: chris2
->Temp folder emptied: 151168553 bytes
->Temporary Internet Files folder emptied: 4307422 bytes
->Java cache emptied: 29716954 bytes
->FireFox cache emptied: 48297617 bytes
->Opera cache emptied: 4134481 bytes
->Flash cache emptied: 42457 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 181008248 bytes
 
Total Files Cleaned = 399,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 01272012_130854

Files\Folders moved on Reboot...
File move failed. C:\Users\chris2\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
--- --- ---

3. CCleaner install.txt
Code:
ATTFilter
7-Zip 9.20		01.04.2011		
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	03.10.2010	6,00MB	10.1.85.3
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	27.12.2011	6,00MB	11.1.102.55
Adobe Photoshop CS	Adobe Systems, Inc.	01.06.2011		CS
Adobe Shockwave Player 11.6	Adobe Systems, Inc.	26.06.2011		11.6.0.626
Amazon MP3-Downloader 1.0.9		16.12.2010		
ATI Catalyst Install Manager	ATI Technologies, Inc.	03.10.2010	22,3MB	3.0.786.0
Avira AntiVir Personal - Free Antivirus	Avira GmbH	29.10.2011	61,8MB	10.2.0.704
AVM FRITZ!Box USB-Fernanschluss	AVM Berlin	27.01.2011		2.2.1.0
Battle.net		17.03.2011		
BorderLayoutDemo	The Java(tm) Tutorial	18.05.2011		
Canon MP Navigator EX 2.0		06.12.2011		
CanoScan 5600F Scanner Driver		06.12.2011		
CCleaner	Piriform	26.01.2012		3.15
CDBurnerXP	CDBurnerXP	06.01.2012	17,9MB	4.4.0.2905
Cisco AnyConnect VPN Client	Cisco Systems, Inc.	17.10.2010	3,93MB	2.4.1012
DAEMON Tools Lite	DT Soft Ltd	11.11.2011		4.45.1.0236
Debugging Tools for Windows (x64)	Microsoft Corporation	03.10.2010	39,8MB	6.12.2.633
Dev-C++ 5 beta 9 release (4.9.9.2)		26.04.2011		
Diablo		17.03.2011		
DTVblizzcon	RayV	23.10.2010		3.0.0.32
Easy Display Manager	Samsung Electronics Co., Ltd.	10.06.2011		3.0
Fraps (remove only)		02.08.2011		
ghsw.info Inventarverwaltung 1.1.4	Gert Heil	29.12.2010		1.1.4.568
GIMP 2.6.11	The GIMP Team	17.12.2010	106,8MB	2.6.11
GOM Player	Gretech Corporation	07.03.2011		2.1.28.5039
GOMTV Streamer	Gretech Corporation	28.03.2011		1.0.0.25
GSview 4.9		23.03.2011		
Heroes of Newerth	S2 Games	26.11.2011		2.0.33
HEXwrite	Bluefive software	07.01.2011	0,83MB	1.0.7
ICQ 5.1		03.10.2010		
ICQ Update Patch 1.7	murb.com	03.10.2010	0,79MB	
ICQ7.2	ICQ	03.10.2010		7.2
Intel® Matrix Storage Manager	Intel Corporation	18.03.2011		
Java(TM) 6 Update 21	Oracle	05.10.2010	94,9MB	6.0.210
Java(TM) 6 Update 22 (64-bit)	Oracle	05.12.2010	90,7MB	6.0.220
Java(TM) SE Development Kit 6 Update 22 (64-bit)	Oracle	05.12.2010	144,5MB	1.6.0.220
League of Legends	Riot Games	29.10.2011		1.02.0000
Legacy of Kain: Soul Reaver		05.01.2012		
Malwarebytes Anti-Malware Version 1.60.0.1800	Malwarebytes Corporation	26.01.2012	18,6MB	1.60.0.1800
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	11.01.2012	38,8MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	11.01.2012	52,0MB	4.0.30319
Microsoft .NET Framework 4 Multi-Targeting Pack	Microsoft Corporation	11.01.2012	83,5MB	4.0.30319
Microsoft ASP.NET MVC 2	Microsoft Corporation	11.01.2012	0,47MB	2.0.50217.0
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools	Microsoft Corporation	11.01.2012	2,25MB	2.0.50217.0
Microsoft Help Viewer 1.0	Microsoft Corporation	11.01.2012	3,97MB	1.0.30319
Microsoft PowerPoint Viewer	Microsoft Corporation	26.04.2011	147,6MB	14.0.4763.1000
Microsoft Silverlight	Microsoft Corporation	11.01.2012	24,9MB	3.0.40818.0
Microsoft Silverlight 3 SDK	Microsoft Corporation	11.01.2012	31,9MB	3.0.40818.0
Microsoft SQL Server 2008 R2 Data-Tier Application Framework	Microsoft Corporation	11.01.2012	0,32MB	10.50.1447.4
Microsoft SQL Server 2008 R2 Data-Tier Application Project	Microsoft Corporation	11.01.2012	11,8MB	10.50.1447.4
Microsoft SQL Server 2008 R2 Management Objects	Microsoft Corporation	11.01.2012	15,3MB	10.50.1447.4
Microsoft SQL Server 2008 R2 Management Objects (x64)	Microsoft Corporation	11.01.2012	10,1MB	10.50.1447.4
Microsoft SQL Server 2008 R2 Transact-SQL Language Service	Microsoft Corporation	11.01.2012	5,34MB	10.50.1447.4
Microsoft SQL Server Compact 3.5 SP2 ENU	Microsoft Corporation	11.01.2012	3,39MB	3.5.8080.0
Microsoft SQL Server Compact 3.5 SP2 x64 ENU	Microsoft Corporation	11.01.2012	4,51MB	3.5.8080.0
Microsoft SQL Server Database Publishing Wizard 1.4	Microsoft Corporation	11.01.2012	10,2MB	10.1.2512.8
Microsoft SQL Server System CLR Types	Microsoft Corporation	11.01.2012	2,53MB	10.50.1447.4
Microsoft SQL Server System CLR Types (x64)	Microsoft Corporation	11.01.2012	0,83MB	10.50.1447.4
Microsoft Sync Framework Runtime v1.0 SP1 (x64)	Microsoft Corporation	11.01.2012	1,01MB	1.0.3010.0
Microsoft Sync Framework SDK v1.0 SP1	Microsoft Corporation	11.01.2012	29,6MB	1.0.3010.0
Microsoft Sync Framework Services v1.0 SP1 (x64)	Microsoft Corporation	11.01.2012	2,85MB	1.0.3010.0
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)	Microsoft Corporation	11.01.2012	0,53MB	2.0.3010.0
Microsoft Team Foundation Server 2010 Object Model - ENU	Microsoft Corporation	11.01.2012		10.0.30319
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	29.12.2010	0,42MB	8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	05.12.2010	1,71MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	03.10.2010	0,77MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	03.10.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974	Microsoft Corporation	11.01.2012	0,58MB	9.0.30729.4974
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319	Microsoft Corporation	11.01.2012	0,27MB	10.0.30319
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	03.10.2010	13,7MB	10.0.30319
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319	Microsoft Corporation	11.01.2012	33,0MB	10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319	Microsoft Corporation	03.10.2010	11,0MB	10.0.30319
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319	Microsoft Corporation	11.01.2012	26,0MB	10.0.30319
Microsoft Visual F# 2.0 Runtime	Microsoft Corporation	11.01.2012	5,82MB	10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools	Microsoft Corporation	11.01.2012	33,4MB	10.0.30319
Microsoft Visual Studio 2010 Professional - ENU	Microsoft Corporation	11.01.2012		10.0.30319
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)	Microsoft Corporation	11.01.2012		10.0.30319
Microsoft Visual Studio Macro Tools	Microsoft Corporation	11.01.2012		9.0.30729
Microsoft Windows SDK for Windows 7 (7.1)	Microsoft Corporation	03.10.2010		7.1.7600.0.30514
MiG Calendar Demo	MiG InfoCom AB	20.05.2011		
MiG Layout Swing Demo Application	MiG InfoCom AB	06.05.2011		
MiKTeX 2.9	MiKTeX.org	02.05.2011		2.9
Miranda IM 0.9.4		03.10.2010		
Mozilla Firefox (3.6.25)	Mozilla	20.12.2011		3.6.25 (de)
Mozilla Thunderbird 9.0.1 (x86 de)	Mozilla	18.01.2012	47,2MB	9.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	19.07.2011	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	19.07.2011	1,33MB	4.20.9876.0
NClass 2.03	Balazs Tihanyi	30.11.2010	3,08MB	2.03
NetBeans IDE 7.0	NetBeans.org	12.05.2011		7.0
NetLimiter 1.30 (remove only)		07.10.2010		
No23 Recorder	No23	21.07.2011	2,44MB	2.1.0.3
OpenOffice.org 3.2	OpenOffice.org	05.12.2010	365MB	3.2.9502
Opera 11.60	Opera Software ASA	09.12.2011		11.60.1185
Oracle VM VirtualBox 4.0.10	Oracle Corporation	30.06.2011	120,4MB	4.0.10
Pando Media Booster	Pando Networks Inc.	29.10.2011	5,47MB	2.3.6.0
PDFCreator	Frank Heindörfer, Philip Chinery	16.12.2010		1.1.0
PHOTORECOVERY for Digital Media DEMO	LC Tech Inc	03.12.2011	3,36MB	2.1.0
POV-Ray for Windows v3.62	Persistence of Vision Raytracer Pty. Ltd.	26.10.2011	21,9MB	3.62
Puhbert's Quest Demo		08.01.2012		
Samsung ML-1640 Series	Samsung Electronics CO.,LTD	01.11.2011		
Skype™ 5.5	Skype Technologies S.A.	24.10.2011	17,0MB	5.5.124
SmartSVN 6.6	syntevo GmbH	05.05.2011	88,2MB	6.6.7
SpeedFan (remove only)		30.11.2011		
StartupMonitor	Mike Lin	03.10.2010	74,00KB	1.0.2.0
Stellar Phoenix Photo Recovery	Stellar Information Systems Ltd	03.12.2011	10,4MB	4.0.0.0
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49	eRightSoft	03.08.2011	42,7MB	v2011.build.49
Synaptics Pointing Device Driver	Synaptics	03.10.2010		11.1.3.2
TeXnicCenter Version 1.0 Stable RC1	TeXnicCenter.org	02.05.2011		Version 1.0 Stable RC1
TortoiseSVN 1.6.12.20536 (32 bit)	TortoiseSVN	07.12.2010	18,4MB	1.6.20536
Visual Studio 2010 Prerequisites - English	Microsoft Corporation	11.01.2012	5,83MB	10.0.30319
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU	Microsoft Corporation	11.01.2012	10,8MB	4.0.8080.0
Web Deployment Tool	Microsoft Corporation	11.01.2012	3,10MB	1.1.0618
Windows Aero (Tahoma Font)	Eric G.	03.10.2010	9,25MB	
Windows Media Player Firefox Plugin	Microsoft Corp	20.12.2011	0,29MB	1.0.0.8
WinRAR		03.10.2010		
WinSCP 4.3.5	Martin Prikryl	18.10.2011	8,69MB	4.3.5
World of Warcraft	Blizzard Entertainment	02.12.2011		4.3.0.15050
World of Warcraft Public Test	Blizzard Entertainment	12.01.2011		0.0.0.0
x264vfw - H.264/MPEG-4 AVC codec (remove only)		03.08.2011		
XAMPP 1.7.4		05.05.2011		
XNResourceEditor 3.0.0.1	Colin Wilson	18.10.2011
         
--- --- ---

4. OTL scan-logs

OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.01.2012 13:29:21 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\chris2\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 3,47 Gb Available Physical Memory | 87,43% Memory free
7,93 Gb Paging File | 7,45 Gb Available in Paging File | 93,95% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,00 Gb Total Space | 13,02 Gb Free Space | 32,55% Space Free | Partition Type: NTFS
Drive E: | 226,38 Gb Total Space | 79,69 Gb Free Space | 35,20% Space Free | Partition Type: NTFS
Drive G: | 40,00 Gb Total Space | 26,33 Gb Free Space | 65,82% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOLEON | User Name: chris2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.26 21:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris2\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.04 02:51:20 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.07.02 11:53:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.01 10:59:43 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.17 23:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.12 13:25:17 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.07.02 11:53:08 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.02 11:53:08 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.24 14:05:00 | 000,144,688 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.01.28 16:07:47 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.04 03:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.08.04 03:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.04 02:15:44 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.10.09 07:50:50 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.09 04:18:20 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.28 14:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2008.08.28 10:52:56 | 000,324,656 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.01.10 19:34:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2011.03.18 17:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009.08.27 06:30:17 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 D2 37 81 D2 D1 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.14
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Programme\Java\jre6_64\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Programme\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: E:\Programme\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: E:\Programme\Mozilla Firefox\components [2011.12.21 17:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2011.12.21 17:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: E:\Programme\Mozilla Thunderbird\components [2011.09.25 17:15:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: E:\Programme\Mozilla Thunderbird\plugins
 
[2011.03.08 11:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris2\AppData\Roaming\Mozilla\Extensions
[2010.10.04 13:55:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris2\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.21 13:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris2\AppData\Roaming\Mozilla\Firefox\Profiles\1u9xfgkt.default\extensions
[2012.01.21 13:37:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\chris2\AppData\Roaming\Mozilla\Firefox\Profiles\1u9xfgkt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.01.21 13:37:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\chris2\AppData\Roaming\Mozilla\Firefox\Profiles\1u9xfgkt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.04.07 22:46:02 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\chris2\AppData\Roaming\Mozilla\Firefox\Profiles\1u9xfgkt.default\extensions\2020Player@2020Technologies.com
File not found (No name found) -- E:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2011.05.23 17:52:07 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 	127.0.0.1       localhost
O1 - Hosts: 	::1             localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\Java\jre6_64\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Run StartupMonitor] C:\Windows\StartupMonitor.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe (ICQ Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3C49D00-35F3-45BA-9A00-F4BDB0D646F6}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.11 11:08:26 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.27 13:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.27 13:08:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.27 11:05:54 | 003,587,688 | ---- | C] (Piriform Ltd) -- C:\Users\chris2\Desktop\ccsetup315.exe
[2012.01.27 10:56:36 | 000,000,000 | ---D | C] -- C:\Users\chris2\AppData\Roaming\Malwarebytes
[2012.01.27 10:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.27 10:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.27 10:56:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.27 10:56:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.27 10:53:47 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\chris2\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.26 21:08:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\chris2\Desktop\OTL.exe
[2012.01.15 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\chris2\Desktop\gldemo_rock_e
[2012.01.12 21:31:37 | 000,000,000 | ---D | C] -- C:\Users\chris2\Desktop\gldemo_rock
[2012.01.12 17:06:26 | 000,000,000 | ---D | C] -- E:\Documents\Visual Studio 2010
[2012.01.12 16:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012.01.12 16:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012.01.12 16:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
[2012.01.12 16:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012.01.12 16:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012.01.12 16:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.01.12 16:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012.01.12 16:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.01.12 16:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
[2012.01.12 16:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.01.12 16:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2012.01.12 16:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2012.01.12 16:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS
[2012.01.12 16:50:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2012.01.12 16:50:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2012.01.12 16:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
[2012.01.12 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F#
[2012.01.12 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2012.01.12 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
[2012.01.12 16:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2012.01.12 16:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2012.01.12 16:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2012.01.12 16:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2012.01.12 16:48:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2012.01.12 16:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.01.12 16:40:01 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.01.09 13:52:48 | 000,000,000 | ---D | C] -- C:\Users\chris2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\#Start Menu#
[2012.01.07 15:49:16 | 000,000,000 | ---D | C] -- C:\Users\chris2\AppData\Roaming\Canneverbe Limited
[2012.01.07 15:48:00 | 000,000,000 | ---D | C] -- E:\Documents\CDBurnerXP Projects
[2012.01.07 15:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.01.06 16:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos Interactive
[2012.01.06 16:19:17 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\chris2\AppData\Local\CDRip.dll
[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\chris2\AppData\Local\No23 Recorder.exe
[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\chris2\AppData\Local\basscd.dll
[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\chris2\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.27 13:16:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.27 13:10:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.27 13:10:21 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.27 11:06:25 | 003,587,688 | ---- | M] (Piriform Ltd) -- C:\Users\chris2\Desktop\ccsetup315.exe
[2012.01.27 10:56:48 | 000,786,882 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.27 10:56:48 | 000,655,732 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.27 10:56:48 | 000,124,472 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.27 10:56:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.27 10:55:49 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\chris2\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.27 00:57:29 | 107,838,303 | ---- | M] () -- C:\Users\chris2\Desktop\pmagic_2011_12_30.iso
[2012.01.26 21:09:36 | 000,000,000 | ---- | M] () -- C:\Users\chris2\defogger_reenable
[2012.01.26 21:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris2\Desktop\OTL.exe
[2012.01.26 21:08:03 | 000,050,477 | ---- | M] () -- C:\Users\chris2\Desktop\Defogger.exe
[2012.01.26 19:38:02 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.26 19:38:02 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.26 14:20:36 | 000,002,062 | -H-- | M] () -- E:\Documents\Default.rdp
[2012.01.22 23:21:15 | 000,000,600 | ---- | M] () -- C:\Users\chris2\AppData\Roaming\winscp.rnd
[2012.01.22 18:46:23 | 000,075,571 | ---- | M] () -- C:\Users\chris2\Desktop\Postal-v3.4.13.zip
[2012.01.21 13:32:35 | 000,008,209 | ---- | M] () -- C:\Users\chris2\Desktop\grooveshark_unlocker-1.0-fx.zip
[2012.01.19 23:56:42 | 000,000,881 | ---- | M] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012.01.16 11:36:38 | 000,314,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.15 13:18:23 | 000,000,999 | ---- | M] () -- C:\Users\chris2\Desktop\Microsoft Visual Studio 2010.lnk
[2012.01.13 22:05:05 | 000,075,562 | ---- | M] () -- C:\Users\chris2\Desktop\tagettes.zip
[2012.01.12 21:31:20 | 017,649,835 | ---- | M] () -- C:\Users\chris2\Desktop\gldemo_rock.zip
[2012.01.12 16:48:06 | 000,764,126 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.09 13:54:22 | 000,000,032 | ---- | M] () -- C:\Windows\a1b2c3.INI
[2012.01.07 15:59:14 | 000,001,086 | ---- | M] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\DTLite.exe - Shortcut.lnk
[2012.01.07 15:49:12 | 001,556,992 | ---- | M] () -- C:\Windows\is-2S9V8.exe
[2012.01.07 15:49:12 | 000,021,031 | ---- | M] () -- C:\Windows\is-2S9V8.msg
[2012.01.07 15:49:12 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.01.07 15:49:12 | 000,000,331 | ---- | M] () -- C:\Windows\is-2S9V8.lst
[2012.01.06 13:36:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.01.03 16:50:07 | 000,001,136 | ---- | M] () -- C:\Users\chris2\Desktop\HWMonitor.exe.lnk
[2012.01.03 16:48:25 | 000,001,037 | ---- | M] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\notepad++.exe.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.27 13:16:24 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.27 10:56:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.27 00:50:28 | 107,838,303 | ---- | C] () -- C:\Users\chris2\Desktop\pmagic_2011_12_30.iso
[2012.01.26 21:09:36 | 000,000,000 | ---- | C] () -- C:\Users\chris2\defogger_reenable
[2012.01.26 21:08:02 | 000,050,477 | ---- | C] () -- C:\Users\chris2\Desktop\Defogger.exe
[2012.01.22 18:46:19 | 000,075,571 | ---- | C] () -- C:\Users\chris2\Desktop\Postal-v3.4.13.zip
[2012.01.21 13:32:35 | 000,008,209 | ---- | C] () -- C:\Users\chris2\Desktop\grooveshark_unlocker-1.0-fx.zip
[2012.01.15 13:18:23 | 000,000,999 | ---- | C] () -- C:\Users\chris2\Desktop\Microsoft Visual Studio 2010.lnk
[2012.01.13 22:05:05 | 000,075,562 | ---- | C] () -- C:\Users\chris2\Desktop\tagettes.zip
[2012.01.12 21:26:22 | 017,649,835 | ---- | C] () -- C:\Users\chris2\Desktop\gldemo_rock.zip
[2012.01.12 16:48:03 | 000,764,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.09 13:52:54 | 000,000,032 | ---- | C] () -- C:\Windows\a1b2c3.INI
[2012.01.07 15:59:14 | 000,001,086 | ---- | C] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\DTLite.exe - Shortcut.lnk
[2012.01.07 15:49:12 | 001,556,992 | ---- | C] () -- C:\Windows\is-2S9V8.exe
[2012.01.07 15:49:12 | 000,021,031 | ---- | C] () -- C:\Windows\is-2S9V8.msg
[2012.01.07 15:49:12 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.01.07 15:49:12 | 000,000,734 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.01.07 15:49:12 | 000,000,331 | ---- | C] () -- C:\Windows\is-2S9V8.lst
[2012.01.06 13:36:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.01.03 16:50:07 | 000,001,136 | ---- | C] () -- C:\Users\chris2\Desktop\HWMonitor.exe.lnk
[2012.01.03 16:48:25 | 000,001,037 | ---- | C] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\notepad++.exe.lnk
[2011.11.02 16:01:51 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.10.19 19:12:17 | 000,000,600 | ---- | C] () -- C:\Users\chris2\AppData\Roaming\winscp.rnd
[2011.08.04 12:57:59 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.08.04 12:54:51 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.07.22 19:43:21 | 000,001,470 | ---- | C] () -- C:\Users\chris2\AppData\Local\RecConfig.xml
[2011.04.18 21:45:35 | 000,046,790 | ---- | C] () -- C:\Users\chris2\AppData\Roaming\room.dat
[2011.03.18 18:43:59 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2011.03.18 18:43:59 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe
[2010.12.13 23:04:46 | 000,001,063 | ---- | C] () -- C:\Users\chris2\AppData\Roaming\MPQEditor.ini
[2010.12.02 17:22:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.10.04 15:36:42 | 000,007,605 | ---- | C] () -- C:\Users\chris2\AppData\Local\Resmon.ResmonCfg
[2010.10.04 13:55:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.04 01:01:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\chris2\AppData\Local\lame_enc.dll
[2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\chris2\AppData\Local\vorbisenc.dll
[2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\chris2\AppData\Local\vorbisfile.dll
[2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\chris2\AppData\Local\vorbis.dll
[2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\chris2\AppData\Local\ogg.dll
[2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\chris2\AppData\Local\no23xwrapper.dll
[2004.03.30 21:47:44 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\nl_msgs.dll
[2004.03.30 21:47:41 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\nl_msgc.dll
[2000.05.20 16:23:48 | 000,086,016 | ---- | C] () -- C:\Windows\StartupMonitor.exe
 
========== LOP Check ==========
 
[2011.04.15 23:14:01 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\.minecraft
[2010.12.17 23:34:07 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Amazon
[2012.01.07 15:49:16 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Canneverbe Limited
[2011.12.07 21:26:32 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Canon
[2011.11.12 13:28:19 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\DAEMON Tools Lite
[2011.04.27 21:26:30 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Dev-Cpp
[2012.01.24 08:26:53 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\foobar2000
[2011.05.30 01:05:24 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\gtk-2.0
[2012.01.26 13:51:58 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\ICQ
[2010.10.04 15:47:49 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\ICQLite
[2010.10.08 20:53:19 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\LockTime
[2011.10.31 00:32:52 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\LolClient
[2010.10.04 16:10:07 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Miranda
[2011.10.31 16:13:10 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Notepad++
[2010.12.07 16:55:12 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\OpenOffice.org
[2010.10.04 01:51:54 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Opera
[2010.10.24 00:54:08 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\RayV
[2010.12.08 13:34:43 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Subversion
[2010.12.07 22:39:03 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\syntevo
[2011.10.09 11:43:30 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Thinstall
[2010.10.04 13:55:11 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Thunderbird
[2011.11.06 01:42:30 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\VBA-M
[2010.11.30 19:12:39 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\wsIRC
[2010.10.05 21:35:41 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Youtube Downloader HD
[2011.11.30 13:28:37 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.01.2012 13:29:21 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\chris2\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 3,47 Gb Available Physical Memory | 87,43% Memory free
7,93 Gb Paging File | 7,45 Gb Available in Paging File | 93,95% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,00 Gb Total Space | 13,02 Gb Free Space | 32,55% Space Free | Partition Type: NTFS
Drive E: | 226,38 Gb Total Space | 79,69 Gb Free Space | 35,20% Space Free | Partition Type: NTFS
Drive G: | 40,00 Gb Total Space | 26,33 Gb Free Space | 65,82% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOLEON | User Name: chris2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- E:\Programme\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- E:\Programme\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "E:\Programme\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "E:\Programme\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "E:\Programme\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "E:\Programme\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4808" = CanoScan 5600F Scanner Driver
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1DABE61D-DE02-4404-939A-925C202B3721}" = Oracle VM VirtualBox 4.0.10
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{64A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22 (64-bit)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{69D65833-4A83-267A-7DB4-9FCBBE72675D}" = ATI Catalyst Install Manager
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{A269F383-3E55-DAFF-F948-655FDB3DB58A}" = ccc-utility64
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"nbi-nb-base-7.0.0.0.0" = NetBeans IDE 7.0
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Aero (Tahoma Font)_is1" = Windows Aero (Tahoma Font)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15353551-375C-8E5A-5CAF-A4564C1CC2A5}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{485B9C29-6B47-22AF-022A-F9D65292F3A7}" = CCC Help English
"{4893B2BB-5C9B-7E6C-4BAD-BDFBAB33184A}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{5725E5CA-A91D-C903-99DB-F8C010E0B637}" = Catalyst Control Center InstallProxy
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6BB3D375-1CFC-4E8A-86F9-CC0D7C2AE15B}" = SmartSVN 6.6
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{716DF934-6FDC-47E8-879A-4AD63BFF02F9}" = PHOTORECOVERY for Digital Media DEMO
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB7D24EC-BB5A-E746-C5D2-526BBE6C36AD}" = Catalyst Control Center Graphics Previews Vista
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACCEB7C3-4F3A-4C43-93CA-644951D08B0D}" = TortoiseSVN 1.6.12.20536 (32 bit)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}" = POV-Ray for Windows v3.62
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battle.net" = Battle.net
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo" = Diablo
"Fraps" = Fraps (remove only)
"ghsw.info-ams_is1" = ghsw.info Inventarverwaltung 1.1.4
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"GSview 4.9" = GSview 4.9
"HEXwrite_is1" = HEXwrite
"hon" = Heroes of Newerth
"ICQLite" = ICQ 5.1
"Kain 2" = Legacy of Kain: Soul Reaver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"MiKTeX 2.9" = MiKTeX 2.9
"Miranda IM" = Miranda IM 0.9.4
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NClass_is1" = NClass 2.03
"NetLimiter" = NetLimiter 1.30 (remove only)
"Opera 11.60.1185" = Opera 11.60
"Puhbert's Quest Demo" = Puhbert's Quest Demo
"RayV" = DTVblizzcon
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"SpeedFan" = SpeedFan (remove only)
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.3.5
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"xampp" = XAMPP 1.7.4
"XN Resource Editor_is1" = XNResourceEditor 3.0.0.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BorderLayoutDemo" = BorderLayoutDemo
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"MiG Calendar Demo" = MiG Calendar Demo
"MiG Layout Swing Demo Application" = MiG Layout Swing Demo Application
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.01.2012 13:01:08 | Computer Name = laptoleon | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 12.01.2012 13:01:08 | Computer Name = laptoleon | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 22.01.2012 18:06:48 | Computer Name = laptoleon | Source = Application Error | ID = 1000
Description = Faulting application name: VirtualBox.exe, version: 4.0.10.0, time
 stamp: 0x4e048ba3  Faulting module name: QtCoreVBox4.dll, version: 4.4.3.0, time 
stamp: 0x49d69ee1  Exception code: 0x80000001  Fault offset: 0x00000000001b4f25  Faulting
 process id: 0xd00  Faulting application start time: 0x01ccd951dcc9534f  Faulting application
 path: E:\Programme\Oracle\VirtualBox\VirtualBox.exe  Faulting module path: E:\Programme\Oracle\VirtualBox\QtCoreVBox4.dll
Report
 Id: 6083ddab-4545-11e1-9edf-0024540612a2
 
Error - 22.01.2012 18:07:52 | Computer Name = laptoleon | Source = Application Hang | ID = 1002
Description = The program VirtualBox.exe version 4.0.10.0 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: fdc    Start
 Time: 01ccd951e281f683    Termination Time: 10    Application Path: E:\PROGRA~1\Oracle\VIRTUA~1\VirtualBox.exe

Report
 Id: 85571a89-4545-11e1-9edf-0024540612a2  
 
Error - 22.01.2012 18:07:57 | Computer Name = laptoleon | Source = Application Hang | ID = 1002
Description = The program VirtualBox.exe version 4.0.10.0 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: d00    Start
 Time: 01ccd951dcc9534f    Termination Time: 3    Application Path: E:\Programme\Oracle\VirtualBox\VirtualBox.exe

Report
 Id: 8890e449-4545-11e1-9edf-0024540612a2  
 
Error - 26.01.2012 15:57:17 | Computer Name = laptoleon | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
 correctly. The malformed string is 8316. The first DWORD in the Data section contains
 the index value to the malformed string while the second and third DWORDs in the
 Data section contain the last valid index values.
 
Error - 26.01.2012 15:57:17 | Computer Name = laptoleon | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD i%1n the Data section contains the error code.
 
Error - 26.01.2012 15:57:20 | Computer Name = laptoleon | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
 correctly. The malformed string is 8316. The first DWORD in the Data section contains
 the index value to the malformed string while the second and third DWORDs in the
 Data section contain the last valid index values.
 
Error - 26.01.2012 16:14:40 | Computer Name = laptoleon | Source = System Restore | ID = 8193
Description = 
 
Error - 27.01.2012 07:48:39 | Computer Name = laptoleon | Source = System Restore | ID = 8193
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 25.01.2012 09:52:09 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CIpcDepot::writeIpc File: .\IPC\IPCDepot.cpp Line: 596 Invoked
 Function: CIpcTransport::writeIpc Return Code: -31522805 (0xFE1F000B) Description:
 SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 25.01.2012 09:52:09 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::OnTunnelStateChange File: .\VpnMgr.cpp Line: 4135
Invoked
 Function: CVpnMgr::sendStateTlv Return Code: -31522805 (0xFE1F000B) Description: 
SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1257 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
 An existing connection was forcibly closed by the remote host.   
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1258 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
 unknown 
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 823 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 811 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801 
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1644 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: An existing
 connection was forcibly closed by the remote host.   
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 385 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 25.01.2012 13:31:14 | Computer Name = laptoleon | Source = vpnagent | ID = 67110873
Description = Termination reason code 5: The user is logging off the system.
 
Error - 25.01.2012 13:31:14 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\BrowserProxy.cpp Line:
 1040 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: The system
 cannot find the file specified.   
 
[ System Events ]
Error - 27.01.2012 08:20:11 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 27.01.2012 08:24:51 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 27.01.2012 08:24:51 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 27.01.2012 08:24:51 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 27.01.2012 08:27:17 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 27.01.2012 08:27:17 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 27.01.2012 08:27:17 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 27.01.2012 08:31:59 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 27.01.2012 08:31:59 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 27.01.2012 08:31:59 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
 
< End of report >
         
__________________

Geändert von Bananaphone (27.01.2012 um 14:19 Uhr)

Alt 29.01.2012, 05:58   #4
kira
/// Helfer-Team
 
Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit - Standard

Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit



1.
im Normalen Modus bitte laufen lassen!

** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
  • per Doppelklick starten.
  • gleich mal die Datenbanken zu aktualisieren - online updaten
  • Vollständiger Suchlauf wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
e
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 29.01.2012, 13:34   #5
Bananaphone
 
Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit - Standard

Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit



Hier der Bericht vom Suchlauf im Normalen Modus:

Code:
ATTFilter
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
chris2 :: LAPTOLEON [Administrator]

29.01.2012 11:26:27
mbam-log-2012-01-29 (11-26-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 525262
Laufzeit: 1 Stunde(n), 49 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         


Alt 30.01.2012, 09:14   #6
kira
/// Helfer-Team
 
Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit - Standard

Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit



1.
Neue Version bitte installieren:
Zitat:
Mozilla Firefox (3.6.25)
2.
Deine Javaversion ist nicht aktuell!
→ Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

3.
reinige dein System mit CCleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

4.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

6.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________
--> Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit

Alt 31.01.2012, 10:52   #7
Bananaphone
 
Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit - Standard

Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit



Firefox und Java hab ich jetzt geupdatet, CCleaner ist mal durchgelaufen.
SuperAntiSpyware hat einiges Zeugs gefunden, schätze mal, dass das schon ne kleinere Zeit auf dem Rechner war. Eset hat auch noch bisschen was gefunden. Zum Glück hat aber keiner über meine USB Sticks gemeckert
Mein Rechner verhält sich allerdings seit ich Malwarebytes durchlaufen lassen habe wie vor der Sache.

Hier die logs:
SUPERAntiSpyware:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/30/2012 at 06:12 PM

Application Version : 5.0.1142

Core Rules Database Version : 8178
Trace Rules Database Version: 5990

Scan type       : Complete Scan
Total Scan Time : 01:40:21

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 727
Memory threats detected   : 0
Registry items scanned    : 42727
Registry threats detected : 0
File items scanned        : 125025
File threats detected     : 26

Adware.Tracking Cookie
	C:\Users\chris2\AppData\Roaming\Microsoft\Windows\Cookies\P53VOWDQ.txt [ /c.atdmt.com ]
	C:\Users\chris2\AppData\Roaming\Microsoft\Windows\Cookies\DGAVHQ3F.txt [ /atdmt.com ]
	C:\Users\chris2\AppData\Roaming\Microsoft\Windows\Cookies\1EDAU00N.txt [ /doubleclick.net ]
	C:\USERS\CHRIS2\Cookies\P53VOWDQ.txt [ Cookie:chris2@c.atdmt.com/ ]
	C:\USERS\CHRIS2\Cookies\1EDAU00N.txt [ Cookie:chris2@doubleclick.net/ ]
	cdn2.themis-media.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3B4PDKLW ]
	ia.media-imdb.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3B4PDKLW ]
	media.scanscout.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3B4PDKLW ]
	media.xfire.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3B4PDKLW ]
	objects.tremormedia.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3B4PDKLW ]
	s0.2mdn.net [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3B4PDKLW ]
	secure-us.imrworldwide.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3B4PDKLW ]	
	.apmebf.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZQE9441C.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZQE9441C.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZQE9441C.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZQE9441C.DEFAULT\COOKIES.SQLITE ]
	.burstnet.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZQE9441C.DEFAULT\COOKIES.SQLITE ]
	.burstnet.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZQE9441C.DEFAULT\COOKIES.SQLITE ]
	G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\COOKIES\CHRIS2@AT.ATWOLA[1].TXT [ /AT.ATWOLA ]
	G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\COOKIES\CHRIS2@ATDMT[2].TXT [ /ATDMT ]

PotentiallyUnwanted.CNETInstaller
	E:\ALTEDESKS\JAN12\CNET_TWEAKSLOGON_ZIP.EXE

Trojan.Agent/Gen-MSFake
	E:\ALTEDESKS\JUL11\SC2CHATCLOUDV0.3\SC2 CHATCLOUD.EXE
	ZIP ARCHIVE( E:\ALTEDESKS\JUL11\SC2CHATCLOUDV0.3.ZIP )/SC2 CHATCLOUD.EXE
	E:\ALTEDESKS\JUL11\SC2CHATCLOUDV0.3.ZIP

Trojan.Agent/Gen-Cryptor[Egun]
	E:\PROGRAMME\FUNKTION V1.18\FUNKTION-07.EXE
	E:\PROGRAMME\FUNKTION V1.18\FUNKTION.EXE
         
--- --- ---

ESET:
Code:
ATTFilter
E:\stud-ip4\bs\gcc-4.6.0.tar.gz	Archbomb.ZIP Trojaner	gelöscht - in Quarantäne kopiert
G:\Dokumente und Einstellungen\Chris2\Lokale Einstellungen\Temp\OCS\Downloads\7359c314ded3778c6ecc815e86a1b6f3\4980\icq_update_patch.zip	Win32/Adware.ADON Anwendung	gelöscht - in Quarantäne kopiert
G:\Dokumente und Einstellungen\Chris2\Lokale Einstellungen\Temp\OCS\Downloads\7359c314ded3778c6ecc815e86a1b6f3\4980\icq_update_patch\ICQ Update Patch 1.6 Setup.exe	Win32/Adware.ADON Anwendung	gelöscht - in Quarantäne kopiert
         

Alt 31.01.2012, 16:01   #8
kira
/// Helfer-Team
 
Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit - Standard

Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit



► Wenn Du keine Probleme mehr hast, können wir damit dann Deinen Thread schließen?

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
ATTFilter
CCleaner
         
- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Wenn alles gut verlaufen und dein System läuft stabil,mache folgendes:
Alle Systemwiederherstellungspunkte löschen, auch den Letzten

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► für Windows Updates ziehen:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!
Internet Explorer Version 9 ist aktuell!!
Software wie Betriebssysteme, Browser und E-Mail Clients werden laufend weiterentwickelt. Gleichzeitig arbeiten jedoch auch Hacker daran, ständig neue Sicherheitslücken zu finden und auszunutzen. Was heute noch keine Schlupflücke für Viren und Würmer ist, kann morgen bereits zur Gefahr werden, wenn der entsprechende Schädling programmiert wurde. Das führt dazu, dass es relativ häufig zu Meldungen über neue Sicherheitsanfälligkeiten kommt, auch wenn diese noch nicht durch Hacker entdeckt wurden. Denn selbstverständlich suchen auch Sicherheitsspezialisten nach potenziellen Angriffsmöglichkeiten. Updates der Softwareentwickler sorgen dafür, dass der User immer die aktuellste und sicherste Version des Betriebssystems und der installierten Software nutzen kann.

Lesestoff Nr.1:
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler[/b[
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    Sponsor-Programm, Toolbars möglist abwählen (so wird oft Art von Adware/Spyware mitinstalliert)
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Comnputer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept
  • Entwicklung schädlicher Websites/viruslist.com
  • Brennpunkt: Bilder und Töne
    Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 31.01.2012, 19:36   #9
Bananaphone
 
Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit - Standard

Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit



Hi,

humm, ja ich denke mal schon, scheint ja halbwegs gut gegangen zu sein.
Deine neue Liste werde ich noch abarbeiten, in diesem Sinne bedanke ich mich vielmals für deine Hilfe

Mfg, bananaphone

Antwort

Themen zu Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit
100€ trojaner, 32 bit, 64-bit, 7-zip, adblock, adobe flash player, alternate, antivir, battle.net, bho, bundespolizei ukash, cdburnerxp, defender, disabletaskmgr, downloader, error, explorer, firefox, flash player, format, h.264/mpeg-4, helper, index, install.exe, langs, launch, logfile, microsoft, mozilla thunderbird, object, photoshop, problem, programme, registry, required, rundll, scan, security, software, studio, super, trojaner, ukash 100€, version=1.0, visual studio, webcheck, windows, windows 7 64bit, winlogon.exe, youtube downloader



Ähnliche Themen: Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit


  1. Bundespolizei Trojaner Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (2)
  2. Bundespolizei-Trojaner Ukash
    Log-Analyse und Auswertung - 27.09.2012 (2)
  3. Windows 7 64bit blockiert mit UKASH Forderung
    Log-Analyse und Auswertung - 23.09.2012 (3)
  4. GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigt
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (33)
  5. Trojaner: Bundespolizei - 100€ Ukash
    Log-Analyse und Auswertung - 30.08.2012 (9)
  6. Trojaner Bundespolizei, Ukash 100€
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (5)
  7. Bundespolizei-Trojaner (ukash)
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (19)
  8. XP Trojaner bundespolizei Ukash
    Log-Analyse und Auswertung - 30.07.2012 (13)
  9. UKash Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (1)
  10. UKASH Bundespolizei Trojaner auf xp
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (8)
  11. Bundespolizei Ukash Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (29)
  12. Bundespolizei blockt Windows - 100 € UKash
    Plagegeister aller Art und deren Bekämpfung - 11.05.2012 (19)
  13. Ukash Trojaner Windows 7 64bit
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (3)
  14. Ukash Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.11.2011 (1)
  15. Windows Vista 32bit von Bundespolizei uKash infiziert.
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (10)
  16. Bundespolizei-Ukash (anderer Rechner mit Windows XP)
    Log-Analyse und Auswertung - 11.10.2011 (48)
  17. Bundespolizei - BKA - UKASH - Trojaner
    Log-Analyse und Auswertung - 04.07.2011 (18)

Zum Thema Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit - Hallo alle, scheinbar gibt es zur Zeit eine richtige Welle von diesen Trojanern... und leider hat's mich auch erwischt und ersuche euch nun um Hilfe. Betroffen ist die Windows 7 - Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit...
Archiv
Du betrachtest: Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.