Bundespolizei Trojaner - weg nach Systemwiederherstellung?

OTL Extras logfile created on: 18.06.2012 15:20:23 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\XXX\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1013,30 Mb Total Physical Memory | 404,87 Mb Available Physical Memory | 39,96% Memory free
1,99 Gb Paging File | 1,16 Gb Available in Paging File | 58,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 52,00 Gb Total Space | 28,29 Gb Free Space | 54,41% Space Free | Partition Type: NTFS
Drive D: | 76,95 Gb Total Space | 76,85 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
 
Computer Name: GOLDEN | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0070CE78-D48D-43BB-A285-C629019AE1B8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2C139EAD-F191-4418-83D0-48B1DB68B932}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{431697DD-ADD2-4C29-9811-C36E4A343832}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C9C2F111-16E3-452F-8E77-74F5086FD749}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28DC0538-7463-4400-9718-88822F02FD91}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{2E0E6BDB-9D93-4A99-B1C5-B2C5F42F2514}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{33A2D829-A092-456F-AD64-8EC09A03D078}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{34CCB822-D716-4AF5-9E5B-631F751939D3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{3C5D70C9-02AD-48C5-8780-5750A7CF1010}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4E7B4ADF-71AE-441D-8F71-178217FEFBF7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{666EAEF7-2C31-4B09-97BB-B073A4D46567}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{72ADF450-7CB8-4D02-963B-FCF7DCCE781C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{798652A5-5048-421E-8C22-67E7196A2A28}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B3702187-7D9A-42F8-BFCE-84226A7C03EE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{CE218C06-29AA-4AC6-9E5B-B813DBF9D294}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{DE433D38-F211-40B2-A386-62091E3E62E6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{E5AA9444-D72F-4460-824B-889E40DAC166}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{E932CD42-7A11-4EC6-841B-D2AB7DBA171D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{F9A13331-7AC9-4222-824F-6FB4510A571A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{96540678-BBAE-4F49-85F3-F15389612D4D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{AFC39FBC-79AF-4E16-838F-C317FE20D06D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{3CF0AC8C-38F9-4DBE-AF52-EB02655A41FE}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{E7794614-6057-43DD-88FD-75554F610335}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05709317-05C6-BED8-3DE2-AB2D8EEAA485}" = twhirl
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3159 Banner Remover 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18AA278D-E0B9-4F99-ACCC-070978A38453}" = Easy Resolution Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1" = twhirl
"Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.06.2012 11:27:22 | Computer Name = Golden | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 13.06.2012 11:34:31 | Computer Name = Golden | Source = VSS | ID = 8194
Description = 
 
Error - 13.06.2012 14:46:29 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 13.06.2012 14:46:30 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest".
Dependent
 Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 13.06.2012 14:46:53 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Dependent
 Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 13.06.2012 14:48:55 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Samsung\easy
 display manager\RunGfxUI64.exe".  Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 13.06.2012 14:49:16 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Dependent
 Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 13.06.2012 14:49:18 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Dependent
 Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 13.06.2012 16:48:49 | Computer Name = Golden | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 13.06.2012 17:47:36 | Computer Name = Golden | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ System Events ]
Error - 18.06.2012 07:14:31 | Computer Name = Golden | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 18.06.2012 07:17:56 | Computer Name = Golden | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:16:50 on ?18.?06.?2012 was unexpected.
 
Error - 18.06.2012 07:18:44 | Computer Name = Golden | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 18.06.2012 07:36:14 | Computer Name = Golden | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 18.06.2012 07:44:50 | Computer Name = Golden | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 18.06.2012 08:02:52 | Computer Name = Golden | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 18.06.2012 08:06:45 | Computer Name = Golden | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 18.06.2012 08:07:16 | Computer Name = Golden | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Search service to connect.
 
Error - 18.06.2012 08:07:23 | Computer Name = Golden | Source = DCOM | ID = 10005
Description = 
 
Error - 18.06.2012 08:07:22 | Computer Name = Golden | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
   %%1053
 
 
< End of report >