Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.10.2013, 15:49   #1
RegularJohn
 
"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! - Standard

"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!



Sehr geehrtes Trojaner-Board Team,

gestern nachmittag hat sich beim Surfen im Netz ein "BKA-Sperrbildschirm" aufgebaut und blockiert seit dem meinen Administrator-Account.Habe schon versucht einen der 3 abgesicherten Modi zu starten hatte aber keinen Erfolg.Der Gast-Account funktioniert noch ohne Probleme.Habe schon einen Suchdurchlauf mit * Malwarebytes Anti-Malware * durchgeführt.Leider habe ich ehrlich gesagt keine große Ahnung von trojaner/Virenbekämpfung.

Könnt ihr mir weiterhelfen? Vielen Dank schon mal im Voraus!!!

Alt 24.10.2013, 16:52   #2
aharonov
/// TB-Ausbilder
 
"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! - Standard

"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!



Hi,

MBAM sieht das BKA-Teil aus dem Gastaccount nicht..
Mach bitte einen FRST-Scan wie folgt:


Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________

Alt 24.10.2013, 17:36   #3
RegularJohn
 
"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! - Standard

"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!



Hi,


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013
Ran by SYSTEM on MININT-BP4CF4P on 24-10-2013 18:26:44
Running from K:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-17] (Realtek Semiconductor)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [340456 2009-10-20] (Kaspersky Lab)
HKLM-x32\...\Run: [BCU] - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [346320 2009-08-04] (DeviceVM, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2007-10-10] (Adobe Systems Incorporated)
HKU\Steffen\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\Steffen\...\Run: [Steam] - c:\program files (x86)\steam\steam.exe [1242448 2011-03-24] (Valve Corporation)
HKU\Steffen\...\Run: [EA Core] - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll [15376 2010-04-06] (Kaspersky Lab)
AppInit_DLLs-x32: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll [72208 2010-04-06] (Kaspersky Lab)

==================== Services (Whitelisted) =================

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [340456 2009-10-20] (Kaspersky Lab)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
S2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [246520 2010-01-03] ()
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2009-07-14] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29262680 2009-05-27] (Microsoft Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2010-06-16] ()
S2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [428032 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2010-09-04] ()
S3 ioatdma1; C:\Windows\System32\Drivers\qd160x64.sys [40072 2008-01-18] (Intel Corporation)
S1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-09-01] (Kaspersky Lab)
S0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [40464 2009-10-14] (Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [353296 2010-04-06] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27152 2009-09-14] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [21008 2009-10-02] (Kaspersky Lab)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2010-04-26] ()
S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [68608 2005-08-10] (Protection Technology)
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [15872 2005-08-10] (Protection Technology)
S3 gdrv; \??\C:\Windows\gdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-24 18:26 - 2013-10-24 18:26 - 00000000 ____D C:\FRST
2013-10-05 21:55 - 2013-10-05 22:21 - 00000000 ____D C:\gamedata

==================== One Month Modified Files and Folders =======

2013-10-24 18:26 - 2013-10-24 18:26 - 00000000 ____D C:\FRST
2013-10-23 07:43 - 2010-04-06 17:16 - 00000000 ____D C:\Users\Steffen\Desktop\Krempel
2013-10-16 21:03 - 2013-09-11 21:17 - 00000000 ____D C:\S.T.A.L.K.E.R. - Shadow of Chernobyl
2013-10-05 22:21 - 2013-10-05 21:55 - 00000000 ____D C:\gamedata

Some content of TEMP:
====================
C:\Users\Steffen\AppData\Local\Temp\binkw32.dll
C:\Users\Steffen\AppData\Local\Temp\CH.dll
C:\Users\Steffen\AppData\Local\Temp\d2l_Install.exe
C:\Users\Steffen\AppData\Local\Temp\d2l_PlayD2.exe
C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7330014.dll
C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7340014.dll
C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7350008.dll
C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Steffen\AppData\Local\Temp\IcqUpdater.exe
C:\Users\Steffen\AppData\Local\Temp\SIntf16.dll
C:\Users\Steffen\AppData\Local\Temp\SIntf32.dll
C:\Users\Steffen\AppData\Local\Temp\SIntfNT.dll
C:\Users\Steffen\AppData\Local\Temp\war3_Install.exe
C:\Users\Steffen\AppData\Local\Temp\_is22FB.exe
C:\Users\Steffen\AppData\Local\Temp\_is2722.exe
C:\Users\Steffen\AppData\Local\Temp\_is36C9.exe
C:\Users\Steffen\AppData\Local\Temp\_is39B8.exe
C:\Users\Steffen\AppData\Local\Temp\_is41C0.exe
C:\Users\Steffen\AppData\Local\Temp\_is4252.exe
C:\Users\Steffen\AppData\Local\Temp\_is4A48.exe
C:\Users\Steffen\AppData\Local\Temp\_is4C04.exe
C:\Users\Steffen\AppData\Local\Temp\_is6D56.exe
C:\Users\Steffen\AppData\Local\Temp\_is76E4.exe
C:\Users\Steffen\AppData\Local\Temp\_is7DA7.exe
C:\Users\Steffen\AppData\Local\Temp\_is828A.exe
C:\Users\Steffen\AppData\Local\Temp\_is864F.exe
C:\Users\Steffen\AppData\Local\Temp\_is955F.exe
C:\Users\Steffen\AppData\Local\Temp\_is9C34.exe
C:\Users\Steffen\AppData\Local\Temp\_isA540.exe
C:\Users\Steffen\AppData\Local\Temp\_isA61B.exe
C:\Users\Steffen\AppData\Local\Temp\_isA68B.exe
C:\Users\Steffen\AppData\Local\Temp\_isB01C.exe
C:\Users\Steffen\AppData\Local\Temp\_isBFA7.exe
C:\Users\Steffen\AppData\Local\Temp\_isC3AC.exe
C:\Users\Steffen\AppData\Local\Temp\_isCE18.exe
C:\Users\Steffen\AppData\Local\Temp\_isE4B6.exe
C:\Users\Steffen\AppData\Local\Temp\_isF0D.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 4059.49 MB
Available physical RAM: 3488.51 MB
Total Pagefile: 4057.64 MB
Available Pagefile: 3485.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:100 GB) (Free:27.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:831.51 GB) (Free:25.79 GB) NTFS
Drive f: (EAWX_1) (CDROM) (Total:1.42 GB) (Free:0 GB) UDF
Drive k: (INTENSO) (Removable) (Total:14.73 GB) (Free:14.73 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0C19B2D7)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=832 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2010-09-18 08:07

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 24.10.2013, 22:21   #4
aharonov
/// TB-Ausbilder
 
"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! - Standard

"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!



Hi,

dein befallenes Admin-Konto heisst "Steffen"?
Versuch bitte mal den folgenden Fix. Ist der Rechner dann bei einem Neustart immer noch gesperrt?


Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Steffen\AppData\Local\Temp\*.exe
C:\Users\Steffen\AppData\Local\Temp\*.dll
C:\Users\Steffen\AppData\Local\Temp\*
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
cheers,
Leo

Alt 25.10.2013, 08:08   #5
RegularJohn
 
"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! - Standard

"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!



Morgen!

Das Administrator-Konto "Steffen" ist immer noch blockiert!
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013
Ran by SYSTEM at 2013-10-25 08:59:27 Run:1
Running from K:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
C:\Users\Steffen\AppData\Local\Temp\*.exe
C:\Users\Steffen\AppData\Local\Temp\*.dll
C:\Users\Steffen\AppData\Local\Temp\*

*****************

C:\Users\Steffen\AppData\Local\Temp\*.exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\*.dll => Moved successfully.
"C:\Users\Steffen\AppData\Local\Temp\*" => Could not move.

==== End of Fixlog ====
         


Alt 25.10.2013, 09:14   #6
aharonov
/// TB-Ausbilder
 
"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! - Standard

"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!



Ok, dann mal schauen, was OTLpe sieht:


Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLpe Download OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.
__________________
--> "BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!

Alt 25.10.2013, 10:15   #7
RegularJohn
 
"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! - Standard

"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!



Okay das werde ich versuchen!!

Gibts es auch noch eine andere Methode? Weil ich erst Ende nächster Woche wieder Zugriff auf einen Pc mit Brenner habe.

Trotzdem Danke!!

Alt 25.10.2013, 10:39   #8
aharonov
/// TB-Ausbilder
 
"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! - Standard

"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!



Ja wir können gerne noch ein paar andere Sachen probieren.
Ich hab eben bisher weder im MBAM- noch im FRST-Log die Malware ausmachen können.

Logge dich ins befallene Admin-Konto ein. Dann drücke CTRL + ALT + DEL, um den Taskmanager aufzurufen. Wähle Benutzer wechseln (nicht abmelden!) und melde dich dann im Gast-Konto an. Mach dann dort einen OTL-Scan wie folgt (der Haken bei "Scan all Users" ist wichtig):


Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.
__________________
cheers,
Leo

Alt 25.10.2013, 11:36   #9
RegularJohn
 
"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! - Standard

"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!



Okay!
Gesagt getan
Code:
ATTFilter
OTL logfile created on: 25.10.2013 12:15:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gast\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,96 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 68,34% Memory free
7,93 Gb Paging File | 6,44 Gb Available in Paging File | 81,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 831,51 Gb Total Space | 25,57 Gb Free Space | 3,08% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 27,31 Gb Free Space | 27,31% Space Free | Partition Type: NTFS
Drive H: | 14,73 Gb Total Space | 14,73 Gb Free Space | 99,98% Space Free | Partition Type: FAT32
 
Computer Name: STEFFEN-PC | User Name: Gast | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.10.25 12:14:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gast\Desktop\OTL.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.10.03 17:59:22 | 000,204,288 | ---- | M] (AMD) [Auto | Unknown] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (nsi)
SRV:64bit: - [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (NlaSvc)
SRV:64bit: - [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (lmhosts)
SRV:64bit: - [2009.07.14 03:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Unknown] -- C:\Windows\SysNative\ADIDTSFiltService.dll -- (idebusdr)
SRV - [2013.10.09 10:45:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.10.02 09:10:59 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Unknown] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe -- (vToolbarUpdater17.0.12)
SRV - [2013.09.21 20:35:00 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.07.04 18:32:03 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Unknown] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Unknown] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Unknown] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.02.09 13:20:32 | 000,076,888 | ---- | M] () [Auto | Unknown] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.09.05 17:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Unknown] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.04.16 17:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Unknown] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\Rtlservice.exe -- (Realtek11nSU)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Unknown] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.10.02 09:10:59 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013.08.10 01:14:19 | 000,088,480 | ---- | M] () [Kernel | Auto | Unknown] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013.08.10 01:14:19 | 000,046,400 | ---- | M] () [Kernel | Auto | Unknown] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.03 18:56:42 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.10.03 17:22:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.08 11:50:48 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.05.12 11:29:56 | 000,692,768 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.01.28 16:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Unknown] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\S-1-5-21-3988711392-2741257696-3300269237-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3988711392-2741257696-3300269237-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3988711392-2741257696-3300269237-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3988711392-2741257696-3300269237-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 00 20 D1 F7 CF CE 01  [binary data]
IE - HKU\S-1-5-21-3988711392-2741257696-3300269237-501\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3988711392-2741257696-3300269237-501\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE422
IE - HKU\S-1-5-21-3988711392-2741257696-3300269237-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12 [2013.10.02 09:13:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\RelevantKnowledge\firefox [2013.10.23 21:57:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.07.04 18:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.07.04 18:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.04 18:32:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.21 12:11:26 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
 
Hosts file not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Plus-HD-2.3) - {11111111-1111-1111-1111-110311341126} - C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll (Plus HD)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (DealPly Shopping) - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3:64bit: - HKU\S-1-5-21-3988711392-2741257696-3300269237-501\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [1TRi7sGavqT.exe] "C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9\1TRi7sGavqT.exe" File not found
O4 - HKLM..\Run: [lF40kc2sqeD.exe] "C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe" File not found
O4 - HKLM..\Run: [SSoonrEj.exe] "C:\Users\Steffen\AppData\Local\XFoycNjMP2\SSoonrEj.exe" File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3988711392-2741257696-3300269237-501..\Run: [Qyaxseacha] C:\Users\Gast\AppData\Roaming\Yhud\olepf.exe (X-Ways Software Technology AG)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FBE6C14-58BA-4736-86BC-DBDACE14FC23}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
O20 - AppInit_DLLs: (c:\progra~4\bitguard\261694~1.246\{c16c1~1\bitguard.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (cmd.exe) - C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ijeluxa: DllName - (C:\Windows\system32\config\systemprofile\AppData\Local\ijeluxa.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: idebusdr - C:\Windows\SysNative\ADIDTSFiltService.dll (Oak Technology Inc.)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.10.25 12:14:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gast\Desktop\OTL.exe
[2013.10.25 10:23:47 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\Gast\Desktop\OTLPENet.exe
[2013.10.25 08:34:22 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Local\AVG Secure Search
[2013.10.24 16:27:06 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Yhud
[2013.10.24 16:27:06 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Guux
[2013.10.24 16:27:06 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Abymeb
[2013.10.24 16:25:55 | 000,000,000 | ---D | C] -- C:\Users\Gast\Desktop\Neuer Ordner
[2013.10.24 14:59:28 | 000,000,000 | ---D | C] -- C:\Users\Gast\mbar
[2013.10.24 14:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013.10.24 09:04:59 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Local\Diagnostics
[2013.10.24 08:39:53 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Petroglyph
[2013.10.23 21:20:34 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\WinRAR
[2013.10.23 19:02:44 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.10.23 17:56:16 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Local\Adobe
[2013.10.23 15:57:44 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Macromedia
[2013.10.23 15:57:42 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Adobe
[2013.10.23 15:57:34 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Google
[2013.10.23 15:57:32 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Local\Google
[2013.10.23 15:52:00 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Malwarebytes
[2013.10.23 08:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
[2013.10.08 12:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder
[2013.10.05 12:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Centurion - Defender of Rome
[2013.09.26 20:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.09.26 20:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.09.26 20:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013.09.26 20:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.09.26 20:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.09.26 20:43:04 | 000,000,000 | ---D | C] -- C:\AMD
[2013.09.25 20:45:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-SHOC
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.10.25 12:14:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gast\Desktop\OTL.exe
[2013.10.25 10:25:32 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Gast\Desktop\OTLPENet.exe
[2013.10.25 10:20:47 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.10.25 10:20:47 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.10.25 10:12:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.10.25 10:12:28 | 3192,512,512 | -HS- | M] () -- C:\hiberfil.sys
[2013.10.25 10:09:09 | 385,355,457 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.10.24 18:03:38 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.10.24 18:03:38 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.10.24 18:03:38 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.10.24 18:03:38 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.10.24 18:03:38 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.10.24 08:37:14 | 000,027,648 | ---- | M] () -- C:\Users\Gast\Desktop\ModLauncher.exe
[2013.10.23 22:26:42 | 000,055,955 | ---- | M] () -- C:\Users\Gast\Desktop\iceland_president_bail_out_people_jail_banksters_meme.jpg
[2013.10.23 21:13:33 | 000,006,144 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl
[2013.10.23 17:56:02 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2013.10.22 22:43:02 | 000,321,536 | ---- | M] () -- C:\ProgramData\MXJ5mE8ZNh
[2013.10.22 14:05:12 | 000,006,633 | ---- | M] () -- C:\Users\Public\Documents\stalke~1.ltx
[2013.10.18 10:25:00 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.10.09 10:45:27 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.10.09 10:45:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.10.06 16:28:39 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.10.05 23:09:22 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk
[2013.10.02 09:13:04 | 000,003,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013.10.02 09:10:59 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013.09.28 23:11:56 | 000,414,241 | ---- | M] () -- C:\Uninstall.ini
[2013.09.28 23:11:56 | 000,273,164 | ---- | M] () -- C:\Uninstall.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.10.24 08:37:14 | 000,027,648 | ---- | C] () -- C:\Users\Gast\Desktop\ModLauncher.exe
[2013.10.23 22:27:00 | 000,055,955 | ---- | C] () -- C:\Users\Gast\Desktop\iceland_president_bail_out_people_jail_banksters_meme.jpg
[2013.10.23 17:28:28 | 385,355,457 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.10.22 22:43:12 | 000,321,536 | ---- | C] () -- C:\ProgramData\MXJ5mE8ZNh
[2013.10.06 16:28:37 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.09.28 23:11:56 | 000,414,241 | ---- | C] () -- C:\Uninstall.ini
[2013.09.25 20:56:37 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk
[2013.08.31 00:00:42 | 000,000,165 | ---- | C] () -- C:\ProgramData\ssmymagwwxdmyyqkkfu.reg
[2013.08.31 00:00:42 | 000,000,070 | ---- | C] () -- C:\ProgramData\ssmymagwwxdmyyqkkfu.bat
[2013.08.17 09:28:21 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013.06.27 10:12:02 | 000,003,728 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2012.11.30 22:19:34 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2012.11.27 00:48:34 | 000,000,115 | ---- | C] () -- C:\Windows\disney.ini
[2012.11.24 16:40:31 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012.09.01 14:55:04 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.07.12 19:26:51 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.07.04 17:36:20 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2012.02.04 17:16:53 | 000,000,112 | ---- | C] () -- C:\ProgramData\exCKK8Qm.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013.10.25 10:12:33 | 000,004,096 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2013.10.25 10:12:33 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 12:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 10:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.T.A.L.K.E.R_?????? ???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.T.A.L.K.E.R_Смерти вопреки
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 25.10.2013 12:15:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gast\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,96 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 68,34% Memory free
7,93 Gb Paging File | 6,44 Gb Available in Paging File | 81,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 831,51 Gb Total Space | 25,57 Gb Free Space | 3,08% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 27,31 Gb Free Space | 27,31% Space Free | Partition Type: NTFS
Drive H: | 14,73 Gb Total Space | 14,73 Gb Free Space | 99,98% Space Free | Partition Type: FAT32
 
Computer Name: STEFFEN-PC | User Name: Gast | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Steffen\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Steffen\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A9FB13B-1151-4B2C-9C47-371B036033E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{16198DD0-0488-4059-AB8C-770CC3CDF0DF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{34174211-BE07-4DAF-9863-789C11B5BC52}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4B8C3FEB-83D8-4E55-BECA-43AA5F6EA9B8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{52E23EFC-C7A6-4584-B764-F5FECC70F62D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{63580EE8-2CA3-4068-AFFB-36F52271C356}" = lport=138 | protocol=17 | dir=in | app=system | 
"{65FF00DD-B1B1-45ED-AB2E-E7F033F0B091}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7F080ED9-4A7F-4CDF-9138-FFBFF5C2319A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8AD5F47A-9B01-4897-A306-3E07992C6598}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{91C7F510-1257-4113-A23B-9751B5F902D3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9FDBA7B6-EACA-4ED5-AB0E-9D001FF86487}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AADF9A5C-EA5F-483A-947D-9922D2EB41B3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{ABEC3B41-CCA1-4AE2-B69C-1D202C74F28D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B4448F81-77AF-4C9A-8323-03AB11A0FA0E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{BD7E2435-3D6B-427F-94C3-A9545CAE5461}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C16CE4D8-5E09-4D3B-99BC-AF9494EC9253}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C58F16E8-E554-4762-AED4-8619287079D2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C9AEE361-ADF3-4C51-B6A0-9A461AE7F33E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CEFED19B-0DB2-4048-81F2-1D33071AEBF9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DC6013BC-030F-46B0-95EF-BBD68626C54C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E6A8D1E2-96A0-4D7B-8FBD-784F18AB3D65}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EDCBFDB7-1385-4B25-9042-88A53104854B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0076D65C-280A-4FAD-9946-C7BA4E796731}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe | 
"{00D1028F-259D-4A31-B56B-5F5AF7ACF726}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe | 
"{0224DC22-A161-4B39-BA11-3435898BF959}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{06417546-1CE9-4E3C-B977-55BB8FDB07AB}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2 demo\masseffect2launcher.exe | 
"{11AD437A-5FB4-493F-B450-5A3369DC7756}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{123E870D-858B-4176-B66F-973B291077C5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{15FF4887-A1E8-4DFE-B6FB-4F1F51469450}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2 demo\masseffect2launcher.exe | 
"{18664680-8C82-4D86-98FE-F72AB939F9D3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe | 
"{1AE09B4D-B5FC-4DA8-8845-923589FA3585}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
"{1B513430-68FB-4C0A-AEE6-D1C210C6A7BA}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe | 
"{22385D00-6E4B-4A2D-A6AC-ABF69A4823E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{25B43B6D-A64A-443E-927F-46CE63CB2624}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{28C6710B-3766-4D06-89D3-88D4C577CCD3}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{2A2F913F-50EA-423F-8AF4-369ABFB71A91}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe | 
"{2A49E2F3-9597-4567-9644-CDD823D99BF1}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{2A874E56-E5A0-406F-9925-E8BB9534AE06}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{332E7346-C6E0-478C-810B-0FE801F6B277}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{39423D12-8F47-43F0-9159-CE4E8090229D}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe | 
"{3AC13C39-0398-4093-80C5-739DABC00C5C}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{3E25AF89-8150-489E-9B9A-35FA986ABF10}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{3EC813AB-EE4A-4076-B7DB-CBB79CE97964}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe | 
"{41C2F085-79BC-4AD5-90BF-E04FA0CCD400}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{44623131-462C-4462-9BB1-820CC7FBF790}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\initengine.exe | 
"{50FDDF7E-B527-42AF-873B-4EF454F8E334}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe | 
"{51CF650E-D739-41B6-A4C0-AC8F028633AB}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe | 
"{528015C7-2F2A-4747-A295-C9487270364C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e. demo\ruse.exe | 
"{5469A13B-9290-4735-9ED0-CF4EC6DA2D23}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{56C2F9B3-5F35-414E-950A-138F73E661F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine demo\spacemarine.exe | 
"{586D735E-1FD2-424E-B49A-5DF1966F2C94}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{5A4AB6E5-914F-426D-82B7-0577950BD7EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{5D981AF7-1359-461E-B843-4542ADE61285}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5E5139BA-CE6A-4716-B34C-8DB08972C2C1}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{602D127D-F910-405C-8B46-362863E3B778}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{608BDF93-DA9C-4599-9DC6-82C6FD18082D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic.exe | 
"{6358E2E1-1C89-4968-8C19-584A8AC8DACE}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{67A2CD15-60FE-478C-BEDA-60B2FD38DE8C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{6BDCC4D3-18A9-4041-9077-23B375FC9554}" = protocol=6 | dir=in | app=c:\program files (x86)\kalypso\sins of a solar empire\sins of a solar empire.exe | 
"{6CD75F8E-C5C7-4492-9761-BAE985046C98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe | 
"{7057A9E3-B83C-40D6-8579-CDFA28D237F7}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{7CEDCAF0-DB19-4BAA-9E4B-5CEE77F6D69E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7F63E617-1D3C-4818-9E5F-CFFC13BB2A2E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7F8F3C50-B55C-4418-933E-40367D0A5C46}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_online.exe | 
"{843668C5-181A-4B80-BA56-C859243264DC}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{864D99BA-CD94-4073-AEF0-8BC754B3741E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{87AF4317-EAD8-4065-B8B4-6B388C985C92}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2 demo\binaries\masseffect2.exe | 
"{8C6DDB63-DF98-4866-A1E3-5654A8B410CE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{8F6A4C78-1295-43DB-B505-87D13B46BB70}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{90798588-A7DA-4868-A27D-06BEDA2C81AD}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe | 
"{9647E502-57AC-4CB6-AD56-12295F914F53}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe | 
"{965BE9AC-9001-4FFF-A218-D220E0269BA6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9B0CE3D0-FF91-4D3C-8F01-97123619C821}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2 demo\binaries\masseffect2.exe | 
"{9E0C4252-9E45-401D-A496-40F8E474A629}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\initengine.exe | 
"{9ED2FC33-42FA-409D-9EF1-0B33412F6203}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{9F4B1098-3212-4599-B4BA-A18A667F2598}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\universe at war earth assault\uawea.exe | 
"{9F7574CA-FB1D-4E82-9006-DFAEDDA05555}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe | 
"{A3512023-7056-4701-8BF8-E0680C751D7B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_ds.exe | 
"{A44D88D2-56B8-4C56-8213-069B48A8390C}" = protocol=17 | dir=in | app=c:\program files (x86)\kalypso\sins of a solar empire\sins of a solar empire.exe | 
"{A4A5F3A3-1F0D-476E-8893-114742820821}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e. demo\ruse.exe | 
"{A5E67B03-70DB-4662-B9BC-07E1D617EFB0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A64277D5-CF5B-4E55-A00B-E4FE3BBCB9C8}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe | 
"{A87C2CE2-C04A-49A8-9547-09E35EF51FC1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{B4328495-3A39-4436-8185-CD44961035BB}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\universe at war earth assault\uawea.exe | 
"{BE045FD5-EDB3-4E37-8A09-C37AFA4586B3}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe | 
"{BEB9132B-14CD-47AA-B170-4806BB42B94F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BEF84E59-E145-4B24-B8EC-6CEBFB65E4A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{BF968156-ABED-4A90-AF8E-75EBABAF051C}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{BFE0CED4-C50C-49F7-9CA1-3DF2828A5387}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{C05BA984-6E77-4F02-AE0A-17CCC52B562E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{C382C00D-1C01-47B0-9213-4BA6F3F4CDE3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{C8B4F9DB-2402-436B-AADE-DA008AC05534}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_ds.exe | 
"{CF67D649-74CA-4D41-95C8-A642FD47DD5A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic.exe | 
"{CFFD61CA-5B42-4372-8F80-60E19746DEA5}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe | 
"{D6249236-07AA-41FF-A3EB-BB5624730F05}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe | 
"{D76DCE6D-7338-437B-8EC0-C25DEFE86E98}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
"{D9DA1ACE-AD35-490B-987A-E0C3BAE75C31}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{DAF73498-8022-4C06-A022-28316436715C}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | 
"{DB09C4C4-34C3-475D-AB49-2EF1B58B84DA}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe | 
"{DC22A324-D58C-4956-945F-3037E165A5DC}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{DC620B26-66EE-48FD-8E36-165BE38648BE}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{DFE77AE2-7399-4BA9-94FC-9266CD7E4BFB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_online.exe | 
"{E2C5BB94-C83E-4DBE-8395-3D582177D7D6}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{E5E9FDAB-E3DA-410D-A232-8DF6C6085C7B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe | 
"{E64B3BCB-CBE8-4820-9DF5-B569D879FC5F}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{E73A9918-24AE-4C91-B9F6-3EC6D474EAB5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe | 
"{E914FC70-09FE-43A4-85DF-76DE9A2B1511}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{E984ED0A-957F-4E96-AA0A-76DEA174BB71}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | 
"{EEB63646-E60C-4555-95D1-2846C06CE17C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe | 
"{F6555EDA-2191-4411-B203-C35D078B4BB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{F7655D6D-355E-44DA-853C-A7B6F4616F9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine demo\spacemarine.exe | 
"{F78B913C-D5A6-49A5-BB97-0DD4FE63538B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe | 
"{F9FBFAD2-2AB0-466F-B846-063AA72A2094}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"TCP Query User{059645BA-1F00-4FC3-B492-C7D3B2406B76}C:\users\steffen\appdata\local\microsoft\windows\temporary internet files\content.ie5\b0hp8643\download[1].exe" = protocol=6 | dir=in | app=c:\users\steffen\appdata\local\microsoft\windows\temporary internet files\content.ie5\b0hp8643\download[1].exe | 
"TCP Query User{453A4EC6-8D3F-4EEB-BBAB-B1B1462E7834}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{7353496C-5752-4DE1-BC75-5C1C9EF8EEEA}C:\users\steffen\desktop\krempel\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\krempel\starcraft_2_eu_de-de.exe | 
"TCP Query User{7CAD1085-9014-4DE1-AAE2-E24CD1E7805E}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe | 
"TCP Query User{8972FFD0-6206-417F-A590-110023CDBD60}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{8DA69ACC-3F37-462F-87BB-6D8CD8001425}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe | 
"TCP Query User{9BA2BCF7-18E0-4B3F-87D6-DC998E308907}C:\ mechwarrior 4\mw4mercs.exe" = protocol=6 | dir=in | app=c:\ mechwarrior 4\mw4mercs.exe | 
"TCP Query User{9E4A0FE9-1745-4B49-A569-260E8F37AD83}C:\users\steffen\appdata\local\microsoft\windows\temporary internet files\content.ie5\2jw4a73k\download[1].exe" = protocol=6 | dir=in | app=c:\users\steffen\appdata\local\microsoft\windows\temporary internet files\content.ie5\2jw4a73k\download[1].exe | 
"TCP Query User{9F72CCB3-8D95-428D-BE55-6975BA1247C7}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{A6FE6694-9CA3-4C6B-8A76-BEBB11CC10C1}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{ADB52803-2F52-4728-AD83-C517E386CC14}C:\users\steffen\desktop\starcraft_2_eu_de-de(2).exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\starcraft_2_eu_de-de(2).exe | 
"TCP Query User{D67178D7-CE0E-4AC4-9838-DEE9F6ACF334}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe | 
"TCP Query User{EC2B6683-FE4B-469C-9239-CEE563830BD1}C:\program files (x86)\oldgames\dune 2000\dune2000.dat" = protocol=6 | dir=in | app=c:\program files (x86)\oldgames\dune 2000\dune2000.dat | 
"UDP Query User{15B1AA19-7658-4190-88F2-4AD2FCC1ADE2}C:\program files (x86)\oldgames\dune 2000\dune2000.dat" = protocol=17 | dir=in | app=c:\program files (x86)\oldgames\dune 2000\dune2000.dat | 
"UDP Query User{2AF69C6E-8483-45E4-BF79-3D951885B34A}C:\users\steffen\desktop\krempel\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\krempel\starcraft_2_eu_de-de.exe | 
"UDP Query User{3E056F6E-DAC1-4C9A-AAF3-0702D3F44A57}C:\users\steffen\appdata\local\microsoft\windows\temporary internet files\content.ie5\2jw4a73k\download[1].exe" = protocol=17 | dir=in | app=c:\users\steffen\appdata\local\microsoft\windows\temporary internet files\content.ie5\2jw4a73k\download[1].exe | 
"UDP Query User{424030DE-1643-430D-8FB2-6B8738B81DF5}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe | 
"UDP Query User{61868016-D3B5-4FAF-9E8D-0AAD4608B6FF}C:\ mechwarrior 4\mw4mercs.exe" = protocol=17 | dir=in | app=c:\ mechwarrior 4\mw4mercs.exe | 
"UDP Query User{8950B73E-05D5-4D3D-B235-3425CC634B02}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe | 
"UDP Query User{BA7B57CB-D063-4E3D-A098-2DD33532DC96}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{C8B14292-1F1F-4033-B67F-5B258A7854AD}C:\users\steffen\appdata\local\microsoft\windows\temporary internet files\content.ie5\b0hp8643\download[1].exe" = protocol=17 | dir=in | app=c:\users\steffen\appdata\local\microsoft\windows\temporary internet files\content.ie5\b0hp8643\download[1].exe | 
"UDP Query User{D3A36D4E-EF2F-4CA5-8619-59F46F4358A0}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{D783FF1C-A23A-4D48-B61D-19B5E7EEE385}C:\users\steffen\desktop\starcraft_2_eu_de-de(2).exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\starcraft_2_eu_de-de(2).exe | 
"UDP Query User{E3327638-581E-4881-9D56-E2406BC53FDC}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{F31CE2BC-4E59-4805-8B5B-D73B36F59AF7}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe | 
"UDP Query User{FF3C2601-93B5-41A8-9C92-48F44DD92F82}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2364CFB2-935A-C838-AA5A-774FEC1E588D}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416037FF}" = Java(TM) 6 Update 37 (64-bit)
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6F89043A-D077-E434-FCDF-9D7179BE737A}" = AMD Media Foundation Decoders
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.051
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BDAF38DA-C834-6D42-B314-B97BB214E140}" = AMD Drag and Drop Transcoding
"{EDF6B241-8C7B-E74C-A387-5603C41AEEAA}" = AMD AVIVO64 Codecs
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7303166-C685-DCF3-5DE4-3CDA117DCEFF}" = AMD Catalyst Install Manager
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05757DB5-6E9F-97E2-111F-DA2B6E75290F}" = CCC Help Chinese Traditional
"{0983F01E-51B9-AB95-A359-4EA7E06A3B8E}" = CCC Help Korean
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{136E21EB-B3DC-A814-E7FC-EF9D1DC81689}" = CCC Help Hungarian
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BitGuard
"{17FAA4AF-EB06-0050-D3B1-9F1747B9E4AA}" = CCC Help Swedish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1A837B5C-AC31-2F10-DE76-E019DA223EDC}" = Catalyst Control Center Localization All
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F3630F5-C636-49FF-9BF0-F9E2A221E60B}" = Republic at War 1.1.5
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{287A4E96-AC57-4A19-9B51-C5EED2EAB382}" = Star Trek Legacy
"{29D84B61-2248-564D-4255-573E3825ED97}" = Catalyst Control Center
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C9EAF02-35EA-4568-B317-65367828F2CD}_is1" = Geonezis addon for SGM 2.0, âåðñèÿ 2.0
"{3D035310-3D86-4537-93B5-D390A6CF1778}" = ANNO 2070 DEMO
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01]
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{450A2869-616A-48C6-ECCC-59636695F35D}" = CCC Help Danish
"{4912B33D-2F49-5626-103B-6E1F01A82FD3}" = CCC Help Portuguese
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52516A9C-C9DE-6745-DB13-D9628EB99D12}" = CCC Help Turkish
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5504E94C-35E0-45EB-9E62-A5EA9281CF1D}_is1" = The Cursed Zone (BETA) version 1.0
"{57E489DE-46DB-2546-EA42-FB0D704559BE}" = Catalyst Control Center InstallProxy
"{59BB3D25-77C9-EDBC-FF56-5952567BD070}" = CCC Help Thai
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{73BFA936-50E9-0DF6-ADE1-2B22FEDF1C29}" = CCC Help Finnish
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}" = Tom Clancy's EndWar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B2F67C8-C4AC-9093-A94C-CD89566740A7}" = CCC Help Chinese Standard
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{A1459FB6-CCF0-4A18-A6FD-9633B297BC57}_is1" = BlackOps: Unleashed Unitpack 1
"{A1AE7AED-A090-0CD8-BE77-5EE59218F994}" = CCC Help Greek
"{A1C29F65-FA94-88FA-7716-71C842050A19}" = CCC Help Spanish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C38F5ADE-EA15-147A-1539-FB9E48F544B5}" = CCC Help English
"{C4B3B964-173A-2324-D28E-D222026486F7}" = CCC Help Norwegian
"{C6369A55-984D-806C-5725-1A9F663DCCE8}" = CCC Help Czech
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C8F3F9A3-5FD9-463A-939D-946C87B26A75}_is1" = Faction Fronts Clear Sky 1.2.3
"{CA9DAC4A-ADB2-B128-FD79-86DCE24FB8D3}" = CCC Help Italian
"{CB713051-DE08-4700-B43F-6853BE1C35E3}_is1" = ARS Call of Pripyat Mod 0.5
"{CCE4DF4E-0EBE-4380-9F5F-A4762D7FC296}" = Unstoppable Gorg Demo
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB3812C4-8ECB-4151-6256-CE86C52067C1}" = CCC Help German
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E27E5F62-7AB0-3789-56EF-5774482E4DC8}" = CCC Help Russian
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E3CA67A5-53E8-602E-D17A-45EFDE3DDD53}" = HydraVision
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E78B0798-2AD2-25FC-F3F9-C8E4A1131630}" = CCC Help French
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{E8A606FD-B650-34EE-164E-F6A9FAC38421}" = CCC Help Japanese
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF0407CF-760A-46CC-EE33-43CFDCE0FCE5}" = Catalyst Control Center Graphics Previews Common
"{EF175304-DE47-65A8-3D7C-4C78EF05976C}" = CCC Help Polish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F60DDBEA-DCF6-BC00-5B7B-A5253CEFBAC0}" = CCC Help Dutch
"{F6D7FFA6-7DE4-491C-B80F-800FF456CD7E}" = Star Wars Galactic Battlegrounds Trial
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC4E0C7A-BF41-4213-8183-20FB3188B621}_is1" = S.T.A.L.K.E.R.: Ïóòü â Íèêóäà version 1.1
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"«Sigerous Mod äëÿ ÇÏ»_is1" = «Sigerous Mod v2.1»
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alliance 4.7B_is1" = Alliance4.7B
"Alliance Star Trek TOS 2.0_is1" = AllianceSTTOS2.0
"AllianceCW 0.5B_is1" = AllianceCW0.5B
"AllianceSTTOS1.0X_is1" = AllianceSTTOS1.0X
"AVG Secure Search" = AVG Security Toolbar
"Awakening of the Rebellion - Return of the Gameplay" = Awakening of the Rebellion - Return of the Gameplay 1.1 
"Awakening of the Rebellion 2.05" = Awakening of the Rebellion 2.05
"Awakening of the Rebellion2.5 RC-9d" = Awakening of the Rebellion
"Battleships Forever_is1" = Battleships Forever v0.90d
"BattlEye for A2" = BattlEye Uninstall
"Centurion - Defender of Rome_is1" = Centurion - Defender of Rome
"Dawn of War II - Destroyer 40k" = Dawn of War II - Destroyer 40k
"DealPly" = DealPly (remove only)
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Dune200078" = DJ OldGames Package: Dune 2000
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EB Documentation_is1" = EB Documentation 1.1
"FinalMediaPlayer_is1" = Final Media Player 2011
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"FreeFileViewer_is1" = Free File Viewer 2011
"Google Chrome" = Google Chrome
"Inquisition Daemonhunt" = Inquisition Daemonhunt
"InstallShield_{D2BBEABB-A8DF-4451-A7C4-63C87B31E325}" = IL-2 Sturmovik: Forgotten Battles AEP
"InstallShield_{E149E957-F289-45E3-8645-1794A173F5AB}" = Pacific Fighters
"Light Alliance 2.42X_is1" = AllianceL2.42
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"MISERY_is1" = MISERY for S.T.A.L.K.E.R - Call of Pripyat
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mplayer.com" = Mplayer.com
"OpenAL" = OpenAL
"Osoznanie-MOD" = Osoznanie-MOD 8.5
"Plus-HD-2.3" = Plus-HD-2.3
"PunkBusterSvc" = PunkBuster Services
"Republic at War 1.1" = Republic at War 1.1
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"RiseofNationsExpansion 1.0" = Rise of Nations Thrones and Patriots
"Roma Surrectum II" = Roma Surrectum II 2.5
"S.A.T.-Zaton ver. 1.00" = S.A.T.-Zaton ver. 1.00
"S.T.A.L.K.E.R. - Dead City Mod 4.80" = S.T.A.L.K.E.R. - Dead City Mod 4.80
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
"S.T.A.L.K.E.R. Nature Winter 2.3_is1" = S.T.A.L.K.E.R. Nature Winter 2.3
"S.T.A.L.K.E.R_Долина Шорохов_is1" = S.T.A.L.K.E.R_Долина Шорохов
"S.T.A.L.K.E.R_Смерти вопреки_is1" = S.T.A.L.K.E.R_Смерти вопреки
"Sins of a Solar Empire" = Sins of a Solar Empire
"SOTE 1.0B_is1" = SOTE1.0B
"StarCraft II" = StarCraft II
"Starfleet Command" = Starfleet Command
"Starpoint Gemini1.010 DE" = Starpoint Gemini
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 206310" = Crusader Kings II Demo
"Steam App 208140" = Endless Space
"Steam App 210290" = Naval War: Arctic Circle Demo
"Steam App 212070" = Star Conflict
"Steam App 217750" = Age of Conan: Unchained - EU version
"Steam App 218450" = Jagged Alliance Online - Steam Edition
"Steam App 21970" = R.U.S.E
"Steam App 221040" = RESIDENT EVIL 6 / BIOHAZARD 6
"Steam App 221770" = Tryst Demo
"Steam App 222700" = Carrier Command: Gaea Mission Demo
"Steam App 222750" = Wargame: AirLand Battle
"Steam App 22350" = Brink
"Steam App 226240" = Miner Wars 2081 Demo
"Steam App 227960" = Iron Sky Invasion Demo
"Steam App 236390" = War Thunder
"Steam App 257190" = Alien Rage - Demo
"Steam App 40100" = Supreme Commander 2
"Steam App 41810" = Gratuitous Space Battles - Demo
"Steam App 42990" = Sword of the Stars II: Enhanced Edition
"Steam App 43110" = Metro 2033
"Steam App 43160" = Metro: Last Light
"Steam App 49520" = Borderlands 2
"Steam App 55410" = Warhammer 40,000: Space Marine Demo
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 9200" = RAGE
"Trusted Software Assistant_is1" = File Type Assistant
"UA Grand Release" = UA Grand Release
"UEAW v4 " = UEAW v4 
"Uninstall_is1" = Uninstall 1.0.0.1
"Uplay" = Uplay
"uTorrent" = µTorrent
"VASSAL (3.2.5)" = VASSAL (3.2.5)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
 
< End of report >
         

Alt 25.10.2013, 12:31   #10
aharonov
/// TB-Ausbilder
 
"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! - Standard

"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!



Hi,

jetzt ist die Sache doch etwas klarer geworden..
Kannst du bitte nochmals einen Scan mit FRST in den Reperaturoptionen machen. Nach Start der Reperaturoptionen kannst du auswählen, welches Betriebssystem verwendet werden soll. Ist es korrekt, dass du dort zwei Möglichkeiten zur Auswahl hast? Dann wähle dort dieses Mal bitte die andere Option und lass FRST dann wieder nach Anleitung scannen.
__________________
cheers,
Leo

Alt 25.10.2013, 13:09   #11
RegularJohn
 
"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! - Standard

"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!



Soo

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013
Ran by SYSTEM at 2013-10-25 08:59:27 Run:1
Running from K:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
C:\Users\Steffen\AppData\Local\Temp\*.exe
C:\Users\Steffen\AppData\Local\Temp\*.dll
C:\Users\Steffen\AppData\Local\Temp\*

*****************

C:\Users\Steffen\AppData\Local\Temp\*.exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\*.dll => Moved successfully.
"C:\Users\Steffen\AppData\Local\Temp\*" => Could not move.

==== End of Fixlog ====
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013
Ran by SYSTEM on MININT-VFECQCM on 25-10-2013 13:58:14
Running from K:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] cmd.exe [302592 2010-11-20] (Microsoft Corporation) <=== ATTENTION
HKLM-x32\...\Command Processor: "C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe" <======= ATTENTION
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2007-10-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2404376 2013-10-02] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [1TRi7sGavqT.exe] - C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9\1TRi7sGavqT.exe [201600 2013-10-22] (Microsoft Corporation)
HKLM-x32\...\Run: [SSoonrEj.exe] - C:\Users\Steffen\AppData\Local\XFoycNjMP2\SSoonrEj.exe [201600 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [lF40kc2sqeD.exe] - C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe [201600 2013-10-23] (Microsoft Corporation)
HKU\Gast\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-10] (Google Inc.)
HKU\Gast\...\Run: [Qyaxseacha] - C:\Users\Gast\AppData\Roaming\Yhud\olepf.exe [303104 2013-07-21] (X-Ways Software Technology AG)
HKU\Steffen\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1813928 2013-10-09] (Valve Corporation)
HKU\Steffen\...\Run: [Facebook Update] - C:\Users\Steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-21] (Facebook Inc.)
HKU\Steffen\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-10] (Google Inc.)
HKU\Steffen\...\Run: [Yontoo Desktop] - C:\Users\Steffen\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-23] (Yontoo LLC)
HKU\Steffen\...\Run: [Desura] - C:\Program Files (x86)\Desura\desura.exe -autostart
HKU\Steffen\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe  "C:\Users\Steffen\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
HKU\Steffen\...\Run: [Yqinho] - C:\Users\Steffen\AppData\Roaming\Liypaz\punoq.exe
HKU\Steffen\...\Run: [1TRi7sGavqT.exe] - C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9\1TRi7sGavqT.exe [201600 2013-10-22] (Microsoft Corporation)
HKU\Steffen\...\Run: [SSoonrEj.exe] - C:\Users\Steffen\AppData\Local\XFoycNjMP2\SSoonrEj.exe [201600 2013-10-23] (Microsoft Corporation)
HKU\Steffen\...\Run: [lF40kc2sqeD.exe] - C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe [201600 2013-10-23] (Microsoft Corporation)
HKU\Steffen\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Steffen\...\Command Processor: "C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe" <===== ATTENTION!
AppInit_DLLs-x32: c:\progra~4\bitguard\261694~1.246\{c16c1~1\bitguard.dll [ ] ()
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ssmymagwwxdmyyqkkfu.lnk
ShortcutTarget: ssmymagwwxdmyyqkkfu.lnk -> C:\Users\Steffen\AppData\Local\Temp\ufkkqyymdxwwgamymss.bfg (No File)

==================== Services (Whitelisted) =================

S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
S2 idebusdr; C:\Windows\system32\ADIDTSFiltService.dll [6656 2009-07-14] (Oak Technology Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-09] ()
S2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\Rtlservice.exe [36864 2010-04-16] (Realtek)
S2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search)
S2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)
S2 BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x]
S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /svc [x]
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /medsvc [x]
S2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service [x]
S2 Yontoo Desktop Updater; "C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "C:\Users\Steffen\AppData\Roaming\Yontoo\YontooDesktop.exe"

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-08-10] ()
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-08-10] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

NETSVC: idebusdr -> C:\Windows\system32\ADIDTSFiltService.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess

==================== One Month Created Files and Folders ========

2013-10-25 13:58 - 2013-10-25 13:58 - 00000000 ____D C:\FRST
2013-10-25 11:37 - 2013-10-25 11:37 - 00002164 _____ C:\Users\Gast\Desktop\S.T.A.L.K.E.R. COP Trainer +10_.exe - Verknüpfung.lnk
2013-10-25 11:21 - 2013-10-25 11:21 - 00084698 _____ C:\Users\Gast\Desktop\Extras.Txt
2013-10-25 11:21 - 2013-10-25 11:21 - 00067742 _____ C:\Users\Gast\Desktop\OTL.Txt
2013-10-25 11:14 - 2013-10-25 11:14 - 00602112 _____ (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe
2013-10-25 09:23 - 2013-10-25 09:25 - 127231689 _____ (Igor Pavlov) C:\Users\Gast\Desktop\OTLPENet.exe
2013-10-25 09:09 - 2013-10-25 09:09 - 00274368 _____ C:\Windows\Minidump\102513-13962-01.dmp
2013-10-25 07:34 - 2013-10-25 07:34 - 00000000 ____D C:\Users\Gast\AppData\Local\AVG Secure Search
2013-10-24 21:38 - 2013-10-24 21:38 - 00274368 _____ C:\Windows\Minidump\102413-15787-01.dmp
2013-10-24 17:30 - 2013-10-24 17:30 - 00274368 _____ C:\Windows\Minidump\102413-16489-01.dmp
2013-10-24 15:27 - 2013-10-25 09:14 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Guux
2013-10-24 15:27 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Yhud
2013-10-24 15:27 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Abymeb
2013-10-24 15:25 - 2013-10-24 15:26 - 00000000 ____D C:\Users\Gast\Desktop\Neuer Ordner
2013-10-24 14:29 - 2013-10-24 14:29 - 00000460 _____ C:\Users\Gast\Documents\aswMBR.txt
2013-10-24 13:59 - 2013-10-24 13:59 - 00000000 ____D C:\Users\Gast\mbar
2013-10-24 13:51 - 2013-10-24 13:52 - 00000000 ____D C:\ProgramData\Oracle
2013-10-24 07:39 - 2013-10-24 09:39 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Petroglyph
2013-10-24 07:37 - 2013-10-24 07:37 - 00027648 _____ C:\Users\Gast\Desktop\ModLauncher.exe
2013-10-23 20:20 - 2013-10-23 20:20 - 00000000 ____D C:\Users\Gast\AppData\Roaming\WinRAR
2013-10-23 16:56 - 2013-10-23 16:57 - 00000000 ____D C:\Users\Gast\AppData\Local\Adobe
2013-10-23 16:28 - 2013-10-25 09:09 - 385355457 _____ C:\Windows\MEMORY.DMP
2013-10-23 16:28 - 2013-10-23 16:28 - 00274368 _____ C:\Windows\Minidump\102313-22932-01.dmp
2013-10-23 14:57 - 2013-10-23 18:15 - 00000000 ____D C:\Users\Gast\AppData\Local\Google
2013-10-23 14:57 - 2013-10-23 16:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-10-23 14:57 - 2013-10-23 14:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Google
2013-10-23 14:57 - 2013-10-23 14:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia
2013-10-23 14:52 - 2013-10-23 14:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes
2013-10-23 14:26 - 2013-10-23 14:28 - 00000000 ____D C:\Users\Steffen\AppData\Local\lYwRqX78
2013-10-23 07:50 - 2013-10-23 14:24 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-10-23 07:45 - 2013-10-23 14:26 - 00000000 ____D C:\Users\Steffen\AppData\Local\XFoycNjMP2
2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\Users\Steffen\AppData\Roaming\VinhMzalfT
2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\Users\Steffen\AppData\Local\EFGWNMnkjDJ
2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\ProgramData\MXJ5mE8ZNh
2013-10-22 21:42 - 2013-10-23 07:45 - 00000000 ____D C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9
2013-10-21 13:14 - 2013-10-21 13:14 - 00001821 _____ C:\Users\Steffen\Desktop\Stargate - Verknüpfung.lnk
2013-10-21 12:47 - 2013-10-23 08:38 - 00000000 ____D C:\Users\Steffen\Desktop\Babylon 5 Wars
2013-10-17 08:17 - 2013-10-17 08:17 - 00027648 _____ C:\Users\Steffen\Desktop\ModLauncher.exe
2013-10-08 20:35 - 2013-10-08 20:35 - 00000000 ____D C:\Users\Steffen\AppData\Local\Targem
2013-10-08 19:45 - 2013-10-08 19:45 - 00000222 _____ C:\Users\Steffen\Desktop\Star Conflict.url
2013-10-08 11:50 - 2013-10-08 11:59 - 00000000 ____D C:\ProgramData\WarThunder
2013-10-08 11:50 - 2013-10-08 11:50 - 00000000 ____D C:\Users\Steffen\AppData\Local\WarThunder
2013-10-08 09:49 - 2013-10-08 09:49 - 00000222 _____ C:\Users\Steffen\Desktop\War Thunder.url
2013-10-08 08:44 - 2013-10-08 08:44 - 00003156 _____ C:\Windows\System32\Tasks\{EB9FF8E1-7E37-413B-811D-EF5CD26E5573}
2013-10-08 07:19 - 2013-10-08 07:19 - 00000000 ____D C:\Users\Steffen\AppData\Local\Chromium
2013-10-07 11:24 - 2013-10-17 13:37 - 00000178 _____ C:\Users\Steffen\Desktop\Age of Conan Unchained - EU version.url
2013-10-06 15:29 - 2013-10-06 15:30 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\MinerWars
2013-10-06 15:28 - 2013-10-06 15:28 - 01590370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-06 14:41 - 2013-10-06 14:41 - 00000222 _____ C:\Users\Steffen\Desktop\Jagged Alliance Online - Steam Edition.url
2013-09-28 22:11 - 2013-09-28 22:11 - 00414241 _____ C:\Uninstall.ini
2013-09-26 19:58 - 2013-09-26 19:58 - 00003288 _____ C:\Windows\System32\Tasks\{4A8C961A-01B8-4F5C-9F69-8316C44F007C}
2013-09-26 19:48 - 2013-09-26 19:48 - 00000000 ____D C:\ProgramData\ATI
2013-09-26 19:48 - 2013-09-26 19:48 - 00000000 ____D C:\Program Files (x86)\AMD APP
2013-09-26 19:46 - 2013-09-26 19:46 - 00018357 _____ C:\Windows\SysWOW64\CCCInstall_201309262046523347.log
2013-09-26 19:46 - 2013-09-26 19:46 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-09-26 19:43 - 2013-09-26 19:43 - 00000000 ____D C:\AMD
2013-09-25 19:56 - 2013-10-05 22:09 - 00000890 _____ C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk
2013-09-25 19:45 - 2013-09-25 19:59 - 00000000 ____D C:\Users\Public\Documents\STALKER-SHOC

==================== One Month Modified Files and Folders =======

2013-10-25 13:58 - 2013-10-25 13:58 - 00000000 ____D C:\FRST
2013-10-25 12:55 - 2010-10-04 05:53 - 02032322 _____ C:\Windows\WindowsUpdate.log
2013-10-25 12:45 - 2013-02-03 16:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-25 12:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At28.job
2013-10-25 12:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At27.job
2013-10-25 12:22 - 2013-07-21 17:17 - 00000908 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-10-25 12:22 - 2011-03-10 00:20 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-25 12:16 - 2013-07-21 17:16 - 00000298 _____ C:\Windows\Tasks\Dealply.job
2013-10-25 11:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At26.job
2013-10-25 11:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At25.job
2013-10-25 11:38 - 2012-04-13 20:21 - 00001146 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3988711392-2741257696-3300269237-1000UA.job
2013-10-25 11:37 - 2013-10-25 11:37 - 00002164 _____ C:\Users\Gast\Desktop\S.T.A.L.K.E.R. COP Trainer +10_.exe - Verknüpfung.lnk
2013-10-25 11:34 - 2012-03-06 16:45 - 00000406 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2013-10-25 11:21 - 2013-10-25 11:21 - 00084698 _____ C:\Users\Gast\Desktop\Extras.Txt
2013-10-25 11:21 - 2013-10-25 11:21 - 00067742 _____ C:\Users\Gast\Desktop\OTL.Txt
2013-10-25 11:18 - 2013-07-21 17:18 - 00001198 _____ C:\Windows\Tasks\Plus-HD-2.3-updater.job
2013-10-25 11:17 - 2013-07-21 17:17 - 00001202 _____ C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2013-10-25 11:17 - 2013-07-21 17:17 - 00001102 _____ C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2013-10-25 11:16 - 2013-07-21 17:16 - 00001910 _____ C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
2013-10-25 11:16 - 2013-07-21 17:16 - 00001834 _____ C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2013-10-25 11:15 - 2013-07-21 17:17 - 00000904 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-10-25 11:15 - 2013-06-09 04:27 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2013-10-25 11:15 - 2013-06-04 17:13 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-10-25 11:15 - 2011-03-10 00:20 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-25 11:14 - 2013-10-25 11:14 - 00602112 _____ (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe
2013-10-25 10:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At24.job
2013-10-25 10:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At23.job
2013-10-25 09:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At22.job
2013-10-25 09:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At21.job
2013-10-25 09:25 - 2013-10-25 09:23 - 127231689 _____ (Igor Pavlov) C:\Users\Gast\Desktop\OTLPENet.exe
2013-10-25 09:20 - 2009-07-14 05:45 - 00014608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-25 09:20 - 2009-07-14 05:45 - 00014608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-25 09:14 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Guux
2013-10-25 09:12 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-25 09:12 - 2009-07-14 05:51 - 00325320 _____ C:\Windows\setupact.log
2013-10-25 09:09 - 2013-10-25 09:09 - 00274368 _____ C:\Windows\Minidump\102513-13962-01.dmp
2013-10-25 09:09 - 2013-10-23 16:28 - 385355457 _____ C:\Windows\MEMORY.DMP
2013-10-25 09:09 - 2011-07-26 18:28 - 00000000 ____D C:\Windows\Minidump
2013-10-25 08:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At20.job
2013-10-25 08:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At19.job
2013-10-25 07:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At18.job
2013-10-25 07:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At17.job
2013-10-25 07:34 - 2013-10-25 07:34 - 00000000 ____D C:\Users\Gast\AppData\Local\AVG Secure Search
2013-10-24 21:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At46.job
2013-10-24 21:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At45.job
2013-10-24 21:38 - 2013-10-24 21:38 - 00274368 _____ C:\Windows\Minidump\102413-15787-01.dmp
2013-10-24 20:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At44.job
2013-10-24 20:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At43.job
2013-10-24 19:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At42.job
2013-10-24 19:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At41.job
2013-10-24 18:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At40.job
2013-10-24 18:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At39.job
2013-10-24 17:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At38.job
2013-10-24 17:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At37.job
2013-10-24 17:38 - 2012-04-13 20:21 - 00001124 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3988711392-2741257696-3300269237-1000Core.job
2013-10-24 17:30 - 2013-10-24 17:30 - 00274368 _____ C:\Windows\Minidump\102413-16489-01.dmp
2013-10-24 17:03 - 2009-07-14 18:58 - 00696848 _____ C:\Windows\System32\perfh007.dat
2013-10-24 17:03 - 2009-07-14 18:58 - 00148144 _____ C:\Windows\System32\perfc007.dat
2013-10-24 17:03 - 2009-07-14 06:13 - 01613412 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-24 16:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At36.job
2013-10-24 16:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At35.job
2013-10-24 15:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At34.job
2013-10-24 15:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At33.job
2013-10-24 15:27 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Yhud
2013-10-24 15:27 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Abymeb
2013-10-24 15:27 - 2011-04-07 07:16 - 00000000 ____D C:\users\Gast
2013-10-24 15:26 - 2013-10-24 15:25 - 00000000 ____D C:\Users\Gast\Desktop\Neuer Ordner
2013-10-24 14:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At32.job
2013-10-24 14:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At31.job
2013-10-24 14:29 - 2013-10-24 14:29 - 00000460 _____ C:\Users\Gast\Documents\aswMBR.txt
2013-10-24 13:59 - 2013-10-24 13:59 - 00000000 ____D C:\Users\Gast\mbar
2013-10-24 13:52 - 2013-10-24 13:51 - 00000000 ____D C:\ProgramData\Oracle
2013-10-24 13:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At30.job
2013-10-24 13:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At29.job
2013-10-24 09:39 - 2013-10-24 07:39 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Petroglyph
2013-10-24 07:37 - 2013-10-24 07:37 - 00027648 _____ C:\Users\Gast\Desktop\ModLauncher.exe
2013-10-24 06:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At16.job
2013-10-24 06:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At15.job
2013-10-24 05:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At14.job
2013-10-24 05:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At13.job
2013-10-24 04:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At12.job
2013-10-24 04:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At11.job
2013-10-24 03:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At10.job
2013-10-24 03:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At9.job
2013-10-24 02:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At8.job
2013-10-24 02:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At7.job
2013-10-24 01:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At6.job
2013-10-24 01:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At5.job
2013-10-24 00:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At4.job
2013-10-24 00:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At3.job
2013-10-23 23:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At2.job
2013-10-23 23:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At1.job
2013-10-23 22:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At48.job
2013-10-23 22:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At47.job
2013-10-23 20:57 - 2013-04-01 16:04 - 00000000 ____D C:\Program Files (x86)\RelevantKnowledge
2013-10-23 20:20 - 2013-10-23 20:20 - 00000000 ____D C:\Users\Gast\AppData\Roaming\WinRAR
2013-10-23 20:13 - 2009-07-14 05:45 - 00006144 _____ C:\Windows\System32\umstartup.etl
2013-10-23 18:15 - 2013-10-23 14:57 - 00000000 ____D C:\Users\Gast\AppData\Local\Google
2013-10-23 16:57 - 2013-10-23 16:56 - 00000000 ____D C:\Users\Gast\AppData\Local\Adobe
2013-10-23 16:57 - 2013-10-23 14:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-10-23 16:56 - 2011-11-14 18:17 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader 8.lnk
2013-10-23 16:56 - 2011-11-14 18:17 - 00000000 ____D C:\ProgramData\Adobe
2013-10-23 16:28 - 2013-10-23 16:28 - 00274368 _____ C:\Windows\Minidump\102313-22932-01.dmp
2013-10-23 14:58 - 2013-10-23 14:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Google
2013-10-23 14:57 - 2013-10-23 14:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia
2013-10-23 14:52 - 2013-10-23 14:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes
2013-10-23 14:52 - 2011-04-07 07:17 - 00058144 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-23 14:51 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-23 14:28 - 2013-10-23 14:26 - 00000000 ____D C:\Users\Steffen\AppData\Local\lYwRqX78
2013-10-23 14:26 - 2013-10-23 07:45 - 00000000 ____D C:\Users\Steffen\AppData\Local\XFoycNjMP2
2013-10-23 14:26 - 2013-04-01 20:42 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Yontoo
2013-10-23 14:26 - 2011-03-24 09:13 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-23 14:25 - 2011-02-11 14:12 - 00481436 _____ C:\Windows\PFRO.log
2013-10-23 14:24 - 2013-10-23 07:50 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-10-23 14:23 - 2013-07-21 17:16 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-10-23 08:38 - 2013-10-21 12:47 - 00000000 ____D C:\Users\Steffen\Desktop\Babylon 5 Wars
2013-10-23 07:45 - 2013-10-22 21:42 - 00000000 ____D C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9
2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\Users\Steffen\AppData\Roaming\VinhMzalfT
2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\Users\Steffen\AppData\Local\EFGWNMnkjDJ
2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\ProgramData\MXJ5mE8ZNh
2013-10-22 14:55 - 2011-09-27 17:36 - 00000000 ____D C:\Users\Steffen\Desktop\Stoner-Doom Metal
2013-10-22 13:05 - 2013-06-06 15:32 - 00006633 _____ C:\Users\Public\Documents\stalke~1.ltx
2013-10-22 08:49 - 2013-09-06 23:06 - 00000000 ____D C:\Users\Steffen\Desktop\Doom 2
2013-10-21 13:14 - 2013-10-21 13:14 - 00001821 _____ C:\Users\Steffen\Desktop\Stargate - Verknüpfung.lnk
2013-10-20 17:49 - 2011-09-28 14:25 - 00000000 ____D C:\Users\Steffen\Desktop\Games
2013-10-20 12:42 - 2013-09-02 21:21 - 00000000 ____D C:\Users\Steffen\Desktop\Space Battleships
2013-10-20 11:08 - 2010-11-21 19:53 - 00000000 ____D C:\Users\Steffen\Documents\My Games
2013-10-18 09:25 - 2013-07-13 11:54 - 00002188 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-17 13:37 - 2013-10-07 11:24 - 00000178 _____ C:\Users\Steffen\Desktop\Age of Conan Unchained - EU version.url
2013-10-17 08:17 - 2013-10-17 08:17 - 00027648 _____ C:\Users\Steffen\Desktop\ModLauncher.exe
2013-10-16 09:24 - 2013-08-23 07:28 - 00000000 ____D C:\Users\Steffen\Desktop\Star Wars Mods
2013-10-09 14:17 - 2011-03-10 00:20 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-09 14:17 - 2011-03-10 00:20 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-09 09:45 - 2013-02-03 16:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 09:45 - 2012-06-05 20:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 09:45 - 2012-06-05 20:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 23:15 - 2013-09-13 18:40 - 00000000 ____D C:\ProgramData\BitGuard
2013-10-08 20:35 - 2013-10-08 20:35 - 00000000 ____D C:\Users\Steffen\AppData\Local\Targem
2013-10-08 19:45 - 2013-10-08 19:45 - 00000222 _____ C:\Users\Steffen\Desktop\Star Conflict.url
2013-10-08 19:30 - 2013-09-16 08:45 - 00000000 ____D C:\Users\Steffen\Desktop\Codex
2013-10-08 11:59 - 2013-10-08 11:50 - 00000000 ____D C:\ProgramData\WarThunder
2013-10-08 11:57 - 2011-08-10 11:10 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-10-08 11:57 - 2011-08-10 11:10 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-10-08 11:50 - 2013-10-08 11:50 - 00000000 ____D C:\Users\Steffen\AppData\Local\WarThunder
2013-10-08 09:49 - 2013-10-08 09:49 - 00000222 _____ C:\Users\Steffen\Desktop\War Thunder.url
2013-10-08 08:44 - 2013-10-08 08:44 - 00003156 _____ C:\Windows\System32\Tasks\{EB9FF8E1-7E37-413B-811D-EF5CD26E5573}
2013-10-08 07:19 - 2013-10-08 07:19 - 00000000 ____D C:\Users\Steffen\AppData\Local\Chromium
2013-10-07 12:42 - 2011-11-21 14:55 - 00000000 ___RD C:\Users\Steffen\Desktop\FILME!!!
2013-10-07 12:14 - 2010-10-04 06:41 - 00000000 ____D C:\Users\Steffen\Desktop\Krempel
2013-10-07 10:19 - 2012-06-10 14:35 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\uTorrent
2013-10-06 15:30 - 2013-10-06 15:29 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\MinerWars
2013-10-06 15:28 - 2013-10-06 15:28 - 01590370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-06 14:41 - 2013-10-06 14:41 - 00000222 _____ C:\Users\Steffen\Desktop\Jagged Alliance Online - Steam Edition.url
2013-10-05 22:09 - 2013-09-25 19:56 - 00000890 _____ C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk
2013-10-05 11:56 - 2010-06-16 15:52 - 00000000 ____D C:\Program Data
2013-10-03 23:20 - 2010-10-04 06:37 - 00475388 _____ C:\Windows\DirectX.log
2013-10-02 08:13 - 2013-06-27 09:12 - 00003728 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-10-02 08:12 - 2012-06-23 15:09 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-10-02 08:10 - 2012-11-30 07:05 - 00046368 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-09-28 22:11 - 2013-09-28 22:11 - 00414241 _____ C:\Uninstall.ini
2013-09-28 22:11 - 2011-03-04 15:31 - 00273164 _____ C:\Uninstall.exe
2013-09-26 19:58 - 2013-09-26 19:58 - 00003288 _____ C:\Windows\System32\Tasks\{4A8C961A-01B8-4F5C-9F69-8316C44F007C}
2013-09-26 19:48 - 2013-09-26 19:48 - 00000000 ____D C:\ProgramData\ATI
2013-09-26 19:48 - 2013-09-26 19:48 - 00000000 ____D C:\Program Files (x86)\AMD APP
2013-09-26 19:48 - 2010-10-04 06:58 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-09-26 19:48 - 2010-10-04 06:57 - 00000000 ____D C:\Program Files\ATI Technologies
2013-09-26 19:46 - 2013-09-26 19:46 - 00018357 _____ C:\Windows\SysWOW64\CCCInstall_201309262046523347.log
2013-09-26 19:46 - 2013-09-26 19:46 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-09-26 19:43 - 2013-09-26 19:43 - 00000000 ____D C:\AMD
2013-09-25 19:59 - 2013-09-25 19:45 - 00000000 ____D C:\Users\Public\Documents\STALKER-SHOC
2013-09-25 12:22 - 2013-07-21 16:18 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoftTB

ZeroAccess:
C:\Windows\System32\consrv.dll

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe
C:\ProgramData\exCKK8Qm.dat
C:\ProgramData\ssmymagwwxdmyyqkkfu.bat
C:\ProgramData\ssmymagwwxdmyyqkkfu.reg
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job


Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Gast\AppData\Local\Temp\InstHelper.exe
C:\Users\Gast\AppData\Local\Temp\Quarantine.exe
C:\Users\Gast\AppData\Local\Temp\Uninstall_2.exe
C:\Users\Steffen\AppData\Local\Temp\1sysconf.exe
C:\Users\Steffen\AppData\Local\Temp\avguidx.dll
C:\Users\Steffen\AppData\Local\Temp\AVG_toolbar.exe
C:\Users\Steffen\AppData\Local\Temp\binkw32.dll
C:\Users\Steffen\AppData\Local\Temp\CH.dll
C:\Users\Steffen\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Steffen\AppData\Local\Temp\contentDATs.exe
C:\Users\Steffen\AppData\Local\Temp\d2l_Install.exe
C:\Users\Steffen\AppData\Local\Temp\d2l_PlayD2.exe
C:\Users\Steffen\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Steffen\AppData\Local\Temp\DeltaTB.exe
C:\Users\Steffen\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7290008.dll
C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7340014.dll
C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7350008.dll
C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7370007.dll
C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7370010.dll
C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Steffen\AppData\Local\Temp\EBU1024.EXE
C:\Users\Steffen\AppData\Local\Temp\EBU46FD.DLL
C:\Users\Steffen\AppData\Local\Temp\flcsup.exe
C:\Users\Steffen\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Steffen\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\Steffen\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Steffen\AppData\Local\Temp\htmlayout.dll
C:\Users\Steffen\AppData\Local\Temp\ICReinstall_DAEMONToolsLiteSetup.exe
C:\Users\Steffen\AppData\Local\Temp\ICReinstall_installer.exe
C:\Users\Steffen\AppData\Local\Temp\ICReinstall_Notepad++Setup.exe
C:\Users\Steffen\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Steffen\AppData\Local\Temp\LyricsPal.exe
C:\Users\Steffen\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Steffen\AppData\Local\Temp\mfc80.dll
C:\Users\Steffen\AppData\Local\Temp\mfc80u.dll
C:\Users\Steffen\AppData\Local\Temp\mfcm80.dll
C:\Users\Steffen\AppData\Local\Temp\mfcm80u.dll
C:\Users\Steffen\AppData\Local\Temp\msvcm80.dll
C:\Users\Steffen\AppData\Local\Temp\msvcp80.dll
C:\Users\Steffen\AppData\Local\Temp\msvcr80.dll
C:\Users\Steffen\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Steffen\AppData\Local\Temp\OSU.exe
C:\Users\Steffen\AppData\Local\Temp\ResetDevice.exe
C:\Users\Steffen\AppData\Local\Temp\SCC.dll
C:\Users\Steffen\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Steffen\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Steffen\AppData\Local\Temp\SIntf16.dll
C:\Users\Steffen\AppData\Local\Temp\SIntf32.dll
C:\Users\Steffen\AppData\Local\Temp\SIntfNT.dll
C:\Users\Steffen\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Steffen\AppData\Local\Temp\toolbar5709277.exe
C:\Users\Steffen\AppData\Local\Temp\ToolbarHelper.exe
C:\Users\Steffen\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Steffen\AppData\Local\Temp\ubi687C.tmp.exe
C:\Users\Steffen\AppData\Local\Temp\ubiBC92.tmp.exe
C:\Users\Steffen\AppData\Local\Temp\Uninstall.exe
C:\Users\Steffen\AppData\Local\Temp\uninstall5847681.exe
C:\Users\Steffen\AppData\Local\Temp\Uninstaller.exe
C:\Users\Steffen\AppData\Local\Temp\UninstallerGer.dll
C:\Users\Steffen\AppData\Local\Temp\Uninstall_2.exe
C:\Users\Steffen\AppData\Local\Temp\Uninst_eng_reborn.exe
C:\Users\Steffen\AppData\Local\Temp\Verbindungsassistent.exe
C:\Users\Steffen\AppData\Local\Temp\VersionUpdater.exe
C:\Users\Steffen\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\Steffen\AppData\Local\Temp\WTGXMLUtil.dll
C:\Users\Steffen\AppData\Local\Temp\WtgZip.dll
C:\Users\Steffen\AppData\Local\Temp\_is1291.exe
C:\Users\Steffen\AppData\Local\Temp\_is16E0.exe
C:\Users\Steffen\AppData\Local\Temp\_is186.exe
C:\Users\Steffen\AppData\Local\Temp\_is18AE.exe
C:\Users\Steffen\AppData\Local\Temp\_is1B5.exe
C:\Users\Steffen\AppData\Local\Temp\_is1F.exe
C:\Users\Steffen\AppData\Local\Temp\_is2222.exe
C:\Users\Steffen\AppData\Local\Temp\_is28DA.exe
C:\Users\Steffen\AppData\Local\Temp\_is341A.exe
C:\Users\Steffen\AppData\Local\Temp\_is3976.exe
C:\Users\Steffen\AppData\Local\Temp\_is3DDA.exe
C:\Users\Steffen\AppData\Local\Temp\_is3E88.exe
C:\Users\Steffen\AppData\Local\Temp\_is3F32.exe
C:\Users\Steffen\AppData\Local\Temp\_is3FDD.exe
C:\Users\Steffen\AppData\Local\Temp\_is44A3.exe
C:\Users\Steffen\AppData\Local\Temp\_is4E64.exe
C:\Users\Steffen\AppData\Local\Temp\_is5123.exe
C:\Users\Steffen\AppData\Local\Temp\_is5512.exe
C:\Users\Steffen\AppData\Local\Temp\_is6192.exe
C:\Users\Steffen\AppData\Local\Temp\_is63F0.exe
C:\Users\Steffen\AppData\Local\Temp\_is65F9.exe
C:\Users\Steffen\AppData\Local\Temp\_is6666.exe
C:\Users\Steffen\AppData\Local\Temp\_is746.exe
C:\Users\Steffen\AppData\Local\Temp\_is785C.exe
C:\Users\Steffen\AppData\Local\Temp\_is78BF.exe
C:\Users\Steffen\AppData\Local\Temp\_is7B38.exe
C:\Users\Steffen\AppData\Local\Temp\_is855F.exe
C:\Users\Steffen\AppData\Local\Temp\_is9591.exe
C:\Users\Steffen\AppData\Local\Temp\_is9E43.exe
C:\Users\Steffen\AppData\Local\Temp\_isA42B.exe
C:\Users\Steffen\AppData\Local\Temp\_isA822.exe
C:\Users\Steffen\AppData\Local\Temp\_isC390.exe
C:\Users\Steffen\AppData\Local\Temp\_isCBAD.exe
C:\Users\Steffen\AppData\Local\Temp\_isD162.exe
C:\Users\Steffen\AppData\Local\Temp\_isD816.exe
C:\Users\Steffen\AppData\Local\Temp\_isDC60.exe
C:\Users\Steffen\AppData\Local\Temp\_isF16A.exe
C:\Users\Steffen\AppData\Local\Temp\_isF27E.exe
C:\Users\Steffen\AppData\Local\Temp\_isF349.exe
C:\Users\Steffen\AppData\Local\Temp\_isF50.exe
C:\Users\Steffen\AppData\Local\Temp\_isFCF5.exe
C:\Users\Steffen\AppData\Local\Temp\~tmf1687602911666546219.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 4059.49 MB
Available physical RAM: 3412.3 MB
Total Pagefile: 4057.64 MB
Available Pagefile: 3418.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Daten) (Fixed) (Total:831.51 GB) (Free:25.52 GB) NTFS
Drive k: (INTENSO) (Removable) (Total:14.73 GB) (Free:14.73 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System) (Fixed) (Total:100 GB) (Free:27.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0C19B2D7)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=832 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2013-10-25 11:33

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 25.10.2013, 13:33   #12
aharonov
/// TB-Ausbilder
 
"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! - Standard

"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!



So und jetzt sieht man auch was..
Und man sieht ordentlich was, du hast dir da eine ziemlich imposante Malware-Sammlung zugelegt...
Aber Schritt für Schritt - zuerst kommt mal der Sperrbildschirm weg. Kannst du nach folgendem Fix wieder normal in dein Admin-Konto starten?


Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM-x32\...\Winlogon: [Shell] cmd.exe [302592 2010-11-20] (Microsoft Corporation) <=== ATTENTION
HKLM-x32\...\Command Processor: "C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe" <======= ATTENTION
HKLM-x32\...\Run: [1TRi7sGavqT.exe] - C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9\1TRi7sGavqT.exe [201600 2013-10-22] (Microsoft Corporation)
HKLM-x32\...\Run: [SSoonrEj.exe] - C:\Users\Steffen\AppData\Local\XFoycNjMP2\SSoonrEj.exe [201600 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [lF40kc2sqeD.exe] - C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe [201600 2013-10-23] (Microsoft Corporation)
HKU\Gast\...\Run: [Qyaxseacha] - C:\Users\Gast\AppData\Roaming\Yhud\olepf.exe [303104 2013-07-21] (X-Ways Software Technology AG)
HKU\Steffen\...\Run: [Yqinho] - C:\Users\Steffen\AppData\Roaming\Liypaz\punoq.exe
C:\Users\Steffen\AppData\Roaming\Liypaz
HKU\Steffen\...\Run: [1TRi7sGavqT.exe] - C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9\1TRi7sGavqT.exe [201600 2013-10-22] (Microsoft Corporation)
HKU\Steffen\...\Run: [SSoonrEj.exe] - C:\Users\Steffen\AppData\Local\XFoycNjMP2\SSoonrEj.exe [201600 2013-10-23] (Microsoft Corporation)
HKU\Steffen\...\Run: [lF40kc2sqeD.exe] - C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe [201600 2013-10-23] (Microsoft Corporation)
HKU\Steffen\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Steffen\...\Command Processor: "C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe" <===== ATTENTION!
Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ssmymagwwxdmyyqkkfu.lnk
ShortcutTarget: ssmymagwwxdmyyqkkfu.lnk -> C:\Users\Steffen\AppData\Local\Temp\ufkkqyymdxwwgamymss.bfg (No File)
2013-10-24 15:27 - 2013-10-25 09:14 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Guux
2013-10-24 15:27 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Yhud
2013-10-24 15:27 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Abymeb
2013-10-23 14:26 - 2013-10-23 14:28 - 00000000 ____D C:\Users\Steffen\AppData\Local\lYwRqX78
2013-10-23 07:45 - 2013-10-23 14:26 - 00000000 ____D C:\Users\Steffen\AppData\Local\XFoycNjMP2
2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\Users\Steffen\AppData\Roaming\VinhMzalfT
2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\Users\Steffen\AppData\Local\EFGWNMnkjDJ
2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\ProgramData\MXJ5mE8ZNh
2013-10-22 21:42 - 2013-10-23 07:45 - 00000000 ____D C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9
C:\ProgramData\exCKK8Qm.dat
C:\Windows\system32\config\systemprofile\AppData\Local\ijeluxa.dll
C:\ProgramData\ssmymagwwxdmyyqkkfu.bat
C:\ProgramData\ssmymagwwxdmyyqkkfu.reg
C:\Windows\Tasks\At*.job
C:\Users\Steffen\AppData\Local\Temp\*.exe
C:\Users\Steffen\AppData\Local\Temp\*.dll
CMD: dir /a/b "C:\Users\Steffen\AppData\Roaming"
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
cheers,
Leo

Alt 25.10.2013, 14:04   #13
RegularJohn
 
"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! - Standard

"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!



Ja kann das Admin-Konto wieder starten...ohne Sperrbildschirm!

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013
Ran by SYSTEM at 2013-10-25 14:58:17 Run:1
Running from K:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Winlogon: [Shell] cmd.exe [302592 2010-11-20] (Microsoft Corporation) <=== ATTENTION
HKLM-x32\...\Command Processor: "C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe" <======= ATTENTION
HKLM-x32\...\Run: [1TRi7sGavqT.exe] - C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9\1TRi7sGavqT.exe [201600 2013-10-22] (Microsoft Corporation)
HKLM-x32\...\Run: [SSoonrEj.exe] - C:\Users\Steffen\AppData\Local\XFoycNjMP2\SSoonrEj.exe [201600 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [lF40kc2sqeD.exe] - C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe [201600 2013-10-23] (Microsoft Corporation)
HKU\Gast\...\Run: [Qyaxseacha] - C:\Users\Gast\AppData\Roaming\Yhud\olepf.exe [303104 2013-07-21] (X-Ways Software Technology AG)
HKU\Steffen\...\Run: [Yqinho] - C:\Users\Steffen\AppData\Roaming\Liypaz\punoq.exe
C:\Users\Steffen\AppData\Roaming\Liypaz
HKU\Steffen\...\Run: [1TRi7sGavqT.exe] - C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9\1TRi7sGavqT.exe [201600 2013-10-22] (Microsoft Corporation)
HKU\Steffen\...\Run: [SSoonrEj.exe] - C:\Users\Steffen\AppData\Local\XFoycNjMP2\SSoonrEj.exe [201600 2013-10-23] (Microsoft Corporation)
HKU\Steffen\...\Run: [lF40kc2sqeD.exe] - C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe [201600 2013-10-23] (Microsoft Corporation)
HKU\Steffen\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Steffen\...\Command Processor: "C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe" <===== ATTENTION!
Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ssmymagwwxdmyyqkkfu.lnk
ShortcutTarget: ssmymagwwxdmyyqkkfu.lnk -> C:\Users\Steffen\AppData\Local\Temp\ufkkqyymdxwwgamymss.bfg (No File)
2013-10-24 15:27 - 2013-10-25 09:14 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Guux
2013-10-24 15:27 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Yhud
2013-10-24 15:27 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Abymeb
2013-10-23 14:26 - 2013-10-23 14:28 - 00000000 ____D C:\Users\Steffen\AppData\Local\lYwRqX78
2013-10-23 07:45 - 2013-10-23 14:26 - 00000000 ____D C:\Users\Steffen\AppData\Local\XFoycNjMP2
2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\Users\Steffen\AppData\Roaming\VinhMzalfT
2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\Users\Steffen\AppData\Local\EFGWNMnkjDJ
2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\ProgramData\MXJ5mE8ZNh
2013-10-22 21:42 - 2013-10-23 07:45 - 00000000 ____D C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9
C:\ProgramData\exCKK8Qm.dat
C:\Windows\system32\config\systemprofile\AppData\Local\ijeluxa.dll
C:\ProgramData\ssmymagwwxdmyyqkkfu.bat
C:\ProgramData\ssmymagwwxdmyyqkkfu.reg
C:\Windows\Tasks\At*.job
C:\Users\Steffen\AppData\Local\Temp\*.exe
C:\Users\Steffen\AppData\Local\Temp\*.dll
CMD: dir /a/b "C:\Users\Steffen\AppData\Roaming"
         
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\1TRi7sGavqT.exe => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SSoonrEj.exe => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\lF40kc2sqeD.exe => Value deleted successfully.
HKU\Gast\Software\Microsoft\Windows\CurrentVersion\Run\\Qyaxseacha => Value deleted successfully.
HKU\Steffen\Software\Microsoft\Windows\CurrentVersion\Run\\Yqinho => Value deleted successfully.
C:\Users\Steffen\AppData\Roaming\Liypaz => Moved successfully.
HKU\Steffen\Software\Microsoft\Windows\CurrentVersion\Run\\1TRi7sGavqT.exe => Value deleted successfully.
HKU\Steffen\Software\Microsoft\Windows\CurrentVersion\Run\\SSoonrEj.exe => Value deleted successfully.
HKU\Steffen\Software\Microsoft\Windows\CurrentVersion\Run\\lF40kc2sqeD.exe => Value deleted successfully.
HKU\Steffen\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Steffen\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ssmymagwwxdmyyqkkfu.lnk => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\ufkkqyymdxwwgamymss.bfg not found.
C:\Users\Gast\AppData\Roaming\Guux => Moved successfully.
C:\Users\Gast\AppData\Roaming\Yhud => Moved successfully.
C:\Users\Gast\AppData\Roaming\Abymeb => Moved successfully.
C:\Users\Steffen\AppData\Local\lYwRqX78 => Moved successfully.
C:\Users\Steffen\AppData\Local\XFoycNjMP2 => Moved successfully.
C:\Users\Steffen\AppData\Roaming\VinhMzalfT => Moved successfully.
C:\Users\Steffen\AppData\Local\EFGWNMnkjDJ => Moved successfully.
C:\ProgramData\MXJ5mE8ZNh => Moved successfully.
C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9 => Moved successfully.
C:\ProgramData\exCKK8Qm.dat => Moved successfully.
"C:\Windows\system32\config\systemprofile\AppData\Local\ijeluxa.dll" => File/Directory not found.
C:\ProgramData\ssmymagwwxdmyyqkkfu.bat => Moved successfully.
C:\ProgramData\ssmymagwwxdmyyqkkfu.reg => Moved successfully.
C:\Windows\Tasks\At*.job => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\*.exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\*.dll => Moved successfully.

=========  dir /a/b "C:\Users\Steffen\AppData\Roaming" =========

1O1L1I1PtF1F1C1N
Adobe
AppClient
ATI
BabSolution
Babylon
DAEMON Tools Pro
Dealply
DVDVideoSoft
DVDVideoSoftIEHelpers
FFSJ
File Scout
FinalMediaPlayer
FreeFileViewer
GetRightToGo
Google
Identities
InstallShield
Macromedia
Malwarebytes
Media Center Programs
Microsoft
Microsoft Games
MinerWars
Mozilla
My Games
OpenCandy
Petroglyph
runic games
SecuROM
Skype
skypePM
Temp
Titub
Tropico 4 Demo
Tryst
TuneUp Software
Ubisoft
UserTile.png
uTorrent
Vowoy
WinRAR
Xfire
XRay Engine
Yontoo
YourFileDownloader

========= End of CMD: =========


==== End of Fixlog ====
         

Alt 25.10.2013, 14:26   #14
aharonov
/// TB-Ausbilder
 
"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! - Standard

"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!



Prima, dann jetzt weiter im Admin-Konto:


Verschiebe die frst64.exe vom USB-Stick auf den Desktop.
  • Starte dann FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.
__________________
cheers,
Leo

Alt 25.10.2013, 14:38   #15
RegularJohn
 
"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! - Standard

"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!



Okay! Ist das Erste was ich mache wenn ich von der Arbeit komme!

Aber schon mal ein grosses DANKE für die bereits geleistete Hilfe!!!!

Antwort

Themen zu "BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!
abgesicherte, abgesicherten, abgesicherter, abgesicherter modus, abgesicherter modus funktioniert nicht, ahnung, anti-malware, arten, bka-trojaner, blockiert, funktionier, funktioniert, funktioniert nicht, große, malwarebytes, malwarebytes anti-malware, modus, starte, starten, surfe, surfen, troja, versuch, versucht, weiterhelfen



Ähnliche Themen: "BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!


  1. Windows 7 startet nicht! Ebenfalls im "abgesicherter Modus" nicht!
    Plagegeister aller Art und deren Bekämpfung - 03.03.2015 (9)
  2. GVU Trojaner - abgesicherter Modus lässt sich starten, Screen aber "gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 05.04.2014 (7)
  3. GVU Trojaner-Abgesicherter Modus mit Eingabeaufforderung funktioniert nicht
    Log-Analyse und Auswertung - 07.01.2014 (6)
  4. WIN7x64: "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Abgesicherter Modus nicht möglich - bereits einiges versucht
    Plagegeister aller Art und deren Bekämpfung - 23.12.2013 (3)
  5. GVU Trojaner (abgesicherter modus funktioniert nicht)
    Log-Analyse und Auswertung - 23.10.2013 (10)
  6. GVU-Trojaner; abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 02.08.2013 (12)
  7. GVU Trojaner, abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (10)
  8. Trojaner "urheberrecht Verletzung usw." Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (16)
  9. GVU Trojaner - abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 05.06.2013 (13)
  10. Landespolizeidirection Trojaner, abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (3)
  11. GVU Trojaner, abgesicherter Modus funktioniert nicht
    Log-Analyse und Auswertung - 15.05.2013 (7)
  12. GVU Trojaner (Abgesicherter Modus funktioniert nicht)
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (2)
  13. GVU trojaner "abgesicherter modus" funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (3)
  14. Trojaner "Willkommen bei Windows Update" abgesicherter Modus funktioniert nicht!!
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (29)
  15. Bundespolizei Virus --> "Abgesicherter Modus mit Eingabeaufforderung" funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (7)
  16. "BKA Trojaner"/ abgesicherter Modus - Bluescreen
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
  17. Trojaner blockiert Bootvorgang "abgesicherter Modus" und Wiederherstellungstool
    Antiviren-, Firewall- und andere Schutzprogramme - 26.01.2009 (3)

Zum Thema "BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! - Sehr geehrtes Trojaner-Board Team, gestern nachmittag hat sich beim Surfen im Netz ein "BKA-Sperrbildschirm" aufgebaut und blockiert seit dem meinen Administrator-Account.Habe schon versucht einen der 3 abgesicherten Modi zu starten - "BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!...
Archiv
Du betrachtest: "BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.