Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows System ist Blockiert,BKA 50€ Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.02.2012, 22:26   #1
Tomsky51
 
Windows System ist Blockiert,BKA 50€ Virus - Standard

Windows System ist Blockiert,BKA 50€ Virus



Nach dem Hochfahren von Windows Vista und herstellen der Internetverbindung
erscheint Zahlungsaufforderung und System ist blockiert.
Ohne Internetverbindung ist Windows nutzbar.
Habe mit OTL Logdateien erstellt und stell sie gleich mit ein.


OTL logfile created on: 16.02.2012 21:03:00 - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = F:\
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 61,63% Memory free
8,21 Gb Paging File | 6,29 Gb Available in Paging File | 76,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 65,38 Gb Free Space | 14,04% Space Free | Partition Type: NTFS
Drive E: | 4,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1,85 Gb Total Space | 1,76 Gb Free Space | 95,17% Space Free | Partition Type: FAT32

Computer Name: SCHLAFZIMMER-PC | User Name: Tommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Tobit ClipInc\Server\ClipInc-Server.exe ()
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files (x86)\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\OPENLiMiT\siqSEMr.exe (OPENLiMiT SignCubes GmbH)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Users\Tommy\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
PRC - C:\Programme\Creative\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\taxaktuell.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files (x86)\Silvercrest MTS2118 driver\KMConfig.exe (UASSOFT.COM)
PRC - C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\Program Files (x86)\Silvercrest MTS2118 driver\KMProcess.exe (UASSOFT.COM)
PRC - C:\Program Files (x86)\Silvercrest MTS2118 driver\KMWDSrv.exe (UASSOFT.COM)
PRC - C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe ()
PRC - C:\Program Files (x86)\Silvercrest MTS2118 driver\StartAutorun.exe (UASSOFT.COM)
PRC - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Program Files (x86)\Common Files\G DATA\DAVServer\DAVServer.exe (G DATA Software AG)
PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll ()
MOD - C:\Users\Tommy\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3736ba3ecac186f9c5d85f01bda2be98\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\4cb01a1063e99bd543ca34547e28bd44\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9ad65537fa3d6b3c9c01a98586acfa28\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2606f840d6783c9c2307965650735ada\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9895974a8ff48335614f44603ff16a9d\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\400510870f710fd409ee7fc71b4a69aa\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Tobit ClipInc\Player\clipinc$.ger ()
MOD - C:\Program Files (x86)\Tobit ClipInc\Player\TOBITCLT.dll ()
MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\taxaktuell.exe ()
MOD - C:\PROGRAM FILES (X86)\BUHL FINANCE\TAX 2008 STANDARD\wstyle08.dll ()
MOD - C:\PROGRAM FILES (X86)\BUHL FINANCE\TAX 2008 STANDARD\wstyle508.dll ()
MOD - C:\PROGRAM FILES (X86)\BUHL FINANCE\TAX 2008 STANDARD\wstyle108.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\winc08.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\wincb08.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\wglob08.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\rszeus08.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\rsdebug08.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\rswinapi08.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\qtscript08.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\qtsql08.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\qt3compat08.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\qtxml08.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\qtnetwork08.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\qtgui08.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\qtcore08.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\qtzlib08.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\rsodbc08.dll ()
MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\rsdcom08.dll ()
MOD - C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe ()
MOD - C:\Program Files (x86)\Silvercrest MTS2118 driver\keydll.dll ()
MOD - C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncRs.crl ()
MOD - C:\Program Files (x86)\Silvercrest MTS2118 driver\MouseHook.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll ()
SRV:64bit: - (usprserv) -- C:\Windows\SysNative\svchost.exe ()
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ClipInc001) -- C:\Program Files (x86)\Tobit ClipInc\Server\ClipInc-Server.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (aawservice) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (KMWDSERVICE) -- C:\Program Files (x86)\Silvercrest MTS2118 driver\KMWDSrv.exe (UASSOFT.COM)
SRV - (SageDB 5.0) -- C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe ()
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltjx64.sys ()
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys ()
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys ()
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys ()
DRV:64bit: - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys ()
DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys ()
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\657A.tmp ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys ()
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\Drivers\AnyDVD.sys ()
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys ()
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys ()
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys ()
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (irda) -- C:\Windows\SysNative\DRIVERS\irda.sys ()
DRV:64bit: - (irsir) -- C:\Windows\SysNative\DRIVERS\irsir.sys ()
DRV:64bit: - (usbser) -- C:\Windows\SysNative\DRIVERS\usbser.sys ()
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\WG311Tx.sys ()
DRV:64bit: - (ElbyDelay) -- C:\Windows\SysNative\Drivers\ElbyDelay.sys ()
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys ()
DRV:64bit: - (vcd9bus) -- C:\Windows\SysNative\DRIVERS\vcd9bus.sys ()
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\DRIVERS\aksdf.sys ()
DRV:64bit: - (Hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys ()
DRV:64bit: - (Pnp680r) -- C:\Windows\SysNative\DRIVERS\pnp680r.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (Hardlock) -- C:\Windows\SysWOW64\drivers\hardlock.sys (Aladdin Knowledge Systems)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: sharonst@windowslive.com:1.03
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6
FF - prefs.js..extensions.enabledItems: {7C9AE782-DB21-4e40-81FB-AD8A53A6233A}:1.83
FF - prefs.js..extensions.enabledItems: {34ea1c70-42cc-42c5-aa29-ec58b95a343e}:1.5.43.0
FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.18: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.14 16:18:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.02.04 18:19:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.15 18:28:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.26 17:31:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.19 14:23:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.04 18:19:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.14 16:18:45 | 000,000,000 | ---D | M]

[2010.08.25 19:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions
[2010.08.25 19:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.26 18:41:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\63icneww.default\extensions
[2008.08.25 20:06:08 | 000,000,000 | ---D | M] (myBabylon Toolbar) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\63icneww.default\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}
[2012.01.26 18:41:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\63icneww.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.02.15 18:17:22 | 000,000,000 | ---D | M] (Live IP Address) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\63icneww.default\extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}
[2011.12.28 11:02:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\63icneww.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.02.21 16:00:04 | 000,000,000 | ---D | M] (Fire Tv button) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\63icneww.default\extensions\sharonst@windowslive.com
[2011.11.10 17:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2008.10.31 17:57:17 | 000,000,000 | ---D | M] (PDFCreator Toolbar) -- C:\PROGRAM FILES (X86)\PDFCREATOR TOOLBAR\V3.3.0.1\FIREFOX
[2012.01.15 18:28:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.06 16:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2008.08.25 20:05:56 | 000,002,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.10.06 16:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.06 16:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 16:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.06 16:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 16:45:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: InoViewer Plugin (Enabled) = C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files (x86)\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files (x86)\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files (x86)\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CTCheck] C:\Programme\Creative\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll ()
O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.dll ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AS00_Gear311T] C:\Program Files (x86)\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [KMCONFIG] "C:\Program Files (x86)\Silvercrest MTS2118 driver\StartAutorun.exe" KMConfig.exe File not found
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [SCLicense] Reg Error: Invalid data type. File not found
O4 - HKLM..\Run: [SignCubes] "C:\PROGRA~2\OPENLI~1\siqSEMr.exe" -a File not found
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ClipIncSrvTray] C:\Program Files (x86)\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)
O4 - HKCU..\Run: [cogad] "C:\Users\Tommy\AppData\Roaming\cogad\cogad.exe" 61A847B5BBF72810339E3F466188719AB689201522886B092CBD44BD8689220221DD3257 File not found
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [DAVSERVER.EXE] C:\Program Files (x86)\Common Files\G DATA\DAVServer\DAVServer.exe (G DATA Software AG)
O4 - HKCU..\Run: [ffdwnd] C:\Users\Tommy\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKCU..\Run: [Twain] C:\Users\Tommy\AppData\Roaming\Twain\Twain.exe File not found
O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CEBBC53-0FFD-447B-B8D9-306B9EDCBC10}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94C34F67-51F3-480B-8FE5-8F9F4A98BEAD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0D03874-6439-4305-8FAE-E6DCC737BCD0}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9BCDEB2-D3D5-4B64-BE3C-F966A0978C22}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O30:64bit: - LSA: Authentication Packages - (C:\\Windows\\system32\\vtUopOih) - File not found
O30 - LSA: Authentication Packages - (C:\\Windows\\system32\\vtUopOih) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.24 06:43:12 | 000,000,224 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{9c99bc96-a5ef-11de-8067-001966585d91}\Shell - "" = AutoRun
O33 - MountPoints2\{9c99bc96-a5ef-11de-8067-001966585d91}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2006.05.24 11:36:40 | 000,950,272 | R--- | M] ()
O33 - MountPoints2\{e4e15fd8-deb9-11e0-ad0f-001966585d91}\Shell - "" = AutoRun
O33 - MountPoints2\{e4e15fd8-deb9-11e0-ad0f-001966585d91}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006.05.24 11:36:40 | 000,950,272 | R--- | M] ()
O33 - MountPoints2\{fd26ed01-c320-11de-ad4f-001966585d91}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.02.13 06:34:22 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2012.02.07 19:00:26 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\Marcel
[2012.02.07 14:37:54 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\SmartCards
[2012.02.07 14:37:54 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\AttributeCertificates
[2012.02.04 18:58:31 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Nokia Suite
[2012.02.04 18:36:06 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Local\NokiaAccount
[2012.02.04 18:35:58 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Nokia
[2012.02.04 18:20:14 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Local\Nokia
[2012.02.04 18:20:10 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\PC Suite
[2012.02.04 18:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2012.02.04 18:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012.02.04 18:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.02.04 18:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2012.02.04 18:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2012.02.03 11:48:20 | 000,000,000 | ---D | C] -- C:\oventrop
[2012.02.03 11:32:14 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Fax dateien
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Tommy\Documents\*.tmp files -> C:\Users\Tommy\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.02.16 21:05:10 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.16 20:59:59 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\kgowsytp.job
[2012.02.16 19:53:14 | 001,427,198 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.16 19:53:14 | 000,621,692 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.16 19:53:14 | 000,589,884 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.16 19:53:14 | 000,123,460 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.16 19:53:14 | 000,101,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.16 19:47:22 | 000,002,497 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
[2012.02.16 19:47:07 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.16 19:47:05 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.16 19:47:05 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.16 19:46:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.16 19:46:54 | 4294,238,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.16 18:39:05 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2BF7C0AF-D00F-48CB-BB90-A40D89FD3861}.job
[2012.02.12 18:51:19 | 000,001,356 | ---- | M] () -- C:\Users\Tommy\AppData\Local\d3d9caps.dat
[2012.02.07 14:47:28 | 000,000,615 | ---- | M] () -- C:\Users\Tommy\Desktop\BieterModul.ini
[2012.02.06 21:19:41 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.02.05 14:57:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.02.04 18:37:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2012.02.04 18:37:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.02.04 18:19:40 | 000,001,927 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.02.03 11:44:23 | 000,001,821 | ---- | M] () -- C:\Users\Tommy\Desktop\OVsol.lnk
[2012.02.03 11:44:22 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\OVsol.lnk
[2012.01.26 15:03:53 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Tommy\Documents\*.tmp files -> C:\Users\Tommy\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.02.13 21:33:58 | 4294,238,208 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.07 14:47:28 | 000,000,615 | ---- | C] () -- C:\Users\---\Desktop\BieterModul.ini
[2012.02.05 14:57:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.02.04 18:49:05 | 000,172,544 | ---- | C] () -- C:\Windows\SysNative\drivers\WUDFRd.sys
[2012.02.04 18:49:04 | 000,681,472 | ---- | C] () -- C:\Windows\SysNative\WUDFx.dll
[2012.02.04 18:49:04 | 000,226,816 | ---- | C] () -- C:\Windows\SysNative\WUDFHost.exe
[2012.02.04 18:49:04 | 000,182,784 | ---- | C] () -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.02.04 18:49:04 | 000,112,128 | ---- | C] () -- C:\Windows\SysNative\drivers\WUDFPf.sys
[2012.02.04 18:49:04 | 000,075,264 | ---- | C] () -- C:\Windows\SysNative\WUDFSvc.dll
[2012.02.04 18:49:04 | 000,044,544 | ---- | C] () -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.02.04 18:37:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2012.02.04 18:37:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.02.04 18:37:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012.02.04 18:37:06 | 000,654,928 | ---- | C] () -- C:\Windows\SysNative\drivers\Wdf01000.sys
[2012.02.04 18:37:06 | 000,042,064 | ---- | C] () -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.02.04 18:19:40 | 000,001,927 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.02.04 18:18:19 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2012.02.03 11:44:22 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\OVsol.lnk
[2012.01.12 19:10:55 | 000,000,512 | ---- | C] () -- C:\Windows\SysWow64\siqP11.dll.sig
[2012.01.12 18:35:27 | 000,000,061 | ---- | C] () -- C:\Windows\SysWow64\siq0pfx.ini
[2011.10.10 18:56:19 | 000,000,022 | ---- | C] () -- C:\Windows\MANOMETERconfig.ini
[2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.05.26 20:17:22 | 000,184,208 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.04.04 11:38:04 | 000,009,590 | RHS- | C] () -- C:\Windows\innova3.ini
[2011.02.23 17:35:52 | 001,448,202 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.04 09:24:03 | 000,000,760 | ---- | C] () -- C:\Users\---\AppData\Roaming\setup_ldm.iss
[2010.03.14 16:18:29 | 000,023,716 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.03.14 16:15:43 | 000,078,212 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009.09.20 16:40:22 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\cmll10sx.dll
[2009.07.15 15:28:41 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\vcext.sys
[2009.04.07 13:49:45 | 000,000,039 | ---- | C] () -- C:\Windows\ONLINE.INI
[2009.03.25 17:29:15 | 000,004,096 | -H-- | C] () -- C:\Users\---\AppData\Local\keyfile3.drm
[2009.03.18 19:25:08 | 000,000,748 | RH-- | C] () -- C:\Windows\SysWow64\ttri.dat
[2009.03.10 09:26:55 | 000,012,717 | R--- | C] () -- C:\Windows\hpwscr14.dat
[2009.03.10 09:25:45 | 000,206,162 | ---- | C] () -- C:\Windows\hpwins14.dat
[2009.03.06 16:50:43 | 000,000,098 | ---- | C] () -- C:\Windows\odbc_merge.INI
[2009.02.12 19:47:07 | 000,000,516 | ---- | C] () -- C:\Windows\ODBCINST.ini
[2009.01.15 21:03:18 | 000,000,786 | ---- | C] () -- C:\Windows\wiso.ini
[2009.01.14 22:04:32 | 000,000,003 | ---- | C] () -- C:\Windows\sbacknt.bin
[2009.01.03 20:05:31 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2009.01.01 22:26:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.01.01 22:25:09 | 000,100,043 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.01.01 22:24:59 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.12.08 12:53:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2008.12.07 13:08:06 | 000,795,648 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.12.07 13:08:04 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008.11.30 15:22:51 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2008.11.30 15:22:49 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2008.11.30 15:22:48 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2008.11.19 11:19:14 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\BH_DATA120VC8.dll
[2008.11.14 18:17:24 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2008.11.14 18:16:02 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2008.11.14 18:14:34 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2008.11.14 18:14:22 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2008.11.10 23:07:26 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\FKStampPainter20.dll
[2008.10.19 16:59:49 | 001,285,632 | ---- | C] () -- C:\Windows\SysWow64\MhCglobal10.dll
[2008.10.19 16:59:49 | 000,450,560 | ---- | C] () -- C:\Windows\SysWow64\PEGRC32B.dll
[2008.10.19 16:59:49 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\PEGRC32A.dll
[2008.09.01 17:47:44 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2008.08.18 16:40:24 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2008.06.09 20:02:30 | 000,001,108 | R--- | C] () -- C:\Windows\hpwmdl14.dat
[2008.04.01 15:44:09 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.03.24 11:41:31 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.03.24 10:10:33 | 000,000,083 | -HS- | C] () -- C:\Users\---\AppData\Roaming\.zreglib
[2008.02.10 21:28:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.02.10 21:23:08 | 000,210,456 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008.02.10 21:23:08 | 000,206,360 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008.02.10 21:23:08 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008.02.10 21:23:08 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008.02.10 21:23:08 | 000,194,072 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008.02.10 21:23:08 | 000,026,136 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008.02.06 21:51:11 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.02.02 18:00:15 | 000,001,356 | ---- | C] () -- C:\Users\---\AppData\Local\d3d9caps.dat
[2008.02.02 17:11:00 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2008.02.02 16:25:41 | 000,121,344 | ---- | C] () -- C:\Users\---\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.02 16:14:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.02.02 15:17:36 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll
[2008.02.02 15:17:36 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe
[2008.02.02 14:59:55 | 000,003,754 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008.02.02 14:59:53 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008.02.02 14:48:05 | 000,002,188 | ---- | C] () -- C:\Users\---\AppData\Local\d3d9caps64.dat
[2007.09.04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 16:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:26:55 | 000,018,271 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004.03.25 11:38:50 | 000,000,032 | ---- | C] () -- C:\Windows\RBuilder.ini
[2003.02.20 14:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2001.12.12 13:41:36 | 000,041,472 | ---- | C] () -- C:\Windows\SysWow64\W32btstp.dll
[2001.12.12 13:41:36 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\W32btxlt.dll
[1998.02.09 03:00:00 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\bw32000c.dll
[1998.02.09 03:00:00 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\bw320007.dll
[1998.02.09 02:00:00 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\owl53v.dll
[1995.05.22 03:50:00 | 000,097,072 | ---- | C] () -- C:\Windows\SysWow64\Bwcc0007.dll
[1995.05.22 03:50:00 | 000,096,928 | ---- | C] () -- C:\Windows\SysWow64\Bwcc000c.dll

========== LOP Check ==========

[2009.02.22 14:07:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Alnera
[2009.02.24 14:30:57 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Autodesk
[2008.03.30 12:05:23 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Buhl Data Service
[2009.01.23 17:49:25 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\cogad
[2010.05.16 19:26:00 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ComfortSoft
[2008.09.13 20:19:26 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DeepBurner
[2011.11.07 16:19:28 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\elsterformular
[2012.01.15 17:56:47 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Foxit Software
[2011.04.04 11:37:57 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\innoPlus
[2009.03.18 19:23:57 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\LANGMaster
[2010.04.04 09:24:09 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Leadertech
[2009.02.12 21:17:40 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Lexware
[2008.10.19 17:00:27 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\mh-software
[2012.02.04 18:58:29 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Nokia
[2012.02.04 18:58:31 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Nokia Suite
[2010.09.19 10:25:27 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Notepad++
[2010.08.06 07:09:12 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OpenOffice.org
[2012.02.04 19:10:26 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\PC Suite
[2008.02.21 17:37:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ROUTE 66 Sync
[2008.10.05 17:05:33 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\SAD
[2011.11.04 20:01:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Samsung
[2009.10.30 17:04:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Solarberater_DE
[2011.06.30 15:36:08 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TeamViewer
[2010.08.25 19:43:25 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Thunderbird
[2008.09.01 17:50:26 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Tobit
[2009.01.23 17:49:14 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Twain
[2008.02.10 21:36:45 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Ulead Systems
[2012.01.06 20:23:31 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Unity
[2011.03.18 17:52:38 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\uTorrent
[2009.01.14 22:13:28 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\vghd
[2011.05.29 11:15:49 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\wilo.quick-select.13CA3E470454785AFB88622FD035C2B9B8F137C0.1
[2009.02.15 19:53:13 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1
[2012.02.16 20:59:59 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\kgowsytp.job
[2012.02.16 19:45:48 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.02.16 18:39:05 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2BF7C0AF-D00F-48CB-BB90-A40D89FD3861}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:EB7E2581D4A0210E


< End of report >

Alt 16.02.2012, 22:42   #2
Chris4You
 
Windows System ist Blockiert,BKA 50€ Virus - Standard

Windows System ist Blockiert,BKA 50€ Virus



Hi,

das ist anscheinend noch was ekeliges auf dem Rechner... das wird interessant...
Das nächste mal bitte das log in code tags einschließen!

OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [ffdwnd] C:\Users\Tommy\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2012.02.16 20:59:59 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\kgowsytp.job
[2009.01.14 22:13:28 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\vghd
O4 - HKCU..\Run: [cogad] "C:\Users\Tommy\AppData\Roaming\cogad\cogad.exe" 61A847B5BBF72810339E3F466188719AB689201522886B092CBD44BD8689220221DD3257 File not found

:Commands
[purity]
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

Für mich:
O30:64bit: - LSA: Authentication Packages - (C:\\Windows\\system32\\vtUopOih) - File not found
O30 - LSA: Authentication Packages - (C:\\Windows\\system32\\vtUopOih) - File not found
__________________

__________________

Geändert von Chris4You (16.02.2012 um 22:55 Uhr)

Alt 17.02.2012, 13:48   #3
Tomsky51
 
Windows System ist Blockiert,BKA 50€ Virus - Standard

Windows System ist Blockiert,BKA 50€ Virus



Habe alles abgearbeitet.System läuft und wird nicht mehr blockiert.
Sende Log von OTL und Malwarebytes.
Superarbeit. Kann euch nur tausend mal danken.
Hoffe das alles bereinigt wurde.
__________________

Alt 17.02.2012, 13:52   #4
Chris4You
 
Windows System ist Blockiert,BKA 50€ Virus - Standard

Windows System ist Blockiert,BKA 50€ Virus



Hi,

bitte ein neues OTL-Log, diesmal in code-Tags eingeschlossen...

Achtung: Der Fix hat nicht funktioniert! Es gibt noch einen Job der unter Garantie die Viecher wieder nachzieht!:
[2012.02.16 20:59:59 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\kgowsytp.job
Entweder per Hand sofort löschen oder sofort log posten (bin nachher für ca. 3 h unterwegs).....

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Geändert von Chris4You (17.02.2012 um 14:00 Uhr)

Alt 17.02.2012, 14:14   #5
Tomsky51
 
Windows System ist Blockiert,BKA 50€ Virus - Standard

Windows System ist Blockiert,BKA 50€ Virus



Hier nochmal die neue OTLextra Datei.Die OTL ist zu groß zum hochladen.


Alt 17.02.2012, 14:22   #6
Chris4You
 
Windows System ist Blockiert,BKA 50€ Virus - Standard

Windows System ist Blockiert,BKA 50€ Virus



Hi,

die brauche ich aber, bitte packen/zippen und anhängen...

chris
__________________
--> Windows System ist Blockiert,BKA 50€ Virus

Alt 17.02.2012, 14:40   #7
Tomsky51
 
Windows System ist Blockiert,BKA 50€ Virus - Standard

Windows System ist Blockiert,BKA 50€ Virus



Hier die OTL Datei.

Alt 18.02.2012, 15:13   #8
Chris4You
 
Windows System ist Blockiert,BKA 50€ Virus - Standard

Windows System ist Blockiert,BKA 50€ Virus



Hi,


Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Users\Tommy\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [ffdwnd] C:\Users\Tommy\AppData\Local\Mozilla\Firefox\firefox.exe File not found
O4 - HKCU..\Run: [Twain] C:\Users\Tommy\AppData\Roaming\Twain\Twain.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O30:64bit: - LSA: Authentication Packages - (C:\\Windows\\system32\\vtUopOih) -  File not found
O30 - LSA: Authentication Packages - (C:\\Windows\\system32\\vtUopOih) -  File not found
[2012.02.17 14:00:01 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\kgowsytp.job
@Alternate Data Stream - 24 bytes -> C:\Windows:EB7E2581D4A0210E
@Alternate Data Stream - 152 bytes -> C:\Users\Tommy\Documents\Meisterbrief.JPG:3or4kl4x13tuuug3Byamue2s4b
MOD - C:\Users\Tommy\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll ()

:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Superantispyware (SASW):
http://www.trojaner-board.de/51871-a...tispyware.html

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu Windows System ist Blockiert,BKA 50€ Virus
.com, 0x00000001, ad-aware, adobe, alternate, askbar, avira, bho, blockiert, bonjour, cs3, defender, desktop, device driver, error, excel, firefox, format, google earth, logfile, microsoft office 2003, mozilla, mozilla thunderbird, netgear, plug-in, registry, scan, server, svchost.exe, system, version=1.0, virus, vista, windows




Ähnliche Themen: Windows System ist Blockiert,BKA 50€ Virus


  1. paysafe virus blockiert system
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (15)
  2. Virus eingefangen, System blockiert, Deutschlandflagge, 50€
    Plagegeister aller Art und deren Bekämpfung - 16.04.2012 (5)
  3. Windows System blockiert 50 Euro Virus
    Log-Analyse und Auswertung - 22.03.2012 (19)
  4. 50€ Virus blockiert System
    Log-Analyse und Auswertung - 09.03.2012 (1)
  5. (2x) Bundespolizeit-Virus - System blockiert!
    Mülltonne - 06.03.2012 (2)
  6. 50 € Virus - Aus Sicherheitsgründen wurde ihr Windows System blockiert
    Log-Analyse und Auswertung - 29.02.2012 (30)
  7. 50 Euro Virus, Windows System blockiert!
    Plagegeister aller Art und deren Bekämpfung - 18.02.2012 (15)
  8. Windows System blockiert - Virus Windows Vista
    Log-Analyse und Auswertung - 17.02.2012 (13)
  9. '50Euro Virus' blockiert mein System
    Log-Analyse und Auswertung - 14.02.2012 (1)
  10. 50€ virus => windows system wurde aus sicherheitsgründen blockiert
    Plagegeister aller Art und deren Bekämpfung - 06.02.2012 (1)
  11. 50 Euro Virus blockiert Windows- System
    Log-Analyse und Auswertung - 18.01.2012 (12)
  12. Windows-System blockiert - 50 Euro Virus
    Log-Analyse und Auswertung - 13.01.2012 (31)
  13. Pc wird blockiert: Aus Sicherheitsgründen wurde ihr Windows System blockiert.....
    Log-Analyse und Auswertung - 29.12.2011 (19)
  14. "Windows wird aus Sicherheitsgründen blockiert"Virus blockiert System
    Log-Analyse und Auswertung - 22.12.2011 (4)
  15. virus aus sicherheitsgründen wurde das system blockiert
    Plagegeister aller Art und deren Bekämpfung - 21.12.2011 (7)
  16. Gehe zum ersten neuen Beitrag Aus Sicherheitsgründen wurde ihr windows System blockiert (auf Windows
    Log-Analyse und Auswertung - 16.12.2011 (16)
  17. Pc wird blockiert: Aus Sicherheitsgründen wurde ihr Windows System blockiert.....
    Plagegeister aller Art und deren Bekämpfung - 12.12.2011 (7)

Zum Thema Windows System ist Blockiert,BKA 50€ Virus - Nach dem Hochfahren von Windows Vista und herstellen der Internetverbindung erscheint Zahlungsaufforderung und System ist blockiert. Ohne Internetverbindung ist Windows nutzbar. Habe mit OTL Logdateien erstellt und stell sie gleich - Windows System ist Blockiert,BKA 50€ Virus...
Archiv
Du betrachtest: Windows System ist Blockiert,BKA 50€ Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.