| |
| |||||||
Log-Analyse und Auswertung: BKA-Virus - Windows wird gespert - 50€ zum entsperren bezahlenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.03.2012, 22:53
| #1 |
| |  BKA-Virus - Windows wird gespert - 50€ zum entsperren bezahlen Guten Abend Trojaner-Board, ich habe mir leider beim surfen eine Art BKA-Virus eingefangen. Wenn ich mein System normal mit Internet starte kommt direkt die Meldung das mein Rechner gespert wurde und ich 50€ bezahlen soll um das System zu entsperren. Ohne Internetverbindung bzw der abegesicherte Modus funktioniert jedoch. Habe die Scans im Anhang hinzugefügt (ich hoffe ich hab alles richtig gemacht). Wäre super wenn mir jemand helfen könnte. mfg |
|
10.03.2012, 23:21
| #2 |
| /// Malwareteam   | BKA-Virus - Windows wird gespert - 50€ zum entsperren bezahlen Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Führe Malwarebytes um abgesicherten Modus aus. Downloade Dir bitte Malwarebytes
|
|
10.03.2012, 23:41
| #3 |
| | BKA-Virus - Windows wird gespert - 50€ zum entsperren bezahlen ok habe den scan durchlaufen lassen und eine Datei gelöscht.
__________________Hier der log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.10.05 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] Schutz: Deaktiviert 10.03.2012 23:26:53 mbam-log-2012-03-10 (23-26-53).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 204164 Laufzeit: 3 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\***\AppData\Local\Skype\Skype.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
10.03.2012, 23:57
| #4 |
| /// Malwareteam | BKA-Virus - Windows wird gespert - 50€ zum entsperren bezahlen Mach dies auch im abgesicherten Mdous. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
|
|
11.03.2012, 00:24
| #5 |
| | BKA-Virus - Windows wird gespert - 50€ zum entsperren bezahlen ok hier nun das OTL.txt Code:
ATTFilter OTL logfile created on: 11.03.2012 00:02:29 - Run 1 OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\***\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 88,27% Memory free 6,50 Gb Paging File | 6,15 Gb Available in Paging File | 94,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 152,71 Gb Free Space | 65,58% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 53,10 Gb Free Space | 22,80% Space Free | Partition Type: NTFS Drive F: | 4,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 465,65 Gb Total Space | 105,94 Gb Free Space | 22,75% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.10 23:59:26 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2010.09.04 07:29:53 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (GDScan) SRV - File not found [On_Demand | Stopped] -- -- (GDBackupSvc) SRV - File not found [Disabled | Stopped] -- -- (AVKWCtl) SRV - [2012.03.09 14:55:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.02.09 16:46:10 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.22 23:40:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.09.22 11:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Stopped] -- D:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.04.30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Synth3dVsc) DRV - File not found [Kernel | System | Stopped] -- -- (GDMnIcpt) DRV - File not found [Kernel | Boot | Stopped] -- -- (GDBehave) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (EagleXNt) DRV - [2012.02.15 19:53:45 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.09.22 23:40:00 | 010,318,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.07.31 22:22:21 | 000,431,672 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2011.07.23 15:22:30 | 000,030,256 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\GRD.sys -- (GRD) DRV - [2011.07.23 15:20:27 | 000,039,800 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.29 13:01:56 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.05.29 13:01:56 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.01.12 22:30:07 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\jfdcd.sys -- (jfdcd) DRV - [2009.05.01 00:03:06 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC) DRV - [2009.05.01 00:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2009.04.30 23:59:58 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2009.04.30 15:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 72 DB C4 17 34 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "chrome://foxtab/content/homepage.html" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 22:24:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.26 20:28:56 | 000,000,000 | ---D | M] [2010.05.08 20:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.05.08 20:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2012.02.28 22:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8p477klx.default\extensions [2011.07.27 17:44:09 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8p477klx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.25 13:30:17 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8p477klx.default\extensions\firefox@ghostery.com [2012.02.11 15:06:55 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8p477klx.default\extensions\foxyproxy@eric.h.jung [2012.02.28 22:43:26 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8p477klx.default\extensions\https-everywhere@eff.org [2012.02.13 19:59:53 | 000,000,933 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8p477klx.default\searchplugins\11-suche.xml [2012.02.13 19:59:53 | 000,002,419 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8p477klx.default\searchplugins\englische-ergebnisse.xml [2012.02.13 19:59:53 | 000,010,525 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8p477klx.default\searchplugins\gmx-suche.xml [2012.02.13 19:59:53 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8p477klx.default\searchplugins\lastminute.xml [2012.02.13 19:59:53 | 000,005,508 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8p477klx.default\searchplugins\webde-suche.xml [2011.11.12 00:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.03 13:22:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.08.01 11:10:21 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8P477KLX.DEFAULT\EXTENSIONS\{6BDC61AE-7B80-44A3-9476-E1D121EC2238}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8P477KLX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8P477KLX.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8P477KLX.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.02.17 22:24:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.02 22:00:13 | 000,000,826 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (BHO) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G DATA\AVKProxy\BanksafeBHO.dll File not found O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2495E64F-B7CA-4F61-A70B-02DD20E95BCA}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A312167-DF47-4ABD-A888-49578C85D9D1}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.10.06 16:01:16 | 000,000,044 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{4cb24f5f-5ad5-11df-b14f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4cb24f5f-5ad5-11df-b14f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2011.10.06 16:01:18 | 000,355,920 | R--- | M] (Valve Corporation) O33 - MountPoints2\{4f1e6841-6b40-11df-a9e7-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4f1e6841-6b40-11df-a9e7-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe O33 - MountPoints2\{e95480ba-5b3a-11df-9d37-001d92341435}\Shell - "" = AutoRun O33 - MountPoints2\{e95480ba-5b3a-11df-9d37-001d92341435}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C93AA845-4D55-4044-A5F5-59F491D66BFE} - Microsoft Bing Bar ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: >{B2AB4BD6-9E8C-44C8-ADC2-158804622F88} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - - File not found MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - File not found MsConfig - StartUpReg: G DATA AntiVirus Trayapplication - hkey= - key= - File not found MsConfig - StartUpReg: GDFirewallTray - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - D:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: KPeerNexonEU - hkey= - key= - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) MsConfig - StartUpReg: Logitech Vid - hkey= - key= - File not found MsConfig - StartUpReg: Logitech Vid HD - hkey= - key= - File not found MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () MsConfig - StartUpReg: LWS - hkey= - key= - File not found MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - C:\Programme\Pando Networks\Media Booster\PMB.exe () MsConfig - StartUpReg: PMBVolumeWatcher - hkey= - key= - D:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SkypeM - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "startup" - 1 MsConfig - State: "bootini" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.03.10 23:59:25 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.03.10 21:23:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\NPE [2012.03.10 21:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.03.10 21:05:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.03.10 21:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.10 21:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.10 21:05:39 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.10 21:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.10 20:47:27 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.03.09 14:55:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat [2012.02.20 13:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP [2012.02.19 02:15:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ProgSense [2012.02.19 02:15:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Orbit [2012.02.19 02:15:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenCandy [2012.02.10 14:52:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2012.02.10 13:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.02.10 13:46:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.02.10 13:46:28 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.02.10 13:46:28 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.02.10 13:46:28 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.02.10 13:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.10 23:59:26 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.03.10 23:34:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.10 23:34:28 | 2616,647,680 | -HS- | M] () -- C:\hiberfil.sys [2012.03.10 22:43:04 | 000,001,109 | ---- | M] () -- C:\Users\***\Desktop\Gmer.rar [2012.03.10 22:10:43 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.03.10 21:39:24 | 004,461,140 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.10 21:39:24 | 001,337,600 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.10 21:39:24 | 000,334,962 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.10 21:39:24 | 000,051,938 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.10 21:26:15 | 006,868,458 | ---- | M] () -- C:\Users\***\AppData\Roaming\SMRBackup250.dat [2012.03.10 21:05:40 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.10 21:02:40 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.10 21:02:40 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.10 20:48:11 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2012.03.10 10:46:43 | 000,000,298 | ---- | M] () -- C:\Users\***\Documents\Table flipp.rtf [2012.02.25 02:34:59 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2012.02.25 00:41:50 | 000,001,621 | ---- | M] () -- C:\Users\***\Documents\Top Songs.m3u [2012.02.24 12:15:25 | 000,000,800 | ---- | M] () -- C:\Users\***\Desktop\ePSXe.exe - Verknüpfung.lnk [2012.02.20 13:20:21 | 000,000,732 | ---- | M] () -- C:\Users\***\Desktop\WinSCP.lnk [2012.02.16 18:38:14 | 000,383,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.15 19:53:45 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.02.12 19:02:12 | 000,001,282 | ---- | M] () -- C:\Users\***\Desktop\VisualBoyAdvance.lnk [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.10 22:43:04 | 000,001,109 | ---- | C] () -- C:\Users\***\Desktop\Gmer.rar [2012.03.10 22:10:27 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.03.10 21:25:56 | 006,868,458 | ---- | C] () -- C:\Users\***\AppData\Roaming\SMRBackup250.dat [2012.03.10 21:05:40 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.10 20:48:11 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012.03.10 10:46:42 | 000,000,298 | ---- | C] () -- C:\Users\***\Documents\Table flipp.rtf [2012.02.24 12:15:27 | 000,000,800 | ---- | C] () -- C:\Users\***\Desktop\ePSXe.exe - Verknüpfung.lnk [2012.02.24 00:28:26 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll [2012.02.23 20:36:32 | 000,001,621 | ---- | C] () -- C:\Users\***\Documents\Top Songs.m3u [2012.02.20 13:20:21 | 000,000,732 | ---- | C] () -- C:\Users\***\Desktop\WinSCP.lnk [2012.02.20 13:20:21 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2012.02.12 19:02:14 | 000,001,282 | ---- | C] () -- C:\Users\***\Desktop\VisualBoyAdvance.lnk [2012.02.09 15:52:33 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2012.01.26 21:18:30 | 000,140,492 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012.01.02 22:43:44 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.20 18:34:51 | 140,913,982 | ---- | C] () -- C:\Users\***\AppData\Roaming\.minecraft.rar [2011.09.22 11:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.07.27 17:29:18 | 000,348,160 | ---- | C] () -- C:\Windows\System32\cdga.dll [2011.07.08 10:46:43 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.07.03 12:06:44 | 000,366,683 | ---- | C] () -- C:\Windows\System32\sig.bin [2011.06.23 19:16:55 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.06.23 19:16:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.23 18:24:47 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2011.06.14 14:53:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2011.06.11 22:52:08 | 000,000,091 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2011.05.31 07:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll [2011.05.31 07:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll [2011.01.29 18:49:21 | 000,000,000 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.10.25 13:15:04 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.09.03 19:09:51 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2010.09.03 19:09:51 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2010.09.03 19:09:51 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2010.09.03 19:08:38 | 000,031,079 | ---- | C] () -- C:\Windows\DIIUnin.dat [2010.07.27 07:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010.07.27 07:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2010.07.27 07:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010.07.16 21:45:34 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.07.03 21:19:53 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.06.07 16:12:47 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2010.05.30 03:50:37 | 000,140,072 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.05.30 03:50:37 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2010.05.30 03:50:08 | 000,280,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.05.30 03:50:07 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.05.30 03:50:06 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe [2010.05.09 11:41:40 | 000,000,108 | ---- | C] () -- C:\Windows\ChssBase.ini [2010.05.08 20:01:18 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.05.08 20:01:17 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.05.08 19:39:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2011.12.17 17:16:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2010.07.11 16:21:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux [2011.11.03 19:50:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus [2012.03.03 23:30:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ChessBase [2012.01.04 00:35:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011.07.31 22:26:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2010.05.29 17:39:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro [2011.09.12 14:01:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DiskAid [2011.07.27 17:44:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.06.29 15:45:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.14 12:40:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FOG Downloader [2012.02.08 15:46:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeVideoConverter [2012.01.10 18:41:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.10.25 13:02:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.12.07 17:05:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2010.10.25 13:16:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2010.05.16 19:46:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mount&Blade [2011.10.02 23:55:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2012.02.19 02:15:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2010.05.09 09:02:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.02.19 02:21:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit [2011.09.29 22:09:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2012.02.19 02:15:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense [2011.06.14 20:21:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster [2010.05.29 18:15:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Red Alert 3 [2011.06.27 14:47:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy [2010.05.08 20:08:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Songbird2 [2011.06.14 17:30:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds [2010.07.16 15:56:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly [2012.02.11 16:32:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TIPP10 [2011.02.20 14:39:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2011.06.13 23:13:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle [2010.11.27 23:49:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2010.06.02 22:01:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2011.10.27 11:36:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net [2012.02.09 14:10:30 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.06.02 21:37:18 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.09.30 14:44:43 | 000,000,000 | ---D | M] -- C:\.jagex_cache_32 [2011.06.23 16:01:17 | 000,000,000 | ---D | M] -- C:\273f4867d76515742f10733f54d881ca [2011.06.15 08:04:17 | 000,000,000 | ---D | M] -- C:\5d82a99d3818ec6d843fda81bafd [2011.06.28 14:28:10 | 000,000,000 | -HSD | M] -- C:\Boot [2012.02.16 16:12:32 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2011.07.27 17:33:01 | 000,000,000 | ---D | M] -- C:\ConverterOutput [2006.11.02 16:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.05.06 16:11:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.10.22 12:28:07 | 000,000,000 | ---D | M] -- C:\Downloads [2012.01.03 17:35:56 | 000,000,000 | ---D | M] -- C:\Filme [2012.03.10 20:47:27 | 000,000,000 | -HSD | M] -- C:\found.000 [2012.01.02 11:33:26 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.10.02 10:55:03 | 000,000,000 | ---D | M] -- C:\Nexon [2011.06.23 18:34:44 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.03.10 21:05:39 | 000,000,000 | R--D | M] -- C:\Program Files [2010.05.08 17:27:17 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.03.10 21:23:09 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.05.06 16:11:27 | 000,000,000 | -HSD | M] -- C:\Programme [2010.05.08 19:19:07 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.02.06 20:10:09 | 000,000,000 | ---D | M] -- C:\Shogi [2012.01.03 17:37:17 | 000,000,000 | ---D | M] -- C:\Spiele [2012.03.10 19:39:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.06.23 18:36:52 | 000,000,000 | R--D | M] -- C:\Users [2012.03.10 21:26:58 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-09 13:55:12 < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.03.2012 00:02:29 - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\***\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 88,27% Memory free
6,50 Gb Paging File | 6,15 Gb Available in Paging File | 94,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 152,71 Gb Free Space | 65,58% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 53,10 Gb Free Space | 22,80% Space Free | Partition Type: NTFS
Drive F: | 4,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 465,65 Gb Total Space | 105,94 Gb Free Space | 22,75% Space Free | Partition Type: FAT32
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.scr [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{12590B15-4807-0466-3588-55E57B4B220A}" = simfy
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11 WM Edition
"{1AD2EC5E-9A73-452B-8C87-43D2E32C3831}" = Fritz11 WM Edition
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 25
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83EE1D72-072F-4381-AF50-5F0133AE8715}" = RuntimeLibsVC05
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86286ABC-4081-4BD3-B710-190B314BCE18}" = ChessBase Reader
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C67A3F9D-E55D-4288-B4EC-1B9863EFB288}" = Razer Megalodon Firmware Updater
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D6330700-4083-48DD-A03C-E209674E7836}" = ChessBase Reader
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battlelog Web Plugins" = Battlelog Web Plugins
"CBLight 2009" = CBLight 2009
"ChessPad 2.0.1_is1" = ChessPad 2.0.1
"Client" = Client
"Cucusoft DVD to iPod Converter_is1" = Cucusoft DVD to iPod Converter 7.27
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo II" = Diablo II
"DiskAid_is1" = DiskAid 4.64
"ESN Sonar-0.70.0" = ESN Sonar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video Converter_is1" = Free Video Converter V 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"iLivid" = iLivid
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"IpodConverter_is1" = IpodConverter 1.1
"IrfanView" = IrfanView (remove only)
"lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mp3tag" = Mp3tag v2.49
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Origin" = Origin
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"Pinball Arcade Trial Version 1.0" = Microsoft Pinball Arcade Trial
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"Simfy" = simfy
"StarCraft II" = StarCraft II
"Steam App 400" = Portal
"Steam App 42910" = Magicka
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TIPP10_is1" = TIPP10 Version 2.1.0
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"Vindictus EU" = Vindictus EU
"VLC media player" = VLC media player 1.1.0
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.3.6
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10.03.2012 05:23:30 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.5.0.124, Zeitstempel:
0x4e96a02b Name des fehlerhaften Moduls: Flash10t.ocx, Version: 10.3.181.26, Zeitstempel:
0x4df339cd Ausnahmecode: 0xc0000005 Fehleroffset: 0x00027428 ID des fehlerhaften Prozesses:
0xa80 Startzeit der fehlerhaften Anwendung: 0x01ccfe9f4930845e Pfad der fehlerhaften
Anwendung: C:\Program Files\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\Macromed\Flash\Flash10t.ocx Berichtskennung: b2fae1ec-6a92-11e1-ab0e-001d92341435
Error - 10.03.2012 05:31:11 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 10.03.2012 08:36:26 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 10.03.2012 13:05:37 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 10.03.2012 14:03:50 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 10.03.2012 15:56:02 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 10.03.2012 16:10:19 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 10.03.2012 16:34:13 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 10.03.2012 16:39:24 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 10.03.2012 19:03:39 | Computer Name = ***-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 10.03.2012 18:58:15 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.03.2012 18:58:15 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.03.2012 18:59:30 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 10.03.2012 18:59:30 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 10.03.2012 19:03:15 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.03.2012 19:03:15 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.03.2012 19:03:15 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.03.2012 19:05:21 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.03.2012 19:05:21 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.03.2012 19:05:21 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
|
|
11.03.2012, 00:32
| #6 |
| /// Malwareteam | BKA-Virus - Windows wird gespert - 50€ zum entsperren bezahlen Schritt 1
Code:
ATTFilter :OTL
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (BHO) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G DATA\AVKProxy\BanksafeBHO.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.10.06 16:01:16 | 000,000,044 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{4cb24f5f-5ad5-11df-b14f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4cb24f5f-5ad5-11df-b14f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2011.10.06 16:01:18 | 000,355,920 | R--- | M] (Valve Corporation)
O33 - MountPoints2\{4f1e6841-6b40-11df-a9e7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4f1e6841-6b40-11df-a9e7-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{e95480ba-5b3a-11df-9d37-001d92341435}\Shell - "" = AutoRun
O33 - MountPoints2\{e95480ba-5b3a-11df-9d37-001d92341435}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
:Commands
[purity]
[emptytemp]
Kommt die Meldung noch? |
|
11.03.2012, 00:36
| #7 |
| | BKA-Virus - Windows wird gespert - 50€ zum entsperren bezahlen ja ich mache das jetzt gleich alles und schonmal danke für die schnelle hilfe  |
|
11.03.2012, 00:45
| #8 |
| | BKA-Virus - Windows wird gespert - 50€ zum entsperren bezahlen hier der log: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0124123D-61B4-456f-AF86-78C53A0790C5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found.
C:\autoexec.bat moved successfully.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cb24f5f-5ad5-11df-b14f-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cb24f5f-5ad5-11df-b14f-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cb24f5f-5ad5-11df-b14f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cb24f5f-5ad5-11df-b14f-806e6f6e6963}\ not found.
File move failed. F:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f1e6841-6b40-11df-a9e7-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f1e6841-6b40-11df-a9e7-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f1e6841-6b40-11df-a9e7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f1e6841-6b40-11df-a9e7-806e6f6e6963}\ not found.
File G:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e95480ba-5b3a-11df-9d37-001d92341435}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e95480ba-5b3a-11df-9d37-001d92341435}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e95480ba-5b3a-11df-9d37-001d92341435}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e95480ba-5b3a-11df-9d37-001d92341435}\ not found.
File L:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
File L:\LaunchU3.exe -a not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***
->Temp folder emptied: 1535917376 bytes
->Temporary Internet Files folder emptied: 24243628 bytes
->Java cache emptied: 37810498 bytes
->FireFox cache emptied: 70772015 bytes
->Flash cache emptied: 4208909 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 311296 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 162753044 bytes
RecycleBin emptied: 39917192 bytes
Total Files Cleaned = 1.789,00 mb
OTL by OldTimer - Version 3.2.36.2 log created on 03112012_003745
|
|
11.03.2012, 00:47
| #9 |
| /// Malwareteam | BKA-Virus - Windows wird gespert - 50€ zum entsperren bezahlen Kannst Du in den Normalmodus starten? |
|
11.03.2012, 00:53
| #10 |
| | BKA-Virus - Windows wird gespert - 50€ zum entsperren bezahlen ok habe jetzt im normalen Modus gestartet. scheint alles zu funktionieren, auch wenn ich glaube das mein i-net etwas länger braucht(vilt auch nur einbildung). ist mein rechner jetzt wieder "sauber"? |
|
11.03.2012, 01:06
| #11 |
| /// Malwareteam | BKA-Virus - Windows wird gespert - 50€ zum entsperren bezahlen Schritt 1 Mach dies im Normalmodus: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
|
|
11.03.2012, 01:26
| #12 |
| | BKA-Virus - Windows wird gespert - 50€ zum entsperren bezahlen ich muss mich entschuldigen das ich solange gebraucht habe um zu antworten, aber ich habe komplett über sehen das es eine 2 Seite gibt^^ nach den scan habe ich allerdings nur die OTL.txt bekommen und keine Extras.txt Code:
ATTFilter OTL logfile created on: 11.03.2012 01:15:51 - Run 2 OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\***\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 76,17% Memory free 6,50 Gb Paging File | 5,59 Gb Available in Paging File | 85,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 154,16 Gb Free Space | 66,20% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 53,10 Gb Free Space | 22,80% Space Free | Partition Type: NTFS Drive F: | 4,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 465,65 Gb Total Space | 105,98 Gb Free Space | 22,76% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.10 23:59:26 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.09.22 23:40:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.09.22 23:40:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.09.22 23:40:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.09.22 11:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- D:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe ========== Modules (No Company Name) ========== MOD - [2010.09.04 07:29:53 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (GDScan) SRV - File not found [On_Demand | Stopped] -- -- (GDBackupSvc) SRV - File not found [Disabled | Stopped] -- -- (AVKWCtl) SRV - [2012.03.09 14:55:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.02.09 16:46:10 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.22 23:40:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.09.22 11:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- D:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.04.30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (jfdcd) DRV - File not found [Kernel | System | Stopped] -- -- (GDMnIcpt) DRV - File not found [Kernel | Boot | Stopped] -- -- (GDBehave) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (EagleXNt) DRV - [2012.02.15 19:53:45 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.09.22 23:40:00 | 010,318,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.07.31 22:22:21 | 000,431,672 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2011.07.23 15:22:30 | 000,030,256 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD) DRV - [2011.07.23 15:20:27 | 000,039,800 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.29 13:01:56 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.05.29 13:01:56 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.05.01 00:03:06 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC) DRV - [2009.05.01 00:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2009.04.30 23:59:58 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2009.04.30 15:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 72 DB C4 17 34 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "chrome://foxtab/content/homepage.html" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 22:24:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.26 20:28:56 | 000,000,000 | ---D | M] [2010.05.08 20:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.05.08 20:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2012.02.28 22:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8p477klx.default\extensions [2011.07.27 17:44:09 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8p477klx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.25 13:30:17 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8p477klx.default\extensions\firefox@ghostery.com [2012.02.11 15:06:55 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8p477klx.default\extensions\foxyproxy@eric.h.jung [2012.02.28 22:43:26 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8p477klx.default\extensions\https-everywhere@eff.org [2012.02.13 19:59:53 | 000,000,933 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8p477klx.default\searchplugins\11-suche.xml [2012.02.13 19:59:53 | 000,002,419 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8p477klx.default\searchplugins\englische-ergebnisse.xml [2012.02.13 19:59:53 | 000,010,525 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8p477klx.default\searchplugins\gmx-suche.xml [2012.02.13 19:59:53 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8p477klx.default\searchplugins\lastminute.xml [2012.02.13 19:59:53 | 000,005,508 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8p477klx.default\searchplugins\webde-suche.xml [2011.11.12 00:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.03 13:22:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.08.01 11:10:21 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8P477KLX.DEFAULT\EXTENSIONS\{6BDC61AE-7B80-44A3-9476-E1D121EC2238}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8P477KLX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8P477KLX.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8P477KLX.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.02.17 22:24:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.02 22:00:13 | 000,000,826 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2495E64F-B7CA-4F61-A70B-02DD20E95BCA}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A312167-DF47-4ABD-A888-49578C85D9D1}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.06 16:01:16 | 000,000,044 | R--- | M] () - F:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C93AA845-4D55-4044-A5F5-59F491D66BFE} - Microsoft Bing Bar ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: >{B2AB4BD6-9E8C-44C8-ADC2-158804622F88} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - - File not found MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - File not found MsConfig - StartUpReg: G DATA AntiVirus Trayapplication - hkey= - key= - File not found MsConfig - StartUpReg: GDFirewallTray - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - D:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: KPeerNexonEU - hkey= - key= - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) MsConfig - StartUpReg: Logitech Vid - hkey= - key= - File not found MsConfig - StartUpReg: Logitech Vid HD - hkey= - key= - File not found MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () MsConfig - StartUpReg: LWS - hkey= - key= - File not found MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - C:\Programme\Pando Networks\Media Booster\PMB.exe () MsConfig - StartUpReg: PMBVolumeWatcher - hkey= - key= - D:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SkypeM - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "startup" - 1 MsConfig - State: "bootini" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.11 00:37:45 | 000,000,000 | ---D | C] -- C:\_OTL [2012.03.10 23:59:25 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.03.10 21:23:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\NPE [2012.03.10 21:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.03.10 21:05:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.03.10 21:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.10 21:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.10 21:05:39 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.10 21:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.10 20:47:27 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.03.09 14:55:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat [2012.02.20 13:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP [2012.02.19 02:15:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ProgSense [2012.02.19 02:15:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Orbit [2012.02.19 02:15:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenCandy [2012.02.10 14:52:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2012.02.10 13:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.02.10 13:46:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.02.10 13:46:28 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.02.10 13:46:28 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.02.10 13:46:28 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.02.10 13:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira ========== Files - Modified Within 30 Days ========== [2012.03.11 00:54:15 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.11 00:54:15 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.11 00:53:18 | 004,475,682 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.11 00:53:18 | 001,342,118 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.11 00:53:18 | 000,334,962 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.11 00:53:18 | 000,051,938 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.11 00:48:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.11 00:48:24 | 2616,647,680 | -HS- | M] () -- C:\hiberfil.sys [2012.03.10 23:59:26 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.03.10 22:43:04 | 000,001,109 | ---- | M] () -- C:\Users\***\Desktop\Gmer.rar [2012.03.10 22:10:43 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.03.10 21:26:15 | 006,868,458 | ---- | M] () -- C:\Users\***\AppData\Roaming\SMRBackup250.dat [2012.03.10 21:05:40 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.10 20:48:11 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2012.03.10 10:46:43 | 000,000,298 | ---- | M] () -- C:\Users\***\Documents\Table flipp.rtf [2012.02.25 02:34:59 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2012.02.25 00:41:50 | 000,001,621 | ---- | M] () -- C:\Users\***\Documents\Top Songs.m3u [2012.02.24 12:15:25 | 000,000,800 | ---- | M] () -- C:\Users\***\Desktop\ePSXe.exe - Verknüpfung.lnk [2012.02.16 18:38:14 | 000,383,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.15 19:53:45 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.02.12 19:02:12 | 000,001,282 | ---- | M] () -- C:\Users\***\Desktop\VisualBoyAdvance.lnk ========== Files Created - No Company Name ========== [2012.03.10 22:43:04 | 000,001,109 | ---- | C] () -- C:\Users\***\Desktop\Gmer.rar [2012.03.10 22:10:27 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.03.10 21:25:56 | 006,868,458 | ---- | C] () -- C:\Users\***\AppData\Roaming\SMRBackup250.dat [2012.03.10 21:05:40 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.10 20:48:11 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012.03.10 10:46:42 | 000,000,298 | ---- | C] () -- C:\Users\***\Documents\Table flipp.rtf [2012.02.24 12:15:27 | 000,000,800 | ---- | C] () -- C:\Users\***\Desktop\ePSXe.exe - Verknüpfung.lnk [2012.02.24 00:28:26 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll [2012.02.23 20:36:32 | 000,001,621 | ---- | C] () -- C:\Users\***\Documents\Top Songs.m3u [2012.02.20 13:20:21 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2012.02.12 19:02:14 | 000,001,282 | ---- | C] () -- C:\Users\***\Desktop\VisualBoyAdvance.lnk [2012.02.09 15:52:33 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2012.01.26 21:18:30 | 000,140,492 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012.01.02 22:43:44 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.20 18:34:51 | 140,913,982 | ---- | C] () -- C:\Users\***\AppData\Roaming\.minecraft.rar [2011.09.22 11:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.07.27 17:29:18 | 000,348,160 | ---- | C] () -- C:\Windows\System32\cdga.dll [2011.07.08 10:46:43 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.07.03 12:06:44 | 000,366,683 | ---- | C] () -- C:\Windows\System32\sig.bin [2011.06.23 19:16:55 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.06.23 19:16:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.23 18:24:47 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2011.06.14 14:53:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2011.06.11 22:52:08 | 000,000,091 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2011.05.31 07:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll [2011.05.31 07:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll [2011.01.29 18:49:21 | 000,000,000 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.10.25 13:15:04 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.09.03 19:09:51 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2010.09.03 19:09:51 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2010.09.03 19:09:51 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2010.09.03 19:08:38 | 000,031,079 | ---- | C] () -- C:\Windows\DIIUnin.dat [2010.07.27 07:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010.07.27 07:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2010.07.27 07:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010.07.16 21:45:34 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.07.03 21:19:53 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.06.07 16:12:47 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2010.05.30 03:50:37 | 000,140,072 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.05.30 03:50:37 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2010.05.30 03:50:08 | 000,280,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.05.30 03:50:07 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.05.30 03:50:06 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe [2010.05.09 11:41:40 | 000,000,108 | ---- | C] () -- C:\Windows\ChssBase.ini [2010.05.08 20:01:18 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.05.08 20:01:17 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.05.08 19:39:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2011.12.17 17:16:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2010.07.11 16:21:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux [2011.11.03 19:50:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus [2012.03.03 23:30:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ChessBase [2012.01.04 00:35:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011.07.31 22:26:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2010.05.29 17:39:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro [2011.09.12 14:01:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DiskAid [2011.07.27 17:44:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.06.29 15:45:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.14 12:40:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FOG Downloader [2012.02.08 15:46:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeVideoConverter [2012.01.10 18:41:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.10.25 13:02:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.12.07 17:05:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2010.10.25 13:16:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2010.05.16 19:46:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mount&Blade [2011.10.02 23:55:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2012.02.19 02:15:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2010.05.09 09:02:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.02.19 02:21:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit [2011.09.29 22:09:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2012.02.19 02:15:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense [2011.06.14 20:21:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster [2010.05.29 18:15:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Red Alert 3 [2011.06.27 14:47:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy [2010.05.08 20:08:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Songbird2 [2011.06.14 17:30:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds [2010.07.16 15:56:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly [2012.02.11 16:32:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TIPP10 [2011.02.20 14:39:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2011.06.13 23:13:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle [2010.11.27 23:49:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2010.06.02 22:01:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2011.10.27 11:36:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net [2012.02.09 14:10:30 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.06.02 21:37:18 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.09.30 14:44:43 | 000,000,000 | ---D | M] -- C:\.jagex_cache_32 [2011.06.23 16:01:17 | 000,000,000 | ---D | M] -- C:\273f4867d76515742f10733f54d881ca [2011.06.15 08:04:17 | 000,000,000 | ---D | M] -- C:\5d82a99d3818ec6d843fda81bafd [2011.06.28 14:28:10 | 000,000,000 | -HSD | M] -- C:\Boot [2012.02.16 16:12:32 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2011.07.27 17:33:01 | 000,000,000 | ---D | M] -- C:\ConverterOutput [2006.11.02 16:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.05.06 16:11:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.10.22 12:28:07 | 000,000,000 | ---D | M] -- C:\Downloads [2012.01.03 17:35:56 | 000,000,000 | ---D | M] -- C:\Filme [2012.03.10 20:47:27 | 000,000,000 | -HSD | M] -- C:\found.000 [2012.01.02 11:33:26 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.10.02 10:55:03 | 000,000,000 | ---D | M] -- C:\Nexon [2011.06.23 18:34:44 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.03.10 21:05:39 | 000,000,000 | R--D | M] -- C:\Program Files [2010.05.08 17:27:17 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.03.10 21:23:09 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.05.06 16:11:27 | 000,000,000 | -HSD | M] -- C:\Programme [2010.05.08 19:19:07 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.02.06 20:10:09 | 000,000,000 | ---D | M] -- C:\Shogi [2012.01.03 17:37:17 | 000,000,000 | ---D | M] -- C:\Spiele [2012.03.11 01:17:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.06.23 18:36:52 | 000,000,000 | R--D | M] -- C:\Users [2012.03.11 00:38:25 | 000,000,000 | ---D | M] -- C:\Windows [2012.03.11 00:37:45 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-09 13:55:12 < > < End of report > |
|
11.03.2012, 17:45
| #13 |
| /// Malwareteam | BKA-Virus - Windows wird gespert - 50€ zum entsperren bezahlen Schritt 1 Mehrere Anti-Virus-Programme Code:
ATTFilter G Data
Avira
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast und deinstalliere die anderen. Schritt 2 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 3 ESET Online Scanner
|
|
11.03.2012, 22:54
| #14 |
| | BKA-Virus - Windows wird gespert - 50€ zum entsperren bezahlen so habe nun alles erledigt. Ich hatte G Data eigentlich schon lange deinstaliert aber scheinbar waren noch Rückstände da, diese habe ich mit AVCleaner gelöscht. Hier nun der ESET log Code:
ATTFilter C:\Users\***\Downloads\installer_stronghold.exe multiple threats
C:\Users\***\Downloads\SoftonicDownloader_fuer_epsxe.exe a variant of Win32/SoftonicDownloader.C application
|
|
11.03.2012, 22:57
| #15 |
| /// Malwareteam | BKA-Virus - Windows wird gespert - 50€ zum entsperren bezahlen Die kannst Du noch manuel unter Downloads löschen. Schritt 1 Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Schritt 2 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann. |
|
| Themen zu BKA-Virus - Windows wird gespert - 50€ zum entsperren bezahlen |
| abend, anhang, bezahlen, direkt, funktioniert, guten, hinzugefügt, hoffe, interne, internet, internetverbindung, meldung, modus, ohne internetverbindung, rechner, richtig, scans, sperre, sperren, starte, super, surfe, surfen, system, troja, trojaner-board, verbindung, windows |
Textbox.
Linear-Darstellung
