Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.08.2012, 20:56   #1
Muley
 
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert



Hallo liebes Trojaner-Board!

Ich bin bei der Suche nach einer Lösung für ein Problem auf dem Laptop meiner "Schwägerin" auf dieses Forum gestoßen.

Zunächst einmal möchte ich sagen, dass ich es unglaublich finde, dass es hier eine derart engagierte Community gibt. Wow! Was seid ihr für Leute? Einfach nur Gutmenschen oder habt ihr wenigstens auch was davon (Wissenserwerb oder so...)? Ich bin jedenfalls sehr beeindruckt von euch. So, jetzt zum Problem:


Meine "Schwägerin" hat sich einen Trojaner (?) gefangen, der den Computer blockiert und auf dem Bildschirm die Meldung ausgibt, die auch im Betreff dieses Threads steht.

Es scheint wohl einige Leute zu geben, die dieses Problem haben, bisher wurden stets die Logs von OTL und Anti-Malware gepostet, daher tue ich das auch mal.

mbam-log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.01.06

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
user :: user-HP [Administrator]

01.08.2012 21:03:00
mbam-log-2012-08-01 (21-03-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 188495
Laufzeit: 3 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
OTL:
Code:
ATTFilter
OTL logfile created on: 01.08.2012 21:14:02 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free
7,49 Gb Paging File | 6,78 Gb Available in Paging File | 90,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,67 Gb Total Space | 326,91 Gb Free Space | 72,86% Space Free | Partition Type: NTFS
Drive D: | 16,80 Gb Total Space | 2,43 Gb Free Space | 14,45% Space Free | Partition Type: NTFS
 
Computer Name: user-HP | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Wireless Assistant Service) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV - (RtVOsdService) -- C:\Programme\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WTGService) -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe ()
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewsercd) -- C:\Windows\SysNative\drivers\ewsercd.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (hwusbfake) -- C:\Windows\SysWOW64\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (ewsercd) -- C:\Windows\SysWOW64\drivers\ewsercd.sys (Huawei Technologies Co., Ltd.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D05A7B78-D4B5-4174-A338-02BA2F0B7041}
IE:64bit: - HKLM\..\SearchScopes\{6E2DB66C-9B99-44D7-95CC-90D0BE53F814}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{D05A7B78-D4B5-4174-A338-02BA2F0B7041}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{D3F74208-F2CB-4DCD-B995-FA39CE5E4599}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{6E2DB66C-9B99-44D7-95CC-90D0BE53F814}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKLM\..\SearchScopes\{D05A7B78-D4B5-4174-A338-02BA2F0B7041}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{D3F74208-F2CB-4DCD-B995-FA39CE5E4599}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\SearchScopes\{6E2DB66C-9B99-44D7-95CC-90D0BE53F814}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\SearchScopes\{D05A7B78-D4B5-4174-A338-02BA2F0B7041}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\SearchScopes\{D3F74208-F2CB-4DCD-B995-FA39CE5E4599}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://go.gmx.net/br/moz_keyurl_search/?su="
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/login.php"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.25 09:00:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.05 09:54:20 | 000,000,000 | ---D | M]
 
[2011.01.05 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2011.01.05 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.22 08:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\qkn8tvcp.default\extensions
[2012.07.17 21:27:54 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\qkn8tvcp.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2010.12.08 16:47:52 | 000,000,927 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qkn8tvcp.default\searchplugins\conduit.xml
[2012.07.27 19:18:35 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qkn8tvcp.default\searchplugins\icqplugin-1.xml
[2011.03.17 20:36:46 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qkn8tvcp.default\searchplugins\icqplugin-2.xml
[2011.03.29 19:21:41 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qkn8tvcp.default\searchplugins\icqplugin-3.xml
[2011.03.05 20:11:33 | 000,001,056 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qkn8tvcp.default\searchplugins\icqplugin.xml
[2012.03.25 09:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.10.24 18:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011.10.24 18:50:13 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2012.07.22 08:57:53 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\user\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QKN8TVCP.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012.03.25 09:00:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.18 08:14:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.25 09:00:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.25 09:00:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.25 09:00:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.25 09:00:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.01.26 22:12:28 | 000,001,456 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober3620377.xml
[2012.03.25 09:00:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.25 09:00:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found.
O3 - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WinSyncProviders] C:\Users\user\AppData\Local\Microsoft\Windows\3423\WinSyncProviders.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1574626186-2579499770-575306766-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4668A811-5D6A-4C77-BCCD-BF700600F7A2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99423996-262E-4C9E-AC34-B0DA039414FB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f5e88533-1b0d-11e0-bec2-1c659d86b1cb}\Shell - "" = AutoRun
O33 - MountPoints2\{f5e88533-1b0d-11e0-bec2-1c659d86b1cb}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.01 21:09:18 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.08.01 20:58:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012.08.01 20:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.01 20:57:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.01 20:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.01 20:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.29 18:40:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\hellomoto
[2012.07.11 21:51:46 | 000,000,000 | ---D | C] -- C:\dcd58645e046fcd60ade591cdc
[2012.07.11 20:55:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 20:55:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 20:55:08 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 20:55:05 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.11 20:55:05 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.10 00:27:07 | 000,000,000 | ---D | C] -- C:\Users\user\Meine Filme
[2012.07.09 23:22:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\QuickPar
[2012.07.09 23:05:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\GrabIt
[2012.07.09 22:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GrabIt
[2012.07.09 22:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GrabIt
[2012.07.09 22:47:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2012.07.09 22:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2012.07.09 22:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.01 20:57:42 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.01 20:57:29 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.01 20:57:29 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.01 20:57:29 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.01 20:57:29 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.01 20:57:29 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.01 20:51:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.01 20:51:30 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.01 20:49:36 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.01 20:42:56 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.07.29 18:52:31 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 18:52:31 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 08:35:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.28 08:35:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.12 21:48:40 | 000,276,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.09 22:52:50 | 000,000,939 | ---- | M] () -- C:\Users\user\Desktop\GrabIt.lnk
[2012.07.09 22:47:56 | 000,000,967 | ---- | M] () -- C:\Users\user\Desktop\QuickPar.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.08.01 20:57:42 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.09 22:52:50 | 000,000,939 | ---- | C] () -- C:\Users\user\Desktop\GrabIt.lnk
[2012.07.09 22:47:56 | 000,000,967 | ---- | C] () -- C:\Users\user\Desktop\QuickPar.lnk
[2012.06.22 22:18:23 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012.03.21 08:31:46 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.23 08:49:11 | 000,004,608 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.22 14:56:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.22 14:50:01 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010.12.22 14:49:14 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010.12.22 14:49:14 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010.12.22 14:46:17 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

< End of report >
         

Extras:
Code:
ATTFilter
OTL Extras logfile created on: 01.08.2012 21:14:02 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free
7,49 Gb Paging File | 6,78 Gb Available in Paging File | 90,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,67 Gb Total Space | 326,91 Gb Free Space | 72,86% Space Free | Partition Type: NTFS
Drive D: | 16,80 Gb Total Space | 2,43 Gb Free Space | 14,45% Space Free | Partition Type: NTFS
 
Computer Name: user-HP | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1574626186-2579499770-575306766-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JJMP3Renamer.Add] -- "C:\Program Files (x86)\JJ MP3 Renamer\JJ MP3 Renamer.exe" "%1" (JJ Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JJMP3Renamer.Add] -- "C:\Program Files (x86)\JJ MP3 Renamer\JJ MP3 Renamer.exe" "%1" (JJ Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01699D6B-B409-4A13-A420-AAB90500B6D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{019353A3-749F-40C5-AE23-3A5947094105}" = lport=138 | protocol=17 | dir=in | app=system | 
"{03B3A7E0-9E3D-4C66-8026-B1609C825BE0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1B142DCC-B447-4762-82E8-1CB042D87F5D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2299DD05-ACE3-4BD7-B74A-1AECBEE20D5E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{37C5D004-C2D8-43A4-8D16-73466F0DFAFD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3951A68B-28D9-4986-9020-D97A19223197}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4A46DD3B-4859-4E86-809D-8B434DB076F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{691DD0BF-A741-4665-9147-9C51576EA1C7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{86D1AD18-644B-47CB-A83E-BA3598584EAA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8B88D81F-D5EE-416F-8E63-BA70519EB3FA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{92A55771-C30D-4F41-9A79-5FB1E561143B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{933BEA11-0338-497E-9140-E4371F761730}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9BEDE4EC-DD01-4BE0-8B7C-6B97D0BA2961}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9BF95067-F088-4EFE-9BC0-6DFBB3CA7344}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9FDE7C9F-B713-4214-BDA9-83946F22E60B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A42D4EDE-E3DC-4098-9530-881F150E99B9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AD4E866B-20AB-440C-9DC1-6638AB7737A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B465EF26-C402-4E54-8533-F6B04C3E4232}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DAF5BD88-99F5-4788-9B6A-16CDA648A677}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E9586A14-7101-4397-86C6-C82333EECB4F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F741DA4E-E5EF-4228-9B7D-0E65F0DC57C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FC4599AD-233B-4A59-A4F4-87B92A71EDDA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D51E0A-7373-4058-9E83-FE1C33BC5F0A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{06724E63-DF93-4316-AB91-EB897DBBB37A}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{10408137-9C88-408C-AB3D-86C2CA544EBE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{138D6030-CEEC-402B-8775-156A947A289E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{13947020-5DBB-4FA4-A620-0C2670D2C4F9}" = protocol=6 | dir=out | app=system | 
"{23C2BE8C-4EA0-49A0-A049-F6DA1D140E17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2CBE5E20-D3B8-4537-BB04-E52FFCA5DE6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{34936C11-FB7C-45A6-867F-E9E8C98BE93E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{37F287EA-C5A9-4A5C-9305-5AB826F6F813}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{397B5ECB-1554-46FE-9EAF-3515BC80EB6D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{437ACC4B-C535-4AF5-85F5-DF3BB84CD90A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4774B65E-2DA3-4BC2-927F-CFC880B5A9A4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{49E6495E-0B50-4898-A707-EDA443C3F1EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{53BB327F-280B-4FBF-AFDF-6FBCD3AD4C32}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{59E788FF-8676-4924-BBA5-8137085CE718}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{5F0F3EE9-1D10-42D3-BCD2-0F3F5CC49045}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6E176347-F33A-49DE-8731-6490613BD5B6}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{778AA4BC-7D51-46FA-B087-A40B36234AB6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{8C699C97-B6B7-43EB-B266-3F2F6581CC79}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{939E02E5-2E91-421E-BD8B-3E9F456E1EFF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9E251971-0C23-4C16-B626-905878CCD949}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9E8AA6B4-7C44-4AB9-866A-E20912C4D531}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9FA14726-CEEB-4489-B6FD-F9B832593DE3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B8619E46-F249-4EA8-8AC8-475265D6DC90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB172F71-86D0-488C-A44D-4EBE9815D340}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C0363A51-20D6-436B-B94A-F6FB88181BB1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C41C8D3A-582F-4EBE-B601-FE06E59BF96C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CAB3AF45-D0FB-4FAC-8B75-B6914EA539A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{3E0C0A25-453F-40DB-8328-677D49389979}C:\program files (x86)\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icqlite\icqlite.exe | 
"UDP Query User{7A30A07F-F9CF-41C1-83B2-A3DFF0283354}C:\program files (x86)\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icqlite\icqlite.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{42081A74-B2BB-B64E-ABF5-9CEE13974355}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{E0A6C0AA-8580-82CF-3D5F-5F32F8DE9A01}" = ccc-utility64
"{E342EC6B-5F25-47FE-B92C-DE616149B430}" = HP Wireless Assistant
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{093B1CF6-C00F-BD98-A8B7-C20D0AB36074}" = Catalyst Control Center Graphics Light
"{0D901B50-9D9C-64A2-136E-7CC4DD9FBDB4}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{303D7F80-2108-9679-149F-64A7AEF13C26}" = CCC Help Czech
"{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B7301EA-5833-CDAC-E4A4-6442EEDEBD87}" = CCC Help Korean
"{3CD48ADA-3A4F-999C-2BAA-64DF229FF839}" = CCC Help Turkish
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{553EFB44-564E-2F68-9A24-A59765B81000}" = CCC Help Russian
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{671BF921-422D-BA7E-5158-5264ACE51C9D}" = CCC Help Portuguese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A65C27A-830B-77E6-43D1-52F236AF9A16}" = CCC Help Greek
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F75DDF4-09D6-7ED2-8DA9-61F0B57FCF81}" = CCC Help Dutch
"{8064A439-ACA7-3E32-3630-FC22155FEB4E}" = CCC Help English
"{810005FC-9F35-5EAB-1479-B1E7DEAB44D5}" = CCC Help Norwegian
"{820F8A24-8C77-3B64-D90A-C23D211BEDA9}" = Catalyst Control Center Graphics Previews Common
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89C0094C-9508-6BE5-8445-4ADDC9BD2681}" = CCC Help Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAD8A5E-6B6A-C4DC-D2A7-02CD66702F31}" = Catalyst Control Center Core Implementation
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EEA74DA-5E7E-5E51-817C-FFAEACEBF3B3}" = CCC Help Chinese Traditional
"{8F8EDCB5-1042-4598-D413-1DD04FC7EA27}" = CCC Help Hungarian
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96EB53BC-8225-A97A-FF5C-B33F85DD5B86}" = CCC Help French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBDA769-3D13-095F-77BA-35AED9D54D4C}" = CCC Help Thai
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AB418F5A-4AB2-999B-19EA-8BB9C311B70C}" = Catalyst Control Center Graphics Full Existing
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{BCE6F36E-4FA9-C700-CA8F-04EE0702FB32}" = CCC Help Spanish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5755376-76B8-52F7-7357-3E7CA61C7168}" = CCC Help Finnish
"{CA12CCA6-A4C8-5796-C29E-4ADA9E5DE596}" = Catalyst Control Center Graphics Previews Vista
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE0F869E-2504-4F92-2BD2-DD996E7010B7}" = CCC Help Danish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2CB8122-63AF-D5C8-299F-C67A1EF343C3}" = CCC Help Polish
"{DEEF336C-5C79-3846-7AD1-7693CCA99659}" = CCC Help Chinese Standard
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E103722E-7E7F-5783-3685-DE7370908470}" = Catalyst Control Center InstallProxy
"{E6E7A082-A47D-7059-ACBD-36FDA02695EC}" = Catalyst Control Center Graphics Full New
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF83E9E7-FFE9-B86A-94C9-95D8F5EF2320}" = Catalyst Control Center Localization All
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CDD8A0-5E3B-F975-AA54-C725477E5067}" = ccc-core-static
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD71BC19-4A59-75F5-E4EF-4AEC3E6BF12E}" = CCC Help Japanese
"{FEC06A8C-01A7-5CF5-923F-CD2D34229E4B}" = CCC Help Swedish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Kindle" = Amazon Kindle
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"GrabIt_is1" = GrabIt 1.7.2 Beta 6 (build 1008)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IrfanView" = IrfanView (remove only)
"JJ MP3 Renamer" = JJ MP3 Renamer 3.2.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"QuickPar" = QuickPar 0.9
"Verbindungsassistent" = Verbindungsassistent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.07.2012 17:11:23 | Computer Name = user-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 04.07.2012 01:03:55 | Computer Name = user-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
Error - 04.07.2012 01:05:13 | Computer Name = user-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 04.07.2012 14:07:14 | Computer Name = user-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
Error - 04.07.2012 14:08:33 | Computer Name = user-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 05.07.2012 10:26:17 | Computer Name = user-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
Error - 05.07.2012 10:27:35 | Computer Name = user-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 08.07.2012 16:52:19 | Computer Name = user-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
Error - 08.07.2012 16:52:50 | Computer Name = user-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 09.07.2012 14:53:42 | Computer Name = user-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 11.0.0.4454,
 Zeitstempel: 0x4f5ecbd4  Name des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4fe21212  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x6dab9973  ID des fehlerhaften Prozesses: 0x4f0  Startzeit der fehlerhaften Anwendung:
 0x01cd5e03fb0d99d0  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
 Firefox\plugin-container.exe  Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll
Berichtskennung:
 66806997-c9f7-11e1-b2ee-3c4a9201ee3a
 
[ HP Wireless Assistant Events ]
Error - 05.01.2011 18:53:08 | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 05.01.2011 18:54:16 | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 05.01.2011 18:55:24 | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 05.01.2011 18:56:32 | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 05.01.2011 18:57:40 | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 05.01.2011 18:58:47 | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 05.01.2011 18:59:55 | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 05.01.2011 19:01:03 | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 05.01.2011 19:02:11 | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 05.01.2011 19:03:19 | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
[ System Events ]
Error - 31.07.2012 12:43:45 | Computer Name = user-HP | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?07.?2012 um 20:28:13 unerwartet heruntergefahren.
 
Error - 01.08.2012 14:30:13 | Computer Name = user-HP | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?07.?2012 um 18:44:35 unerwartet heruntergefahren.
 
Error - 01.08.2012 14:51:40 | Computer Name = user-HP | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?08.?2012 um 20:49:17 unerwartet heruntergefahren.
 
Error - 01.08.2012 14:51:45 | Computer Name = user-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Client Virtualization Handler" ist vom Dienst "Application
 Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%1068
 
Error - 01.08.2012 14:51:49 | Computer Name = user-HP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   discache  spldr  Wanarpv6
 
Error - 01.08.2012 14:51:56 | Computer Name = user-HP | Source = DCOM | ID = 10005
Description = 
 
Error - 01.08.2012 14:52:04 | Computer Name = user-HP | Source = DCOM | ID = 10005
Description = 
 
Error - 01.08.2012 14:52:11 | Computer Name = user-HP | Source = DCOM | ID = 10005
Description = 
 
Error - 01.08.2012 14:52:11 | Computer Name = user-HP | Source = DCOM | ID = 10005
Description = 
 
Error - 01.08.2012 14:54:02 | Computer Name = user-HP | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
Bisher war sie übrigens ohne Firewall und Antiviren-Programm unterwegs, das werde ich natürlich sofort ändern, wenn das aktuelle Problem gelöst ist, aber im Moment - im abgesicherten Modus - habe ich mich nicht getraut, das zu versuchen.

Vielen Dank schonmal,
Muley

Alt 02.08.2012, 05:15   #2
t'john
/// Helfer-Team
 
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D05A7B78-D4B5-4174-A338-02BA2F0B7041} 
IE:64bit: - HKLM\..\SearchScopes\{6E2DB66C-9B99-44D7-95CC-90D0BE53F814}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF 
IE:64bit: - HKLM\..\SearchScopes\{D05A7B78-D4B5-4174-A338-02BA2F0B7041}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox 
IE:64bit: - HKLM\..\SearchScopes\{D3F74208-F2CB-4DCD-B995-FA39CE5E4599}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms} 
IE - HKLM\..\URLSearchHook: - No CLSID value found 
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found 
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} 
IE - HKLM\..\SearchScopes\{6E2DB66C-9B99-44D7-95CC-90D0BE53F814}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 
IE - HKLM\..\SearchScopes\{D05A7B78-D4B5-4174-A338-02BA2F0B7041}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox 
IE - HKLM\..\SearchScopes\{D3F74208-F2CB-4DCD-B995-FA39CE5E4599}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2736476 
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\URLSearchHook: - No CLSID value found 
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found 
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found 
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found 
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} 
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms} 
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\SearchScopes\{6E2DB66C-9B99-44D7-95CC-90D0BE53F814}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF 
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\SearchScopes\{D05A7B78-D4B5-4174-A338-02BA2F0B7041}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox 
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\SearchScopes\{D3F74208-F2CB-4DCD-B995-FA39CE5E4599}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms} 
IE - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://go.gmx.net/br/moz_keyurl_search/?su=" 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search" 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.openintab: true 
FF - prefs.js..browser.search.selectedEngine: "ICQ Search" 
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/login.php" 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
O3 - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. 
O3 - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found. 
O3 - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. 

O4:64bit: - HKLM..\Run: [WinSyncProviders] C:\Users\user\AppData\Local\Microsoft\Windows\3423\WinSyncProviders.exe () 
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found 
O4 - HKU\S-1-5-21-1574626186-2579499770-575306766-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKU\S-1-5-21-1574626186-2579499770-575306766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{f5e88533-1b0d-11e0-bec2-1c659d86b1cb}\Shell - "" = AutoRun 
O33 - MountPoints2\{f5e88533-1b0d-11e0-bec2-1c659d86b1cb}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 
O33 - MountPoints2\F\Shell - "" = AutoRun 
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 


[2012.07.29 18:40:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\hellomoto 

[2012.08.01 20:49:36 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 02.08.2012, 12:12   #3
Muley
 
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert



OK. Super! Er startet jetzt wieder im normalen Modus.

Hier die Log-Datei:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6E2DB66C-9B99-44D7-95CC-90D0BE53F814}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E2DB66C-9B99-44D7-95CC-90D0BE53F814}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D05A7B78-D4B5-4174-A338-02BA2F0B7041}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D05A7B78-D4B5-4174-A338-02BA2F0B7041}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D3F74208-F2CB-4DCD-B995-FA39CE5E4599}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3F74208-F2CB-4DCD-B995-FA39CE5E4599}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6E2DB66C-9B99-44D7-95CC-90D0BE53F814}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E2DB66C-9B99-44D7-95CC-90D0BE53F814}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D05A7B78-D4B5-4174-A338-02BA2F0B7041}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D05A7B78-D4B5-4174-A338-02BA2F0B7041}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D3F74208-F2CB-4DCD-B995-FA39CE5E4599}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3F74208-F2CB-4DCD-B995-FA39CE5E4599}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1574626186-2579499770-575306766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
Registry value HKEY_USERS\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{b106b661-3e1b-4015-af5c-195e909f35c6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b106b661-3e1b-4015-af5c-195e909f35c6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
HKEY_USERS\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}\ not found.
Registry key HKEY_USERS\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6E2DB66C-9B99-44D7-95CC-90D0BE53F814}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E2DB66C-9B99-44D7-95CC-90D0BE53F814}\ not found.
Registry key HKEY_USERS\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D05A7B78-D4B5-4174-A338-02BA2F0B7041}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D05A7B78-D4B5-4174-A338-02BA2F0B7041}\ not found.
Registry key HKEY_USERS\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D3F74208-F2CB-4DCD-B995-FA39CE5E4599}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3F74208-F2CB-4DCD-B995-FA39CE5E4599}\ not found.
HKU\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "data:text/plain,keyword.URL=hxxp://go.gmx.net/br/moz_keyurl_search/?su=" removed from CommunityToolbar.SearchFromAddressBarSavedUrl
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "softonic-de3 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: true removed from browser.search.openintab
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.facebook.com/login.php" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B106B661-3E1B-4015-AF5C-195E909F35C6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B106B661-3E1B-4015-AF5C-195E909F35C6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinSyncProviders deleted successfully.
File C:\Users\user\AppData\Local\Microsoft\Windows\3423\WinSyncProviders.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Easybits Recovery deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1574626186-2579499770-575306766-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HPAdvisorDock deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1574626186-2579499770-575306766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5e88533-1b0d-11e0-bec2-1c659d86b1cb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5e88533-1b0d-11e0-bec2-1c659d86b1cb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5e88533-1b0d-11e0-bec2-1c659d86b1cb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5e88533-1b0d-11e0-bec2-1c659d86b1cb}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Folder C:\Users\user\AppData\Roaming\hellomoto\ not found.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: user
->Temp folder emptied: 427751071 bytes
->Temporary Internet Files folder emptied: 50045905 bytes
->Java cache emptied: 1515023 bytes
->FireFox cache emptied: 9775960 bytes
->Flash cache emptied: 88013 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 560689802 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.001,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: user
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 08022012_122744

Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP0000000109F04D53B2ABF4AB not found!

PendingFileRenameOperations files...
File C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\TMP0000000109F04D53B2ABF4AB not found!

Registry entries deleted on Reboot...
         
__________________

Alt 02.08.2012, 12:27   #4
t'john
/// Helfer-Team
 
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert



Sehr gut!



1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.08.2012, 17:11   #5
Muley
 
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert



Erledigt. Ich weiß nicht, ob das Anti-Malware Log auch noch mal gebraucht wird, daher poste ich es auch nochmal...

mbam-log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.02.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
user :: user-HP [Administrator]

02.08.2012 16:22:27
mbam-log-2012-08-02 (16-22-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 310562
Laufzeit: 47 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\user\AppData\Local\Microsoft\Windows\3423\WinSyncProviders.exe (Trojan.Cridex) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
AdwCleaner[R1]:
Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/02/2012 at 18:05:58
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : user - user-HP
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\user\AppData\Local\Conduit
Folder Found : C:\Users\user\AppData\LocalLow\Conduit
Folder Found : C:\Users\user\AppData\LocalLow\PriceGong
Folder Found : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qkn8tvcp.default\Conduit
Folder Found : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qkn8tvcp.default\ConduitCommon
Folder Found : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qkn8tvcp.default\CT2736476
Folder Found : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qkn8tvcp.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
File Found : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qkn8tvcp.default\searchplugins\Conduit.xml
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2736476[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2801937
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

***** [Registre - GUID] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (de)

Profile name : default 
File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qkn8tvcp.default\prefs.js

Found : user_pref("CT2736476..clientLogIsEnabled", false);
Found : user_pref("CT2736476..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2736476..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2736476.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2736476.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2736476.CTID", "CT2736476");
Found : user_pref("CT2736476.CommunitiesChangesLastCheckTime", "0");
Found : user_pref("CT2736476.CurrentServerDate", "2-8-2012");
Found : user_pref("CT2736476.DSInstall", false);
Found : user_pref("CT2736476.DialogsAlignMode", "LTR");
Found : user_pref("CT2736476.DialogsGetterLastCheckTime", "Wed Aug 01 2012 20:31:16 GMT+0200");
Found : user_pref("CT2736476.DownloadReferralCookieData", "");
Found : user_pref("CT2736476.EnableClickToSearchBox", false);
Found : user_pref("CT2736476.EnableSearchHistory", false);
Found : user_pref("CT2736476.EnableSearchSuggest", false);
Found : user_pref("CT2736476.FeedLastCount129821510975496818", 100);
Found : user_pref("CT2736476.FeedPollDate129819795124043526", "Wed Jun 06 2012 21:01:35 GMT+0200");
Found : user_pref("CT2736476.FeedPollDate129822378592125242", "Wed Jun 06 2012 21:01:35 GMT+0200");
Found : user_pref("CT2736476.FeedPollDate129822378592125243", "Wed Jun 06 2012 21:01:35 GMT+0200");
Found : user_pref("CT2736476.FeedPollDate129822378592125244", "Wed Jun 06 2012 21:01:35 GMT+0200");
Found : user_pref("CT2736476.FeedPollDate129822378592125245", "Wed Jun 06 2012 21:01:37 GMT+0200");
Found : user_pref("CT2736476.FeedTTL129819795124043526", 40);
Found : user_pref("CT2736476.FeedTTL129822378592125242", 40);
Found : user_pref("CT2736476.FeedTTL129822378592125243", 40);
Found : user_pref("CT2736476.FeedTTL129822378592125244", 40);
Found : user_pref("CT2736476.FeedTTL129822378592125245", 40);
Found : user_pref("CT2736476.FirstServerDate", "6-6-2012");
Found : user_pref("CT2736476.FirstTime", true);
Found : user_pref("CT2736476.FirstTimeFF3", true);
Found : user_pref("CT2736476.FirstTimeHiddenVer", true);
Found : user_pref("CT2736476.FixPageNotFoundErrors", false);
Found : user_pref("CT2736476.GroupingInvalidateCache", false);
Found : user_pref("CT2736476.GroupingLastCheckTime", "0");
Found : user_pref("CT2736476.GroupingLastServerUpdateTime", "0");
Found : user_pref("CT2736476.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2736476.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2736476.HPChangedManually", false);
Found : user_pref("CT2736476.HPInstall", true);
Found : user_pref("CT2736476.HasUserGlobalKeys", true);
Found : user_pref("CT2736476.HomePageProtectorEnabled", false);
Found : user_pref("CT2736476.HomepageBeforeUnload", "hxxp://www.facebook.com/login.php");
Found : user_pref("CT2736476.Initialize", true);
Found : user_pref("CT2736476.InitializeCommonPrefs", true);
Found : user_pref("CT2736476.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2736476.InstallationId", "freeware_Toolbar_setup.exe");
Found : user_pref("CT2736476.InstallationType", "ConduitNSISIntegration");
Found : user_pref("CT2736476.InstalledDate", "Wed Jun 06 2012 21:01:34 GMT+0200");
Found : user_pref("CT2736476.InvalidateCache", false);
Found : user_pref("CT2736476.IsAlertDBUpdated", true);
Found : user_pref("CT2736476.IsGrouping", false);
Found : user_pref("CT2736476.IsInitSetupIni", true);
Found : user_pref("CT2736476.IsMulticommunity", false);
Found : user_pref("CT2736476.IsOpenThankYouPage", false);
Found : user_pref("CT2736476.IsOpenUninstallPage", true);
Found : user_pref("CT2736476.LanguagePackLastCheckTime", "Wed Aug 01 2012 20:31:16 GMT+0200");
Found : user_pref("CT2736476.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2736476.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2736476.LastLogin_3.13.0.300", "Mon Jul 16 2012 18:20:35 GMT+0200");
Found : user_pref("CT2736476.LastLogin_3.14.1.0", "Thu Aug 02 2012 18:02:08 GMT+0200");
Found : user_pref("CT2736476.LatestVersion", "3.14.1.0");
Found : user_pref("CT2736476.Locale", "de");
Found : user_pref("CT2736476.MCDetectTooltipHeight", "83");
Found : user_pref("CT2736476.MCDetectTooltipShow", false);
Found : user_pref("CT2736476.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2736476.MCDetectTooltipWidth", "295");
Found : user_pref("CT2736476.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2736476.OriginalFirstVersion", "3.13.0.300");
Found : user_pref("CT2736476.RadioLastCheckTime", "0");
Found : user_pref("CT2736476.RadioLastUpdateIPServer", "0");
Found : user_pref("CT2736476.RadioLastUpdateServer", "0");
Found : user_pref("CT2736476.SavedHomepage", "hxxp://www.facebook.com/login.php");
Found : user_pref("CT2736476.SearchBackToDefaultEngine", false);
Found : user_pref("CT2736476.SearchCaption", "Freeware.de Customized Web Search");
Found : user_pref("CT2736476.SearchEngineBeforeUnload", "ICQ Search");
Found : user_pref("CT2736476.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2736476.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1[...]
Found : user_pref("CT2736476.SearchInNewTabEnabled", true);
Found : user_pref("CT2736476.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2736476.SearchInNewTabLastCheckTime", "Wed Aug 01 2012 20:31:11 GMT+0200");
Found : user_pref("CT2736476.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2736476.SearchInNewTabUserEnabled", false);
Found : user_pref("CT2736476.SearchProtectorEnabled", false);
Found : user_pref("CT2736476.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2736476.SendProtectorDataViaLogin", true);
Found : user_pref("CT2736476.ServiceMapLastCheckTime", "Wed Aug 01 2012 20:31:11 GMT+0200");
Found : user_pref("CT2736476.SettingsLastCheckTime", "Thu Aug 02 2012 18:02:06 GMT+0200");
Found : user_pref("CT2736476.SettingsLastUpdate", "1343736296");
Found : user_pref("CT2736476.TBHomePageUrl", "hxxp://search.conduit.com/?SSPV=FFOB10&ctid=CT2736476&SearchSo[...]
Found : user_pref("CT2736476.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2736476.ThirdPartyComponentsLastCheck", "Wed Jun 06 2012 21:01:34 GMT+0200");
Found : user_pref("CT2736476.ThirdPartyComponentsLastUpdate", "1331806000");
Found : user_pref("CT2736476.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2736476.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2736476");
Found : user_pref("CT2736476.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2736476.UserID", "UN09955245666390866");
Found : user_pref("CT2736476.ValidationData_Toolbar", 1);
Found : user_pref("CT2736476.alertChannelId", "1128724");
Found : user_pref("CT2736476.approveUntrustedApps", false);
Found : user_pref("CT2736476.autoDisableScopes", -1);
Found : user_pref("CT2736476.components.129258224046479075", false);
Found : user_pref("CT2736476.components.129821509394246296", false);
Found : user_pref("CT2736476.components.129821510361278066", false);
Found : user_pref("CT2736476.components.129821510662684317", false);
Found : user_pref("CT2736476.components.129821510975496818", false);
Found : user_pref("CT2736476.components.129821559238058456", false);
Found : user_pref("CT2736476.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2736476.globalFirstTimeInfoLastCheckTime", "Wed Jun 06 2012 21:01:37 GMT+0200");
Found : user_pref("CT2736476.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2736476.initDone", true);
Found : user_pref("CT2736476.isAppTrackingManagerOn", true);
Found : user_pref("CT2736476.isSearchProtectorNotifyChanges", false);
Found : user_pref("CT2736476.myStuffEnabled", true);
Found : user_pref("CT2736476.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2736476.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2736476.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2736476.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2736476.navigateToUrlOnSearch", false);
Found : user_pref("CT2736476.revertSettingsEnabled", true);
Found : user_pref("CT2736476.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2736476.searchProtectorEnableByLogin", true);
Found : user_pref("CT2736476.testingCtid", "");
Found : user_pref("CT2736476.toolbarAppMetaDataLastCheckTime", "Wed Aug 01 2012 20:31:16 GMT+0200");
Found : user_pref("CT2736476.toolbarContextMenuLastCheckTime", "Wed Jun 06 2012 21:01:37 GMT+0200");
Found : user_pref("CT2736476.usageEnabled", false);
Found : user_pref("CT2736476.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFOB10&ctid=CT27[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2736476/CT2736476[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1128724/1124413/DE", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2736476", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2736476",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"e3d[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/14454247.xml", "\"e0ce80f7f1cab1a6730[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/18676177.xml", "\"8d72ac47ecddb3eaf56[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/23187593.xml", "\"a1ac7d80287c553b90b[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/3197921.xml", "\"82d23930997f249902c3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/44365882.xml", "\"7f207915af310c5d313[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\user\\AppData\\Roaming\\Mozilla\\[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.300");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2736476");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2736476");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2736476");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.userId", "a86b429e-0172-4901-b347-8864168d7043");
Found : user_pref("CommunityToolbar.globalUserId", "0d6cee55-45fb-471f-87ad-ab2ec35888ad");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Jun 06 2012 21:01:3[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Jun 06 2012 21:08:47 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jun 06 2012 21:01:37 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "186c2276-7944-4a4c-b860-aec4544c337d");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.facebook.com/login.php");
Found : user_pref("CommunityToolbar.originalSearchEngine", "ICQ Search");
Found : user_pref("CommunityToolbar.twitter.user_14454247.LastCheckTime", "Wed Jun 06 2012 21:01:39 GMT+0200[...]
Found : user_pref("CommunityToolbar.twitter.user_18676177.LastCheckTime", "Wed Jun 06 2012 21:01:39 GMT+0200[...]
Found : user_pref("CommunityToolbar.twitter.user_23187593.LastCheckTime", "Wed Jun 06 2012 21:01:39 GMT+0200[...]
Found : user_pref("CommunityToolbar.twitter.user_3197921.LastCheckTime", "Wed Jun 06 2012 21:01:39 GMT+0200"[...]
Found : user_pref("CommunityToolbar.twitter.user_44365882.LastCheckTime", "Wed Jun 06 2012 21:01:39 GMT+0200[...]

*************************

AdwCleaner[R1].txt - [16999 octets] - [02/08/2012 18:05:58]

########## EOF - C:\AdwCleaner[R1].txt - [17128 octets] ##########
         


Alt 02.08.2012, 17:18   #6
t'john
/// Helfer-Team
 
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
--> Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert

Alt 02.08.2012, 18:38   #7
Muley
 
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert



OK!

adwcleaner[s1]:
Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/02/2012 at 18:30:25
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : user - user-HP
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\user\AppData\Local\Conduit
Folder Deleted : C:\Users\user\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\user\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qkn8tvcp.default\Conduit
Folder Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qkn8tvcp.default\ConduitCommon
Folder Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qkn8tvcp.default\CT2736476
Folder Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qkn8tvcp.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
File Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qkn8tvcp.default\searchplugins\Conduit.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2431245[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2736476[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801937
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (de)

Profile name : default 
File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qkn8tvcp.default\prefs.js

Deleted : user_pref("CT2736476..clientLogIsEnabled", false);
Deleted : user_pref("CT2736476..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2736476..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2736476.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2736476.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2736476.CTID", "CT2736476");
Deleted : user_pref("CT2736476.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2736476.CurrentServerDate", "2-8-2012");
Deleted : user_pref("CT2736476.DSInstall", false);
Deleted : user_pref("CT2736476.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2736476.DialogsGetterLastCheckTime", "Wed Aug 01 2012 20:31:16 GMT+0200");
Deleted : user_pref("CT2736476.DownloadReferralCookieData", "");
Deleted : user_pref("CT2736476.EnableClickToSearchBox", false);
Deleted : user_pref("CT2736476.EnableSearchHistory", false);
Deleted : user_pref("CT2736476.EnableSearchSuggest", false);
Deleted : user_pref("CT2736476.FeedLastCount129821510975496818", 100);
Deleted : user_pref("CT2736476.FeedPollDate129819795124043526", "Wed Jun 06 2012 21:01:35 GMT+0200");
Deleted : user_pref("CT2736476.FeedPollDate129822378592125242", "Wed Jun 06 2012 21:01:35 GMT+0200");
Deleted : user_pref("CT2736476.FeedPollDate129822378592125243", "Wed Jun 06 2012 21:01:35 GMT+0200");
Deleted : user_pref("CT2736476.FeedPollDate129822378592125244", "Wed Jun 06 2012 21:01:35 GMT+0200");
Deleted : user_pref("CT2736476.FeedPollDate129822378592125245", "Wed Jun 06 2012 21:01:37 GMT+0200");
Deleted : user_pref("CT2736476.FeedTTL129819795124043526", 40);
Deleted : user_pref("CT2736476.FeedTTL129822378592125242", 40);
Deleted : user_pref("CT2736476.FeedTTL129822378592125243", 40);
Deleted : user_pref("CT2736476.FeedTTL129822378592125244", 40);
Deleted : user_pref("CT2736476.FeedTTL129822378592125245", 40);
Deleted : user_pref("CT2736476.FirstServerDate", "6-6-2012");
Deleted : user_pref("CT2736476.FirstTime", true);
Deleted : user_pref("CT2736476.FirstTimeFF3", true);
Deleted : user_pref("CT2736476.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2736476.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2736476.GroupingInvalidateCache", false);
Deleted : user_pref("CT2736476.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2736476.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2736476.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2736476.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2736476.HPChangedManually", false);
Deleted : user_pref("CT2736476.HPInstall", true);
Deleted : user_pref("CT2736476.HasUserGlobalKeys", true);
Deleted : user_pref("CT2736476.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2736476.HomepageBeforeUnload", "hxxp://www.facebook.com/login.php");
Deleted : user_pref("CT2736476.Initialize", true);
Deleted : user_pref("CT2736476.InitializeCommonPrefs", true);
Deleted : user_pref("CT2736476.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2736476.InstallationId", "freeware_Toolbar_setup.exe");
Deleted : user_pref("CT2736476.InstallationType", "ConduitNSISIntegration");
Deleted : user_pref("CT2736476.InstalledDate", "Wed Jun 06 2012 21:01:34 GMT+0200");
Deleted : user_pref("CT2736476.InvalidateCache", false);
Deleted : user_pref("CT2736476.IsAlertDBUpdated", true);
Deleted : user_pref("CT2736476.IsGrouping", false);
Deleted : user_pref("CT2736476.IsInitSetupIni", true);
Deleted : user_pref("CT2736476.IsMulticommunity", false);
Deleted : user_pref("CT2736476.IsOpenThankYouPage", false);
Deleted : user_pref("CT2736476.IsOpenUninstallPage", true);
Deleted : user_pref("CT2736476.LanguagePackLastCheckTime", "Wed Aug 01 2012 20:31:16 GMT+0200");
Deleted : user_pref("CT2736476.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2736476.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2736476.LastLogin_3.13.0.300", "Mon Jul 16 2012 18:20:35 GMT+0200");
Deleted : user_pref("CT2736476.LastLogin_3.14.1.0", "Thu Aug 02 2012 18:02:08 GMT+0200");
Deleted : user_pref("CT2736476.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2736476.Locale", "de");
Deleted : user_pref("CT2736476.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2736476.MCDetectTooltipShow", false);
Deleted : user_pref("CT2736476.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2736476.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2736476.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2736476.OriginalFirstVersion", "3.13.0.300");
Deleted : user_pref("CT2736476.RadioLastCheckTime", "0");
Deleted : user_pref("CT2736476.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2736476.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2736476.SavedHomepage", "hxxp://www.facebook.com/login.php");
Deleted : user_pref("CT2736476.SearchBackToDefaultEngine", false);
Deleted : user_pref("CT2736476.SearchCaption", "Freeware.de Customized Web Search");
Deleted : user_pref("CT2736476.SearchEngineBeforeUnload", "ICQ Search");
Deleted : user_pref("CT2736476.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2736476.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1[...]
Deleted : user_pref("CT2736476.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2736476.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2736476.SearchInNewTabLastCheckTime", "Wed Aug 01 2012 20:31:11 GMT+0200");
Deleted : user_pref("CT2736476.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2736476.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2736476.SearchProtectorEnabled", false);
Deleted : user_pref("CT2736476.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2736476.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2736476.ServiceMapLastCheckTime", "Wed Aug 01 2012 20:31:11 GMT+0200");
Deleted : user_pref("CT2736476.SettingsLastCheckTime", "Thu Aug 02 2012 18:02:06 GMT+0200");
Deleted : user_pref("CT2736476.SettingsLastUpdate", "1343736296");
Deleted : user_pref("CT2736476.TBHomePageUrl", "hxxp://search.conduit.com/?SSPV=FFOB10&ctid=CT2736476&SearchSo[...]
Deleted : user_pref("CT2736476.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2736476.ThirdPartyComponentsLastCheck", "Wed Jun 06 2012 21:01:34 GMT+0200");
Deleted : user_pref("CT2736476.ThirdPartyComponentsLastUpdate", "1331806000");
Deleted : user_pref("CT2736476.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2736476.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2736476");
Deleted : user_pref("CT2736476.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2736476.UserID", "UN09955245666390866");
Deleted : user_pref("CT2736476.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2736476.alertChannelId", "1128724");
Deleted : user_pref("CT2736476.approveUntrustedApps", false);
Deleted : user_pref("CT2736476.autoDisableScopes", -1);
Deleted : user_pref("CT2736476.components.129258224046479075", false);
Deleted : user_pref("CT2736476.components.129821509394246296", false);
Deleted : user_pref("CT2736476.components.129821510361278066", false);
Deleted : user_pref("CT2736476.components.129821510662684317", false);
Deleted : user_pref("CT2736476.components.129821510975496818", false);
Deleted : user_pref("CT2736476.components.129821559238058456", false);
Deleted : user_pref("CT2736476.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2736476.globalFirstTimeInfoLastCheckTime", "Wed Jun 06 2012 21:01:37 GMT+0200");
Deleted : user_pref("CT2736476.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2736476.initDone", true);
Deleted : user_pref("CT2736476.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2736476.isSearchProtectorNotifyChanges", false);
Deleted : user_pref("CT2736476.myStuffEnabled", true);
Deleted : user_pref("CT2736476.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2736476.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2736476.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2736476.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2736476.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2736476.revertSettingsEnabled", true);
Deleted : user_pref("CT2736476.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2736476.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2736476.testingCtid", "");
Deleted : user_pref("CT2736476.toolbarAppMetaDataLastCheckTime", "Wed Aug 01 2012 20:31:16 GMT+0200");
Deleted : user_pref("CT2736476.toolbarContextMenuLastCheckTime", "Wed Jun 06 2012 21:01:37 GMT+0200");
Deleted : user_pref("CT2736476.usageEnabled", false);
Deleted : user_pref("CT2736476.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFOB10&ctid=CT27[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2736476/CT2736476[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1128724/1124413/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2736476", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2736476",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"e3d[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/14454247.xml", "\"e0ce80f7f1cab1a6730[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/18676177.xml", "\"8d72ac47ecddb3eaf56[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/23187593.xml", "\"a1ac7d80287c553b90b[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/3197921.xml", "\"82d23930997f249902c3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/44365882.xml", "\"7f207915af310c5d313[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\user\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.300");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2736476");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2736476");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2736476");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.userId", "a86b429e-0172-4901-b347-8864168d7043");
Deleted : user_pref("CommunityToolbar.globalUserId", "0d6cee55-45fb-471f-87ad-ab2ec35888ad");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Jun 06 2012 21:01:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Jun 06 2012 21:08:47 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jun 06 2012 21:01:37 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "186c2276-7944-4a4c-b860-aec4544c337d");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.facebook.com/login.php");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "ICQ Search");
Deleted : user_pref("CommunityToolbar.twitter.user_14454247.LastCheckTime", "Wed Jun 06 2012 21:01:39 GMT+0200[...]
Deleted : user_pref("CommunityToolbar.twitter.user_18676177.LastCheckTime", "Wed Jun 06 2012 21:01:39 GMT+0200[...]
Deleted : user_pref("CommunityToolbar.twitter.user_23187593.LastCheckTime", "Wed Jun 06 2012 21:01:39 GMT+0200[...]
Deleted : user_pref("CommunityToolbar.twitter.user_3197921.LastCheckTime", "Wed Jun 06 2012 21:01:39 GMT+0200"[...]
Deleted : user_pref("CommunityToolbar.twitter.user_44365882.LastCheckTime", "Wed Jun 06 2012 21:01:39 GMT+0200[...]

*************************

AdwCleaner[R1].txt - [17114 octets] - [02/08/2012 18:05:58]
AdwCleaner[S1].txt - [16824 octets] - [02/08/2012 18:30:25]

########## EOF - C:\AdwCleaner[S1].txt - [16953 octets] ##########
         
a2scan[...]:

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 02.08.2012 18:41:07

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, Q:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	02.08.2012 18:41:33

C:\HP\Bin\EndProcess.exe 	gefunden: Riskware.Win32.KillApp!E1

Gescannt	570168
Gefunden	1

Scan Ende:	02.08.2012 19:25:17
Scan Zeit:	0:43:44
         

Alt 03.08.2012, 13:49   #8
t'john
/// Helfer-Team
 
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert



Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 03.08.2012, 16:58   #9
Muley
 
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert



OK

log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0c48a2034b09b446b9be7fd27ac1cd2b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-03 02:57:31
# local_time=2012-08-03 04:57:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 546 95630045 0 0
# compatibility_mode=8192 67108863 100 0 159 159 0 0
# scanned=134117
# found=0
# cleaned=0
# scan_time=5655
         

Alt 03.08.2012, 17:06   #10
t'john
/// Helfer-Team
 
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 04.08.2012, 14:36   #11
Muley
 
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert



Super!!!

Dann werd ich jetzt mal Java updaten.

1000 Dank! Es liest sich so, als wären wir hier am Ende, oder?

Vielen Dank

Alt 04.08.2012, 14:45   #12
t'john
/// Helfer-Team
 
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert



Sehr gut!

damit bist Du sauber und entlassen!


Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 04.08.2012, 18:42   #13
Muley
 
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert



Na, dann sage ich mal ein letztes Mal:

Unglaublich, wie hingebungsvoll hier so vielen Leuten geholfen wird. Ich bin wirklich begeistert und dankbar!

Alt 04.08.2012, 18:46   #14
t'john
/// Helfer-Team
 
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert





Wir wuenschen eine virenfrie Zeit
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
.dll, administrator, adobe flash player, antiviren-programm, bho, bildschirm, blockiert, browser.exe, computer, der computer ist für die verletzung, error, explorer, failed, firefox, flash player, format, helper, home, install.exe, logfile, microsoft office starter 2010, plug-in, problem, problem gelöst, programme, realtek, registry, rundll, security, suche, svchost.exe, trojaner-board, udp, usb 2.0, verletzung der gesetze der bundesrepublik deutschland wurde blockiert, ändern




Ähnliche Themen: Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert


  1. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (28)
  2. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (4)
  3. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (3)
  4. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Log-Analyse und Auswertung - 14.09.2012 (1)
  5. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (21)
  6. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (4)
  7. ' Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert'
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (6)
  8. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert#300:P
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (6)
  9. der computer ist für die verletzung der gesetze der bundesrepublik deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (47)
  10. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Log-Analyse und Auswertung - 14.08.2012 (5)
  11. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Log-Analyse und Auswertung - 08.08.2012 (16)
  12. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Log-Analyse und Auswertung - 08.08.2012 (3)
  13. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (2)
  14. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert 3
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (6)
  15. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert.
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (4)
  16. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Log-Analyse und Auswertung - 06.08.2012 (1)
  17. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (3)

Zum Thema Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Hallo liebes Trojaner-Board! Ich bin bei der Suche nach einer Lösung für ein Problem auf dem Laptop meiner "Schwägerin" auf dieses Forum gestoßen. Zunächst einmal möchte ich sagen, dass ich - Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert...
Archiv
Du betrachtest: Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.