Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.12.2011, 03:15   #1
btt2378
 
Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe - Standard

Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe



Hallo, habe das gleiche Problem wie die anderen auch.
Wenn ich den PC ohne Netzwerk Kabel starte funktioniert alles.

Ich freue ich über eure Hilfe, die Meldung kam bei mir wärend des online spielen !!!!

Alt 21.12.2011, 03:41   #2
btt2378
 
Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe - Standard

Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.12.2011 03:34:49 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = E:\
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 72,98% Memory free
6,00 Gb Paging File | 5,19 Gb Available in Paging File | 86,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 373,98 Gb Free Space | 80,31% Space Free | Partition Type: NTFS
Drive E: | 3,73 Gb Total Space | 2,83 Gb Free Space | 75,85% Space Free | Partition Type: FAT32
 
Computer Name: CK-PC | User Name: ck | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cchservice.exe (Salfeld Computer)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\IZArc\IZArcCM.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (NitroReaderDriverReadSpool) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe (Nitro PDF Software)
SRV - (ksupmgr) -- C:\Windows\System32\ksupmgr.exe (Salfeld Computer)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz)
DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (PLCNDIS5) -- C:\Windows\system32\plcndis5.sys (Intellon, Inc.)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/mb79?a=1ex5XM9l7OY
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 92 AA 65 6D 85 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "WEB.DE Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.googel.de"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.5.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.34
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.5.1
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..keyword.URL: "hxxp://go.web.de/tb/mff_keyurl_search/?su="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.27 16:28:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.17 18:37:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 16:26:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.15 20:24:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.23 08:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.08.05 20:55:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.27 16:28:07 | 000,000,000 | ---D | M]
 
[2010.10.21 19:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ck\AppData\Roaming\mozilla\Extensions
[2010.10.21 19:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ck\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.19 19:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions
[2011.12.07 09:56:56 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.10.07 10:28:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.10 20:00:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.06.17 15:20:43 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\engine@conduit.com
[2011.08.26 13:08:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\ffxtlbr@babylon.com
[2011.05.06 09:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\nostmp
[2011.12.19 19:12:49 | 000,000,933 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\11-suche.xml
[2011.05.25 15:15:10 | 000,000,963 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\conduit.xml
[2011.12.19 19:12:50 | 000,002,419 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 19:12:49 | 000,010,525 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\gmx-suche.xml
[2011.12.19 19:12:49 | 000,002,457 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\lastminute.xml
[2011.06.07 17:27:01 | 000,002,195 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\MyStart Search.xml
[2011.12.19 19:12:49 | 000,005,508 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\webde-suche.xml
[2011.11.09 16:26:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\CK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FRWFKERY.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
() (No name found) -- C:\USERS\CK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FRWFKERY.DEFAULT\EXTENSIONS\TOOLBAR-FF@PAYBACK.DE.XPI
[2011.11.09 16:26:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2011.10.01 22:06:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.01 22:06:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.01 22:06:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 22:06:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 22:06:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 22:06:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\ck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\ck\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\ck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_1\
CHR - Extension: Google Mail = C:\Users\ck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2010.11.23 11:07:59 | 000,000,877 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Programme\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKCU..\Run: [opera.exe] C:\Users\ck\AppData\Roaming\Opera\Opera\opera.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ToolbarsRestrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced:  = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoAdminPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoConfigPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSysPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoProfilePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\ck\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ck\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74878C43-52FA-45FF-B185-972D8D021712}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.21 00:46:30 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\Opera
[2011.12.20 23:36:16 | 000,000,000 | ---D | C] -- C:\Users\ck\Desktop\starmoney rechnungen
[2011.12.20 23:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 7.0
[2011.12.20 23:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\StarMoney 7.0
[2011.12.19 02:01:38 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\Avira
[2011.12.19 01:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.19 01:56:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.12.19 01:56:01 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.19 01:56:01 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.19 01:56:01 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.19 01:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.19 01:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.12.18 22:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011.12.18 22:01:52 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\QuickScan
[2011.12.18 22:00:57 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.12.18 21:59:54 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Local\Google
[2011.12.18 21:59:43 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Local\Deployment
[2011.12.18 21:59:43 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Local\Apps
[2011.12.16 18:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011.12.16 00:55:03 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\ijjigame
[2011.12.14 23:03:33 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.14 23:03:32 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.14 23:03:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.14 23:03:32 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.14 23:03:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.14 23:03:30 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 23:03:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.14 23:03:22 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 23:03:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 23:03:20 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 23:03:19 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.14 12:15:56 | 000,000,000 | ---D | C] -- C:\Users\ck\Desktop\skoda
[2011.12.13 14:05:18 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivox
[2011.12.13 14:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\Vivox
[2011.12.11 22:40:16 | 000,000,000 | ---D | C] -- C:\Users\ck\Desktop\Promo Bilder VD
[2011.12.03 19:34:00 | 000,000,000 | ---D | C] -- C:\Users\ck\Desktop\Bewerbungsordner new
[2011.12.02 17:30:55 | 000,000,000 | ---D | C] -- C:\Users\ck\Desktop\vd promo bilder fläche
[2011.11.27 21:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
[2011.11.27 21:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\Elcomsoft Password Recovery
[2011.11.27 21:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Elcomsoft Password Recovery
[2011.11.27 21:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\Elcomsoft
[2011.11.25 13:35:53 | 000,000,000 | ---D | C] -- C:\Users\ck\Documents\DolbyAxon
[2011.11.25 13:35:48 | 002,262,960 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.0.0.ocx
[2011.11.25 13:35:48 | 000,571,312 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.SkinFramework.Unicode.v13.0.0.ocx
[2011.11.25 13:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon
[2011.11.25 13:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\DolbyAxon
[2011.11.24 22:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.21 03:37:12 | 000,000,164 | ---- | M] () -- C:\Windows\System32\SWCTL.DLL
[2011.12.21 03:34:47 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.21 03:34:47 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.21 03:34:47 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.21 03:34:47 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.21 03:32:21 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.12.21 03:32:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.21 03:32:16 | 2415,308,800 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.21 01:18:38 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.21 01:18:37 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.21 01:04:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001UA.job
[2011.12.21 01:03:47 | 000,353,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.20 23:24:11 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\StarMoney 7.0.lnk
[2011.12.19 02:09:21 | 000,019,684 | ---- | M] () -- C:\Users\ck\Desktop\Offene Posten.sxc
[2011.12.19 01:56:16 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.18 23:55:48 | 000,100,935 | ---- | M] () -- C:\ProgramData\1324248838.bdinstall.bin
[2011.12.18 22:38:29 | 000,240,184 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2011.12.18 22:38:28 | 000,446,160 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2011.12.18 22:10:21 | 000,270,050 | ---- | M] () -- C:\ProgramData\1324242039.bdinstall.bin
[2011.12.18 22:07:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011.12.18 22:04:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001Core.job
[2011.12.18 22:00:59 | 000,002,294 | ---- | M] () -- C:\Users\ck\Desktop\Google Chrome.lnk
[2011.12.15 00:27:06 | 000,008,893 | ---- | M] () -- C:\Windows\System32\cchservice.err
[2011.12.13 14:05:18 | 000,002,929 | ---- | M] () -- C:\Users\ck\Desktop\C3.lnk
[2011.12.11 22:59:37 | 006,439,313 | ---- | M] () -- C:\Users\ck\Desktop\Promo Bilder VD.zip
[2011.12.11 22:36:58 | 001,517,253 | ---- | M] () -- C:\Users\ck\Desktop\FANTEC_Smart_TV_Hub_Box_DE.pdf
[2011.12.09 12:40:20 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.09 12:40:20 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.09 12:40:20 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.03 22:27:40 | 000,024,115 | ---- | M] () -- C:\Users\ck\Desktop\Tourenplanung Kuhn.ods
[2011.12.03 20:03:45 | 000,000,137 | ---- | M] () -- C:\Users\ck\Desktop\Berlin - Kuhn_14.11.11.URL
[2011.12.02 20:09:56 | 000,005,680 | ---- | M] () -- C:\Users\ck\Desktop\Rechnung_update_123.pdf
[2011.11.30 17:28:34 | 000,047,070 | ---- | M] () -- C:\Users\ck\Desktop\Update Zusatz.pdf
[2011.11.30 17:27:51 | 000,065,986 | ---- | M] () -- C:\Users\ck\Desktop\Update Vertrag.pdf
[2011.11.30 12:35:59 | 000,130,687 | ---- | M] () -- C:\Users\ck\Desktop\Christian-Kuhn-20111130-intern.pdf
[2011.11.29 11:43:55 | 000,073,210 | ---- | M] () -- C:\Users\ck\Desktop\ck und janett.jpg
[2011.11.27 22:11:00 | 003,178,822 | ---- | M] () -- C:\Users\ck\Desktop\Sat Vision Videoweb.pdf
[2011.11.24 22:36:44 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011.11.24 22:24:13 | 000,007,607 | ---- | M] () -- C:\Users\ck\AppData\Local\resmon.resmoncfg
[2011.11.24 05:25:27 | 002,342,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.11.21 12:26:05 | 000,087,157 | ---- | M] () -- C:\Users\ck\Desktop\händler liste new (01).pdf
 
========== Files Created - No Company Name ==========
 
[2011.12.20 23:24:10 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\StarMoney 7.0.lnk
[2011.12.19 01:56:16 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.18 23:55:48 | 000,100,935 | ---- | C] () -- C:\ProgramData\1324248838.bdinstall.bin
[2011.12.18 22:10:21 | 000,270,050 | ---- | C] () -- C:\ProgramData\1324242039.bdinstall.bin
[2011.12.18 22:07:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011.12.18 22:00:59 | 000,002,294 | ---- | C] () -- C:\Users\ck\Desktop\Google Chrome.lnk
[2011.12.18 21:59:56 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001UA.job
[2011.12.18 21:59:54 | 000,001,056 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001Core.job
[2011.12.13 14:05:18 | 000,002,929 | ---- | C] () -- C:\Users\ck\Desktop\C3.lnk
[2011.12.11 22:59:36 | 006,439,313 | ---- | C] () -- C:\Users\ck\Desktop\Promo Bilder VD.zip
[2011.12.11 22:36:58 | 001,517,253 | ---- | C] () -- C:\Users\ck\Desktop\FANTEC_Smart_TV_Hub_Box_DE.pdf
[2011.12.03 20:03:45 | 000,000,137 | ---- | C] () -- C:\Users\ck\Desktop\Berlin - Kuhn_14.11.11.URL
[2011.12.02 20:09:19 | 000,005,680 | ---- | C] () -- C:\Users\ck\Desktop\Rechnung_update_123.pdf
[2011.11.30 17:28:34 | 000,047,070 | ---- | C] () -- C:\Users\ck\Desktop\Update Zusatz.pdf
[2011.11.30 17:27:51 | 000,065,986 | ---- | C] () -- C:\Users\ck\Desktop\Update Vertrag.pdf
[2011.11.30 12:35:54 | 000,130,687 | ---- | C] () -- C:\Users\ck\Desktop\Christian-Kuhn-20111130-intern.pdf
[2011.11.29 11:43:55 | 000,073,210 | ---- | C] () -- C:\Users\ck\Desktop\ck und janett.jpg
[2011.11.27 22:47:52 | 000,024,115 | ---- | C] () -- C:\Users\ck\Desktop\Tourenplanung Kuhn.ods
[2011.11.27 22:11:00 | 003,178,822 | ---- | C] () -- C:\Users\ck\Desktop\Sat Vision Videoweb.pdf
[2011.11.24 22:36:43 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2011.11.24 22:21:47 | 000,007,607 | ---- | C] () -- C:\Users\ck\AppData\Local\resmon.resmoncfg
[2011.11.21 12:26:05 | 000,087,157 | ---- | C] () -- C:\Users\ck\Desktop\händler liste new (01).pdf
[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.10.12 11:49:41 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Classical
[2011.10.12 11:49:41 | 000,000,268 | RH-- | C] () -- C:\Users\ck\AppData\Roaming\Channel
[2011.10.12 11:49:41 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.10.12 11:49:41 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions
[2011.10.12 11:49:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clean Electric Guitar
[2011.10.12 11:49:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Classic Thick
[2011.10.12 11:49:06 | 000,000,268 | RH-- | C] () -- C:\Users\ck\AppData\Roaming\Chiller
[2011.10.12 11:49:06 | 000,000,268 | RH-- | C] () -- C:\Users\ck\AppData\Roaming\Carbon
[2011.10.12 11:49:06 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.10.12 11:49:06 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.10.12 11:49:06 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Contents
[2011.10.12 11:49:06 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Compressor
[2011.08.27 13:53:37 | 000,276,080 | ---- | C] () -- C:\Users\ck\AppData\Local\census.cache
[2011.08.27 13:53:24 | 000,132,740 | ---- | C] () -- C:\Users\ck\AppData\Local\ars.cache
[2011.08.05 21:59:05 | 000,000,036 | ---- | C] () -- C:\Users\ck\AppData\Local\housecall.guid.cache
[2011.07.31 20:09:08 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll
[2011.07.18 08:08:52 | 000,000,164 | ---- | C] () -- C:\Windows\System32\SWCTL.DLL
[2011.07.18 08:08:52 | 000,000,145 | -H-- | C] () -- C:\Windows\System32\ctlsw.ini
[2011.07.18 08:08:50 | 000,009,368 | ---- | C] () -- C:\Windows\System32\drivers\mchccinj.sys
[2011.07.18 08:08:49 | 000,000,590 | ---- | C] () -- C:\Windows\System32\nochook.ini
[2011.06.15 18:53:50 | 000,241,182 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.06.15 18:53:50 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2011.06.07 17:13:26 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2011.05.10 23:57:00 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat.temp
[2011.05.04 11:39:33 | 000,132,420 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.03.27 16:46:00 | 000,237,206 | ---- | C] () -- C:\Windows\hpwins26.dat.temp
[2011.03.27 16:46:00 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2011.03.27 16:40:34 | 000,236,543 | ---- | C] () -- C:\Windows\hpwins26.dat
[2011.03.27 16:40:34 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2011.03.27 16:25:10 | 000,196,991 | ---- | C] () -- C:\Windows\hpwins27.dat
[2011.03.27 16:25:10 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat
[2010.11.17 18:23:12 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.11.17 18:03:17 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.10.05 19:24:33 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.10.05 18:45:32 | 000,000,572 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2010.10.05 18:45:22 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.10.07 14:40:34 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2009.10.07 14:38:42 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2009.10.07 14:38:26 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2009.10.07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.09.30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nsldap32v60.dll
[2009.07.14 09:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,353,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\System32\nsldapssl32v60.dll
[2008.10.30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\System32\nsldappr32v60.dll
[2008.07.26 13:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2004.08.13 08:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000096.DLL
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 176 bytes -> C:\Users\ck\Desktop\unterschrift.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\ck\Desktop\Tk-Bescheid.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\ck\Desktop\Gewerbeschein_C.Kuhn.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.12.2011 03:34:49 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = E:\
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 72,98% Memory free
6,00 Gb Paging File | 5,19 Gb Available in Paging File | 86,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 373,98 Gb Free Space | 80,31% Space Free | Partition Type: NTFS
Drive E: | 3,73 Gb Total Space | 2,83 Gb Free Space | 75,85% Space Free | Partition Type: FAT32
 
Computer Name: CK-PC | User Name: ck | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17936630-5344-4F18-9970-616129E2A114}_is1" = Dolby Axon - 1.4.0.1
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FA42404-0150-4AB9-BCA7-8168E25773DF}" = StarMoney 7.0 
"{52088EA2-01DB-4A59-A302-A5C27DCD85AC}" = StarMoney 8.0 
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}" = OLYMPUS Viewer 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7311DD3C-412D-4A6A-B12C-A088391C6EF5}" = Elcomsoft Phone Password Breaker
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AE8768A-5C84-4EC6-9504-A2D37A8C6E99}" = Nitro PDF Reader
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.POWERPOINTR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.POWERPOINTR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.POWERPOINTR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.POWERPOINTR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.POWERPOINTR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.POWERPOINTR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.POWERPOINTR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney
"{91140000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{91140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINTR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8E88489-A304-45F1-9717-242035DE167D}" = PixelPlanet PdfPrinter 6
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE15050E-1FCF-4E23-B10F-65194C7A73EC}" = C3
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7437092-E534-46A5-895B-94FC627139B6}" = COMPUTERBILD-Abzockschutz
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DD3DD99A-BA74-49FD-809D-B96FF518F4FB}" = KFZ-Fahrtenbuch 3
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.26
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"1&1 EasyLogin" = 1&1 EasyLogin
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"DivX Setup.divx.com" = DivX-Setup
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"DTGDesktop" = Documents To Go Desktop for iPhone
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"Foxit PDF Editor" = Foxit PDF Editor
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IncrediMail" = IncrediMail 2.0
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Logitech Vid" = Logitech Vid HD
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.POWERPOINTR" = Microsoft PowerPoint 2010
"PDF Editor 3" = PDF Editor 3
"Personal Backup 5_is1" = Personal Backup 5.0
"PhotoScape" = PhotoScape
"SP6" = Logitech SetPoint 6.30
"SpeedFan" = SpeedFan (remove only)
"Steam App 102700" = Alliance of Valiant Arms
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"User Control_is1" = User Control
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---
__________________


Alt 21.12.2011, 04:46   #3
btt2378
 
Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe - Standard

Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe



Hier nochmal die Werte als Datei Upload.
__________________

Alt 22.12.2011, 07:53   #4
kira
/// Helfer-Team
 
Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe - Standard

Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
absichtlich installiert?:
Zitat:
1&1 EasyLogin
2.
Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere:
Code:
ATTFilter
McAfee Security Scan Plus
         
obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.


3.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
  • per Doppelklick starten.
  • gleich mal die Datenbanken zu aktualisieren - online updaten
  • Vollständiger Suchlauf wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

4.
falsch installiert!:
Zitat:
Folder = C:\Windows\system32
also OTL wieder entfernen und erneut herunterladen:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

5.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 22.12.2011, 16:34   #5
btt2378
 
Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe - Standard

Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe



Hey, hier die Files

Code:
ATTFilter
 Logfile Malewarebytes

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122202

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

22.12.2011 12:58:41
mbam-log-2011-12-22 (12-58-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 395908
Laufzeit: 1 Stunde(n), 44 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.12.2011 11:22:55 - 

Run 3 OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\ck\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 42,18% Memory free
6,00 Gb Paging File | 3,92 Gb Available in Paging File | 65,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 393,81 Gb Free Space | 84,57% Space Free | Partition Type: NTFS
 
Computer Name: CK-PC | User Name: ck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ck\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\G Data\AntiVirus\GUI\GDSC.exe (G Data Software AG)
PRC - C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Programme\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Nitro PDF\Reader\NitroPDFReaderDriverService.exe (Nitro PDF Software)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\System32\cchservice.exe (Salfeld Computer)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll ()
MOD - C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\avutil-51.dll ()
MOD - C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\avformat-53.dll ()
MOD - C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\avcodec-53.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Programme\IZArc\IZArcCM.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AVKService) -- C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (NitroReaderDriverReadSpool) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe (Nitro PDF Software)
SRV - (ksupmgr) -- C:\Windows\System32\ksupmgr.exe (Salfeld Computer)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (GdNetMon) -- C:\Windows\System32\drivers\GdNetMon32.sys (G Data Software AG)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz)
DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (PLCNDIS5) -- C:\Windows\system32\plcndis5.sys (Intellon, Inc.)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/mb79?a=1ex5XM9l7OY
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 92 AA 65 6D 85 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "WEB.DE Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.googel.de"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.5.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.34
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.5.1
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..keyword.URL: "hxxp://go.web.de/tb/mff_keyurl_search/?su="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.27 16:28:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.17 18:37:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 16:26:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.15 20:24:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.23 08:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.08.05 20:55:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.27 16:28:07 | 000,000,000 | ---D | M]
 
[2010.10.21 19:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ck\AppData\Roaming\mozilla\Extensions
[2010.10.21 19:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ck\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.21 18:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions
[2011.12.21 18:01:43 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.10.07 10:28:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.06 09:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\nostmp
[2011.12.19 19:12:49 | 000,000,933 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\11-suche.xml
[2011.05.25 15:15:10 | 000,000,963 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\conduit.xml
[2011.12.19 19:12:50 | 000,002,419 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 19:12:49 | 000,010,525 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\gmx-suche.xml
[2011.12.19 19:12:49 | 000,002,457 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\lastminute.xml
[2011.06.07 17:27:01 | 000,002,195 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\MyStart Search.xml
[2011.12.19 19:12:49 | 000,005,508 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\webde-suche.xml
[2011.12.21 15:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.21 15:11:45 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2011.12.21 15:11:45 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2011.12.21 15:11:45 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{906305F7-AAFC-45E9-8BBD-941950A84DAD}
[2011.12.21 15:11:45 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170633FE}
() (No name found) -- C:\USERS\CK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FRWFKERY.DEFAULT\EXTENSIONS\TOOLBAR-FF@PAYBACK.DE.XPI
[2011.11.09 16:26:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2011.10.01 22:06:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.01 22:06:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.01 22:06:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 22:06:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 22:06:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 22:06:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\ck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\ck\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\ck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_1\
CHR - Extension: Google Mail = C:\Users\ck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2010.11.23 11:07:59 | 000,000,877 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll (G Data Software AG)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKCU..\Run: [opera.exe] C:\Users\ck\AppData\Roaming\Opera\Opera\opera.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ToolbarsRestrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced:  = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoAdminPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoConfigPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSysPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoProfilePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\ck\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ck\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74878C43-52FA-45FF-B185-972D8D021712}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.22 11:25:34 | 000,000,000 | ---D | C] -- C:\Users\ck\Desktop\log files 22.12
[2011.12.22 11:20:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\ck\Desktop\OTL.exe
[2011.12.22 11:13:06 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.21 18:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011.12.21 18:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011.12.21 15:12:08 | 000,049,016 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2011.12.21 15:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data AntiVirus 2012
[2011.12.21 15:11:19 | 000,041,336 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2011.12.21 15:11:18 | 000,079,992 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2011.12.21 15:11:17 | 000,040,440 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2011.12.21 15:11:17 | 000,029,560 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GdNetMon32.sys
[2011.12.21 15:11:15 | 000,054,648 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2011.12.21 15:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2011.12.21 15:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\G Data
[2011.12.21 15:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2011.12.21 15:04:11 | 354,192,696 | ---- | C] (G Data Software AG) -- C:\Users\ck\Desktop\GER_R_FUL_2012_AV.exe
[2011.12.21 15:04:10 | 002,002,416 | ---- | C] (Trend Micro Inc.) -- C:\Users\ck\Desktop\HousecallLauncher.exe
[2011.12.21 13:16:49 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.21 13:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.21 13:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.21 13:16:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.21 13:15:52 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\ck\Desktop\aswMBR.exe
[2011.12.21 04:32:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Windows\System32\OTL.exe
[2011.12.21 04:11:03 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\Malwarebytes
[2011.12.21 04:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.21 04:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.21 04:10:54 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.21 04:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.21 03:47:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.12.21 00:46:30 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\Opera
[2011.12.20 23:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 7.0
[2011.12.20 23:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\StarMoney 7.0
[2011.12.18 22:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011.12.18 22:01:52 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\QuickScan
[2011.12.18 22:00:57 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.12.18 21:59:54 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Local\Google
[2011.12.18 21:59:43 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Local\Deployment
[2011.12.18 21:59:43 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Local\Apps
[2011.12.16 18:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011.12.16 00:55:03 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\ijjigame
[2011.12.14 23:03:33 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.14 23:03:32 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.14 23:03:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.14 23:03:32 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.14 23:03:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.14 23:03:30 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 23:03:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.14 23:03:22 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 23:03:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 23:03:20 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 23:03:19 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.14 12:15:56 | 000,000,000 | ---D | C] -- C:\Users\ck\Desktop\skoda
[2011.12.03 19:34:00 | 000,000,000 | ---D | C] -- C:\Users\ck\Desktop\Bewerbungsordner new
[2011.11.27 21:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
[2011.11.27 21:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Elcomsoft Password Recovery
[2011.11.25 13:35:53 | 000,000,000 | ---D | C] -- C:\Users\ck\Documents\DolbyAxon
[2011.11.25 13:35:48 | 002,262,960 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.0.0.ocx
[2011.11.25 13:35:48 | 000,571,312 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.SkinFramework.Unicode.v13.0.0.ocx
[2011.11.25 13:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon
[2011.11.25 13:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\DolbyAxon
[2011.11.24 22:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.22 11:34:57 | 000,000,164 | ---- | M] () -- C:\Windows\System32\SWCTL.DLL
[2011.12.22 11:20:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ck\Desktop\OTL.exe
[2011.12.22 11:13:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.22 11:04:36 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001UA.job
[2011.12.22 10:34:48 | 000,170,772 | ---- | M] () -- C:\Users\ck\Desktop\andels angebot.pdf
[2011.12.22 10:01:54 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.22 10:01:53 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.22 09:56:00 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011.12.22 09:54:28 | 000,501,690 | ---- | M] () -- C:\Windows\System32\sig.bin
[2011.12.22 09:54:28 | 000,035,305 | ---- | M] () -- C:\Windows\System32\nmp.map
[2011.12.22 09:53:37 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.12.22 09:53:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.22 09:53:19 | 2415,308,800 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.21 18:31:22 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011.12.21 17:06:48 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.21 17:06:48 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.21 17:06:48 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.21 17:06:48 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.21 16:22:14 | 000,079,992 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2011.12.21 16:22:14 | 000,054,648 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2011.12.21 16:22:14 | 000,041,336 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2011.12.21 16:22:14 | 000,040,440 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2011.12.21 15:49:17 | 000,307,794 | ---- | M] () -- C:\Users\ck\AppData\Local\census.cache
[2011.12.21 15:49:13 | 000,132,740 | ---- | M] () -- C:\Users\ck\AppData\Local\ars.cache
[2011.12.21 15:12:08 | 000,049,016 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2011.12.21 15:11:17 | 000,029,560 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GdNetMon32.sys
[2011.12.21 14:46:18 | 002,002,416 | ---- | M] (Trend Micro Inc.) -- C:\Users\ck\Desktop\HousecallLauncher.exe
[2011.12.21 13:16:37 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.21 12:20:42 | 354,192,696 | ---- | M] (G Data Software AG) -- C:\Users\ck\Desktop\GER_R_FUL_2012_AV.exe
[2011.12.21 04:10:58 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.21 03:10:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\OTL.exe
[2011.12.21 03:05:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\ck\Desktop\aswMBR.exe
[2011.12.21 01:03:47 | 000,353,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.18 23:55:48 | 000,100,935 | ---- | M] () -- C:\ProgramData\1324248838.bdinstall.bin
[2011.12.18 22:38:29 | 000,240,184 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2011.12.18 22:38:28 | 000,446,160 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2011.12.18 22:10:21 | 000,270,050 | ---- | M] () -- C:\ProgramData\1324242039.bdinstall.bin
[2011.12.18 22:07:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011.12.18 22:04:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001Core.job
[2011.12.15 00:27:06 | 000,008,893 | ---- | M] () -- C:\Windows\System32\cchservice.err
[2011.11.24 22:36:44 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011.11.24 22:24:13 | 000,007,607 | ---- | M] () -- C:\Users\ck\AppData\Local\resmon.resmoncfg
[2011.11.24 05:25:27 | 002,342,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files Created - No Company Name ==========
 
[2011.12.22 10:34:48 | 000,170,772 | ---- | C] () -- C:\Users\ck\Desktop\andels angebot.pdf
[2011.12.22 09:54:28 | 000,501,690 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.12.22 09:54:28 | 000,035,305 | ---- | C] () -- C:\Windows\System32\nmp.map
[2011.12.21 18:31:23 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011.12.21 18:31:22 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011.12.21 13:16:37 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.21 04:10:58 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.18 23:55:48 | 000,100,935 | ---- | C] () -- C:\ProgramData\1324248838.bdinstall.bin
[2011.12.18 22:10:21 | 000,270,050 | ---- | C] () -- C:\ProgramData\1324242039.bdinstall.bin
[2011.12.18 22:07:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011.12.18 21:59:56 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001UA.job
[2011.12.18 21:59:54 | 000,001,056 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001Core.job
[2011.11.24 22:36:43 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2011.11.24 22:21:47 | 000,007,607 | ---- | C] () -- C:\Users\ck\AppData\Local\resmon.resmoncfg
[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.10.12 11:49:41 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Classical
[2011.10.12 11:49:41 | 000,000,268 | RH-- | C] () -- C:\Users\ck\AppData\Roaming\Channel
[2011.10.12 11:49:41 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.10.12 11:49:41 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions
[2011.10.12 11:49:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clean Electric Guitar
[2011.10.12 11:49:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Classic Thick
[2011.10.12 11:49:06 | 000,000,268 | RH-- | C] () -- C:\Users\ck\AppData\Roaming\Chiller
[2011.10.12 11:49:06 | 000,000,268 | RH-- | C] () -- C:\Users\ck\AppData\Roaming\Carbon
[2011.10.12 11:49:06 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.10.12 11:49:06 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.10.12 11:49:06 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Contents
[2011.10.12 11:49:06 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Compressor
[2011.08.27 13:53:37 | 000,307,794 | ---- | C] () -- C:\Users\ck\AppData\Local\census.cache
[2011.08.27 13:53:24 | 000,132,740 | ---- | C] () -- C:\Users\ck\AppData\Local\ars.cache
[2011.08.05 21:59:05 | 000,000,036 | ---- | C] () -- C:\Users\ck\AppData\Local\housecall.guid.cache
[2011.07.31 20:09:08 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll
[2011.07.18 08:08:52 | 000,000,164 | ---- | C] () -- C:\Windows\System32\SWCTL.DLL
[2011.07.18 08:08:52 | 000,000,145 | -H-- | C] () -- C:\Windows\System32\ctlsw.ini
[2011.07.18 08:08:50 | 000,009,368 | ---- | C] () -- C:\Windows\System32\drivers\mchccinj.sys
[2011.07.18 08:08:49 | 000,000,590 | ---- | C] () -- C:\Windows\System32\nochook.ini
[2011.06.15 18:53:50 | 000,241,182 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.06.15 18:53:50 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2011.06.07 17:13:26 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2011.05.10 23:57:00 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat.temp
[2011.05.04 11:39:33 | 000,132,420 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.03.27 16:46:00 | 000,237,206 | ---- | C] () -- C:\Windows\hpwins26.dat.temp
[2011.03.27 16:46:00 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2011.03.27 16:40:34 | 000,236,543 | ---- | C] () -- C:\Windows\hpwins26.dat
[2011.03.27 16:40:34 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2011.03.27 16:25:10 | 000,196,991 | ---- | C] () -- C:\Windows\hpwins27.dat
[2011.03.27 16:25:10 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat
[2010.11.17 18:23:12 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.11.17 18:03:17 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.10.05 19:24:33 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.10.05 18:45:32 | 000,000,572 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2010.10.05 18:45:22 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.10.07 14:40:34 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2009.10.07 14:38:42 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2009.10.07 14:38:26 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2009.10.07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.09.30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nsldap32v60.dll
[2009.07.14 09:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,353,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\System32\nsldapssl32v60.dll
[2008.10.30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\System32\nsldappr32v60.dll
[2008.07.26 13:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2004.08.13 08:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000096.DLL
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 168 bytes -> C:\Users\ck\Desktop\Gewerbeschein_C.Kuhn.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
         
--- --- ---


Code:
ATTFilter
 OTL Extras

TL Extras logfile created on: 22.12.2011 11:22:55 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\ck\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 42,18% Memory free
6,00 Gb Paging File | 3,92 Gb Available in Paging File | 65,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 393,81 Gb Free Space | 84,57% Space Free | Partition Type: NTFS
 
Computer Name: CK-PC | User Name: ck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17936630-5344-4F18-9970-616129E2A114}_is1" = Dolby Axon - 1.4.0.1
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1AD8819A-70E8-4380-92DA-F5B2421DAE35}" = G Data AntiVirus 2012
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FA42404-0150-4AB9-BCA7-8168E25773DF}" = StarMoney 7.0 
"{52088EA2-01DB-4A59-A302-A5C27DCD85AC}" = StarMoney 8.0 
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}" = OLYMPUS Viewer 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7311DD3C-412D-4A6A-B12C-A088391C6EF5}" = Elcomsoft Phone Password Breaker
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AE8768A-5C84-4EC6-9504-A2D37A8C6E99}" = Nitro PDF Reader
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.POWERPOINTR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.POWERPOINTR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.POWERPOINTR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.POWERPOINTR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.POWERPOINTR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.POWERPOINTR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.POWERPOINTR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney
"{91140000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{91140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINTR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8E88489-A304-45F1-9717-242035DE167D}" = PixelPlanet PdfPrinter 6
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7437092-E534-46A5-895B-94FC627139B6}" = COMPUTERBILD-Abzockschutz
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DD3DD99A-BA74-49FD-809D-B96FF518F4FB}" = KFZ-Fahrtenbuch 3
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"DivX Setup.divx.com" = DivX-Setup
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"DTGDesktop" = Documents To Go Desktop for iPhone
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"Foxit PDF Editor" = Foxit PDF Editor
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HitmanPro35" = Hitman Pro 3.5
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IncrediMail" = IncrediMail 2.0
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.POWERPOINTR" = Microsoft PowerPoint 2010
"PDF Editor 3" = PDF Editor 3
"Personal Backup 5_is1" = Personal Backup 5.0
"PhotoScape" = PhotoScape
"SP6" = Logitech SetPoint 6.30
"SpeedFan" = SpeedFan (remove only)
"Steam App 102700" = Alliance of Valiant Arms
"Uninstall_is1" = Uninstall 1.0.0.1
"User Control_is1" = User Control
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
Code:
ATTFilter
AAVUpdateManager	Akademische Arbeitsgemeinschaft	01.10.2010	14,5MB	12.00.0000
ABC Amber Audio Converter		04.12.2010		
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	04.10.2010	6,00MB	10.1.85.3
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	17.11.2011	6,00MB	11.1.102.55
Adobe Reader 9.4.6 - Deutsch	Adobe Systems Incorporated	21.09.2011	263MB	9.4.6
Alliance of Valiant Arms		24.06.2011		
Apple Application Support	Apple Inc.	22.10.2011	61,2MB	2.1.5
Apple Mobile Device Support	Apple Inc.	22.10.2011	24,3MB	4.0.0.96
Apple Software Update	Apple Inc.	22.10.2011	2,38MB	2.1.3.127
Bonjour	Apple Inc.	22.10.2011	1,02MB	3.0.0.10
Bullzip PDF Printer 7.2.0.1304	Bullzip	06.07.2011	6,41MB	7.2.0.1304
CCleaner	Piriform	06.10.2011		3.11
CDBurnerXP	CDBurnerXP	30.10.2011	12,0MB	4.3.8.2631
CloneDVD2	Elaborate Bytes	04.10.2010		
COMPUTERBILD-Abzockschutz	J3S	29.03.2011	2,24MB	1.0.30
cyberJack Base Components	REINER SCT	30.07.2011		6.9.12
devolo dLAN-Konfigurationsassistent	devolo AG	20.08.2011		9.0.0.0
devolo EasyClean	devolo AG	20.08.2011		3.0.0.0
devolo EasyShare	devolo AG	20.08.2011		4.0.0.0
devolo Informer	devolo AG	20.08.2011		15.0.0.0
DHTML Editing Component	Microsoft Corporation	11.10.2011	0,54MB	6.02.0001
DivX-Setup	DivX, LLC	16.07.2011		2.5.0.15
Documents To Go Desktop for iPhone	DataViz, Inc.	25.06.2011		2.0000.006
Dolby Axon - 1.4.0.1	Dolby Laboratories	24.11.2011	24,8MB	1.4.0.1
Dropbox	Dropbox, Inc.	22.06.2011		1.1.35
Elcomsoft Phone Password Breaker	Elcomsoft Co. Ltd.	26.11.2011	9,40MB	1.81.1077.899
Free Audio CD Burner version 1.4	DVDVideoSoft Limited.	26.10.2010	8,19MB	
Free YouTube Download version 3.0.13.815	DVDVideoSoft Ltd.	27.08.2011	42,0MB	
Free YouTube to MP3 Converter version 3.10.11.923	DVDVideoSoft Ltd.	11.10.2011	42,4MB	
G Data AntiVirus 2012	G Data Software AG	20.12.2011	65,6MB	22.0.0.0
Google Chrome	Google Inc.	17.12.2011		16.0.912.63
GPL Ghostscript Lite 8.70		06.07.2011	12,8MB	
Hitman Pro 3.5	SurfRight B.V.	20.12.2011		3.5.9.131
HP Customer Participation Program 13.0	HP	26.03.2011		13.0
HP Document Manager 2.0	HP	26.03.2011		2.0
HP Imaging Device Functions 13.0	HP	26.03.2011		13.0
HP Officejet 4500 G510a-f	HP	26.03.2011		13.0
HP Officejet 4500 G510g-m	HP	26.03.2011		13.0
HP Officejet 4500 G510n-z	HP	14.06.2011		13.0
HP Smart Web Printing 4.5	HP	26.03.2011		4.5
HP Update	Hewlett-Packard	26.03.2011	3,73MB	4.000.011.006
iCloud	Apple Inc.	18.10.2011	23,6MB	1.0.1.29
IncrediMail 2.0	IncrediMail Ltd.	21.08.2011		6.2.9.5055
iTunes	Apple Inc.	22.10.2011	168,7MB	10.5.0.142
IZArc 4.1.2	Ivan Zahariev	30.09.2010	13,8MB	4.1.2
Java(TM) 6 Update 22	Oracle	08.11.2011	97,1MB	6.0.220
Java(TM) 6 Update 26	Oracle	04.10.2010	97,0MB	6.0.260
KFZ-Fahrtenbuch 3	Krämer IT Solutions GmbH	28.02.2011	29,7MB	3.0.80.0
Logitech SetPoint 6.30	Logitech	12.07.2011	39,1MB	6.30.43
Logitech Vid HD	Logitech Inc..	06.06.2011		7.2 (7248)
Logitech Webcam Software	Logitech Inc.	06.06.2011	43,9MB	12.10.1113
Malwarebytes' Anti-Malware Version 1.51.2.1300	Malwarebytes Corporation	20.12.2011	13,8MB	1.51.2.1300
MediaMonkey 3.2	Ventis Media Inc.	15.10.2011		3.2
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	19.10.2010	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	19.10.2010	2,94MB	4.0.30319
Microsoft PowerPoint 2010	Microsoft Corporation	10.11.2011		14.0.6029.1000
Microsoft PowerPoint Viewer	Microsoft Corporation	13.12.2011	175,7MB	14.0.6029.1000
Microsoft Silverlight	Microsoft Corporation	12.10.2011	140,1MB	4.0.60831.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	03.11.2010	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	0,29MB	8.0.56336
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	12.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	31.03.2011	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	04.10.2010	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	04.10.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	18.12.2011	15,0MB	10.0.40219
MobileMe Control Panel	Apple Inc.	18.10.2011	12,9MB	3.1.8.0
Mozilla Firefox 8.0 (x86 de)	Mozilla	08.11.2011	36,9MB	8.0
Mozilla Thunderbird (8.0)	Mozilla	14.11.2011		8.0 (de)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	06.10.2010	37,00KB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	06.10.2010	1,33MB	4.20.9876.0
MSXML 4.0 SP2 Parser and SDK	Microsoft Corporation	09.07.2011	36,00KB	4.20.9818.0
NEC Electronics USB 3.0 Host Controller Driver	NEC Electronics Corporation	27.12.2010	0,97MB	1.0.20.0
Nikon Message Center 2	Nikon	11.10.2011	5,20MB	2.0.1
Nikon Movie Editor	Nikon	11.10.2011	27,0MB	2.2.1
Nitro PDF Reader	Nitro PDF Software	07.03.2011	80,1MB	1.4.0.11
Nur Deinstallierung der CopyTrans Suite möglich.	WindSolutions	07.11.2010		2.15
NVIDIA 3D Vision Controller-Treiber 285.62	NVIDIA Corporation	25.10.2011		285.62
NVIDIA 3D Vision Treiber 285.62	NVIDIA Corporation	25.10.2011		285.62
NVIDIA Drivers	NVIDIA Corporation	16.11.2010	66,3MB	1.10.62.40
NVIDIA Grafiktreiber 285.62	NVIDIA Corporation	25.10.2011		285.62
NVIDIA PhysX-Systemsoftware 9.11.0621	NVIDIA Corporation	25.10.2011		9.11.0621
NVIDIA Update 1.5.20	NVIDIA Corporation	25.10.2011		1.5.20
OCR Software by I.R.I.S. 13.0	HP	26.03.2011		13.0
Olympus ib	OLYMPUS IMAGING CORP.	09.07.2011	274MB	1.3.2207
OLYMPUS Viewer 2	OLYMPUS IMAGING CORP.	09.07.2011	0,20MB	1.1.1
OpenOffice.org 3.3	OpenOffice.org	08.11.2011	424MB	3.3.9567
PDF Editor 3		16.11.2010		
PDF24 Creator 3.0.0	PDF24.org	01.05.2011	33,2MB	
Personal Backup 5.0	J. Rathlev	27.12.2010		
PhotoScape		03.12.2010		
Picture Control Utility	Nikon	11.10.2011	26,0MB	1.3.0
PixelPlanet PdfPrinter 6	PixelPlanet	15.11.2010	34,2MB	6.02.9
QuickTime	Apple Inc.	04.08.2011	73,0MB	7.70.80.34
REACTOR	ijji	14.11.2011		1.00.0000
RENESIS® Player Browser Plugins	examotion® GmbH	02.11.2010	1,83MB	1.1.1
Safari	Apple Inc.	18.10.2011	43,2MB	5.34.51.22
SES Driver	Western Digital	18.05.2011	24,00KB	1.0.0
SpeedFan (remove only)		23.11.2011		
StarMoney 7.0	Star Finanz GmbH	20.12.2011		7.0
StarMoney 8.0	Star Finanz GmbH	27.04.2011		8.0
Steam	Valve Corporation	23.06.2011	35,5MB	1.0.0.0
SUPERAntiSpyware	SUPERAntiSpyware.com	20.12.2011	75,3MB	5.0.1142
Ulead PhotoImpact X3	Corel	11.10.2011	286MB	13.0
Uninstall 1.0.0.1		23.04.2011	10,9MB	
User Control	Salfeld Computer GmbH	17.07.2011	52,5MB	
ViewNX 2	Nikon	11.10.2011	51,6MB	2.2.1
WD SmartWare	Western Digital	18.05.2011	35,1MB	1.4.5.5
Windows Live Essentials	Microsoft Corporation	24.07.2011		15.4.3538.0513
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	04.12.2010	5,58MB	15.4.5722.2
Windows Media Player Firefox Plugin	Microsoft Corp	03.04.2011	0,29MB	1.0.0.8
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)	OLYMPUS IMAGING CORP.	09.07.2011		09/09/2009 1.0.0.0
WinPcap 4.1.2	CACE Technologies	13.08.2011		4.1.0.2001
WinRAR 4.00 (32-Bit)	win.rar GmbH	18.04.2011		4.00.0
         


Alt 23.12.2011, 05:37   #6
kira
/// Helfer-Team
 
Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe - Standard

Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe



1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.5.1
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
[2011.05.25 15:15:10 | 000,000,963 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\conduit.xml
[2011.10.01 22:06:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKCU..\Run: [opera.exe] C:\Users\ck\AppData\Roaming\Opera\Opera\opera.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ToolbarsRestrictions present
[2011.12.16 18:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011.12.22 11:04:36 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001UA.job
[2011.12.18 21:59:56 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001UA.job
[2011.12.18 21:59:54 | 000,001,056 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001Core.job
@Alternate Data Stream - 168 bytes -> C:\Users\ck\Desktop\Gewerbeschein_C.Kuhn.jpeg:3or4kl4x13tuuug3Byamue2s4b

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
Start- und Suchseite..hast Du selbst eingetragen? oder sollten wir rauslöschen?:
Code:
ATTFilter
[2011.12.19 19:12:49 | 000,000,933 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\11-suche.xml
[2011.12.19 19:12:49 | 000,010,525 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\gmx-suche.xml
[2011.12.19 19:12:49 | 000,002,457 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\lastminute.xml
[2011.06.07 17:27:01 | 000,002,195 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\MyStart Search.xml
[2011.12.19 19:12:49 | 000,005,508 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\webde-suche.xml
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/mb79?a=1ex5XM9l7OY
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "WEB.DE Suche"
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.7
FF - prefs.js..keyword.URL: "http://go.web.de/tb/mff_keyurl_search/?su="
         
3.
deinstalliere:
Zitat:
Hitman Pro 3.5
4.
gilt als unsicher:
Zitat:
IncrediMail
5.
Java aktualisieren
Deine Javaversion ist nicht aktuell.
Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

6.
Die alte Java-Versionen verbleiben auf dem PC...aus Sicherheitsgründen müssen entfernt werden,auch in Zukunft darauf achten!
falls noch existieren...deinstalliere:
Zitat:
Java(TM) 6 Update 22
Java(TM) 6 Update 26
7.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

8.
reinige dein System mit CCleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

9.
  • SUPERAntiSpyware FREE Edition updaten
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

10.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

11.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

12.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

13.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    ATTFilter
    mbr.exe -t > C:\mbr.log & C:\mbr.log
             
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________
--> Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe

Alt 23.12.2011, 17:54   #7
btt2378
 
Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe - Standard

Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe



Code:
ATTFilter
otl 

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{990af1c2-5a27-4460-8149-ecc6bc122af3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{990af1c2-5a27-4460-8149-ecc6bc122af3}\ not found.
Prefs.js: engine@conduit.com:3.3.5.1 removed from extensions.enabledItems
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\conduit.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll moved successfully.
File C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\opera.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware deleted successfully.
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Privacy\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ToolbarsRestrictions\ deleted successfully.
C:\Program Files\Common Files\Bitdefender\setupinformation\extern folder moved successfully.
C:\Program Files\Common Files\Bitdefender\setupinformation folder moved successfully.
C:\Program Files\Common Files\Bitdefender folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001UA.job moved successfully.
File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001UA.job not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001Core.job moved successfully.
Unable to delete ADS C:\Users\ck\Desktop\Gewerbeschein_C.Kuhn.jpeg:3or4kl4x13tuuug3Byamue2s4b .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: admin
->Temp folder emptied: 754821363 bytes
->Temporary Internet Files folder emptied: 838588 bytes
->FireFox cache emptied: 149993848 bytes
->Flash cache emptied: 470 bytes
 
User: All Users
 
User: ck
->Temp folder emptied: 852623697 bytes
->Temporary Internet Files folder emptied: 51992398 bytes
->Java cache emptied: 6798016 bytes
->FireFox cache emptied: 178068568 bytes
->Google Chrome cache emptied: 8048335 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1903 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Test
->Temp folder emptied: 57658475 bytes
->Temporary Internet Files folder emptied: 33300879 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 135892491 bytes
->Flash cache emptied: 2440 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47677284 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.172,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12232011_135001

Files\Folders moved on Reboot...
File\Folder C:\Users\ck\AppData\Local\Temp\2011-05-11-1140621187_04-RG.PDF  not found!
File\Folder C:\Users\ck\AppData\Local\Temp\2011-06-14-1150221449_04-RG.PDF  not found!
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File\Folder C:\Windows\temp\etilqs_WJgEIROSQYDWy8CSAlax not found!
File\Folder C:\Windows\temp\etilqs_YznoYQlgxBFfuSzYfZmG not found!

Registry entries deleted on Reboot...
         
Code:
ATTFilter
super anti spy
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 12/22/2011 bei 04:47 PM

Version der Applikation : 5.0.1142

Version der Kern-Datenbank : 8081
Version der Spur-Datenbank : 5893

Scan Art       : kompletter Scann
Totale Scann-Zeit : 00:00:11

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Gescannte Speicherelemente  : 0
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 0
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente     : 2
Erfasste Datei-Elemente   : 0
         
[code]gmer
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-23 17:44:59
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000072 ST350041 rev.CC44
Running: n8flsyow.exe; Driver: C:\Users\ck\AppData\Local\Temp\pxldqpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                                                                                       82C84369 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                              82CBDD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[1180] USER32.dll!SetWindowLongA                                                               779D8BA3 5 Bytes  JMP 60523A89 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[1180] USER32.dll!SetWindowLongW                                                               779E4449 5 Bytes  JMP 60523A1B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[1180] USER32.dll!GetWindowInfo                                                                779E4B5E 5 Bytes  JMP 602CC909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[1180] USER32.dll!TrackPopupMenu                                                               779F2228 5 Bytes  JMP 602CCEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[6020] ntdll.dll!LdrLoadDll                                                                             77B022B8 5 Bytes  JMP 6014B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [75B2FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [75B2FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [75B2FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [75B2FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]   [75B2FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]   [75B2FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                     [74792437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                                [74775600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                               [747756BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                      [747924B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                            [74788514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                              [74784CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                             [7478506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                            [74785144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                                                   [74786671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                             [7478826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                        [747887BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                      [7478901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                            [7478E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                                [74784BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000005b                                                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd21984c                                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd21984c@a8f274dc2a57                                                            0x80 0x76 0xBA 0xAC ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd21984c@109add27ada5                                                            0x78 0xB5 0x5A 0x66 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd21984c (not active ControlSet)                                                     
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd21984c@a8f274dc2a57                                                                0x80 0x76 0xBA 0xAC ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd21984c@109add27ada5                                                                0x78 0xB5 0x5A 0x66 ...

---- Files - GMER 1.0.15 ----

File            C:\Windows\Temp\TMP000009BF2EDB49BDC4BDBDBE                                                                                                         0 bytes

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Alt 24.12.2011, 07:33   #8
kira
/// Helfer-Team
 
Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe - Standard

Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe



10.,11., und 13., bitte noch
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe
andere, anderen, eingabeaufforderung, freigabe, freue, funktionier, funktioniert, gesperrt, kabel, meldung, netzwerk, online, problem, rechner, rechner gesperrt, spiele, spielen, starte, wärend



Ähnliche Themen: Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe


  1. Weiterleitung auf SMB-Freigabe petzt Passwort-Hash
    Nachrichten - 14.04.2015 (0)
  2. Port Freigabe/Portweiterleitung funktioniert nicht Thomson TWG870
    Netzwerk und Hardware - 09.12.2013 (1)
  3. GVU Trojaner? Weißer Bildschirm, Rechner startet nur abgesichrt mit Eingabeaufforderung
    Log-Analyse und Auswertung - 07.07.2013 (8)
  4. Rechner gesperrt - "Polizei - Ihr Computer wurde gesperrt"
    Log-Analyse und Auswertung - 12.02.2013 (5)
  5. Rechner gesperrt
    Log-Analyse und Auswertung - 22.09.2012 (26)
  6. Rechner gesperrt
    Plagegeister aller Art und deren Bekämpfung - 15.09.2012 (10)
  7. GVU Trojaner - Rechner gesperrt -
    Log-Analyse und Auswertung - 10.09.2012 (19)
  8. Sandboxie-Einstellungen --> Opera Profilverzeichnis-Freigabe + Drive-by-Downloads
    Antiviren-, Firewall- und andere Schutzprogramme - 02.08.2012 (2)
  9. desktop gesperrt, zahlung 100euro verlangt für freigabe (ähnlich bka-ukash)
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (13)
  10. rechner gesperrt
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (1)
  11. Windows blockiert - 100 € werden für die Freigabe verlangt!
    Log-Analyse und Auswertung - 06.05.2012 (3)
  12. Windows gesperrt. Freigabe nur gegen Bezahlung
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  13. Trojaner sperrt Windows XP und möchte Geld für Freigabe
    Log-Analyse und Auswertung - 22.01.2012 (10)
  14. Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe
    Plagegeister aller Art und deren Bekämpfung - 25.12.2011 (23)
  15. Windows Blockade, Freigabe gegen 50€
    Log-Analyse und Auswertung - 23.12.2011 (3)
  16. Windows blockiert und aufforderung zur Zahlung zur freigabe
    Plagegeister aller Art und deren Bekämpfung - 20.12.2011 (6)
  17. Freigabe als Admin
    Alles rund um Windows - 09.06.2005 (2)

Zum Thema Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe - Hallo, habe das gleiche Problem wie die anderen auch. Wenn ich den PC ohne Netzwerk Kabel starte funktioniert alles. Ich freue ich über eure Hilfe, die Meldung kam bei mir - Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe...
Archiv
Du betrachtest: Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.