Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.01.2012, 12:28   #1
Salekkk
 
Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen - Standard

Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen



hallo, habe wie einige andere auch das Problem das mein Windows blockiert und die einzige möglichkeit ist 50 Euro zu bezahlen...

habe mir nun auch einige Themen darüber durchgelesen und nun ist meine Frage aber wie ich etwas installieren oder starten kann obwohl ich nur den schwarzen Bildschirm auf dem Desktop habe Oo

ich kann auch auf keine Programme über den Taskmanager zugreifen oder sonst irgend ein anderes Programm öffnen!

hoffe ihr könnt mir helfen bin in Sachen PCs nicht so der hellste xD, danke im voraus

Gruss Dennis

Alt 04.01.2012, 13:19   #2
markusg
/// Malware-holic
 
Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen - Standard

Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen



hi,
pc neustarten, f8 drücken abgesicherter modus mit netzwerk wählen.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 04.01.2012, 19:13   #3
Salekkk
 
Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen - Standard

Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen



Hat nun etwas länger gedauert da ich arbeiten musste, habe nun das programm ausgeführt und folgende texte erhalten

OTL.Txt
OTL logfile created on: 04.01.2012 18:51:29 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dennis Kröger\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,25 Gb Available Physical Memory | 81,33% Memory free
8,00 Gb Paging File | 7,30 Gb Available in Paging File | 91,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918,22 Gb Total Space | 787,54 Gb Free Space | 85,77% Space Free | Partition Type: NTFS
Drive D: | 13,20 Gb Total Space | 2,77 Gb Free Space | 20,96% Space Free | Partition Type: NTFS

Computer Name: COMPAQ | User Name: Dennis Kröger | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dennis Kröger\Downloads\OTL.exe (OldTimer Tools)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (Symantec Corporation)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (SearchAnonymizer) -- C:\Users\Dennis Kröger\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (NovacomD) -- C:\Programme\Palm, Inc\novacom\amd64\novacomd.exe (Palm)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SprintRcAppSvc) -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe (SmithMicro Inc.)
SRV - (CASprint) -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe (SmithMicro Inc.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.sys (Smith Micro Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (MotDev) -- C:\Windows\SysNative\drivers\motodrv.sys (Motorola Inc)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\nmwcdx64.sys (Nokia)
DRV:64bit: - (SNP325) USB PC Camera (SNPSTD325) -- C:\Windows\SysNative\drivers\snp325.sys (Sonix Co. Ltd.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100128.025\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100128.025\ENG64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100125.001\IDSviA64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (swmsflt) -- C:\Windows\System32\drivers\swmsflt.sys ()
DRV - (tcpipBM) -- C:\Windows\SysWow64\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Program Files (x86)\softonic-Germany\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Program Files (x86)\softonic-Germany\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-Germany Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2449729&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.9
FF - prefs.js..extensions.enabledItems: {a51a36e6-31e7-4838-9ff7-76298b527ec0}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.9
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011.10.11 17:14:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.05 17:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.05 17:46:01 | 000,000,000 | ---D | M]

[2009.11.29 18:58:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Extensions
[2012.01.04 18:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions
[2009.12.20 11:36:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.05 17:45:51 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.12 14:44:27 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.02.20 19:22:52 | 000,000,000 | ---D | M] (softonic-Germany Community Toolbar) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\{a51a36e6-31e7-4838-9ff7-76298b527ec0}
[2011.03.22 16:33:15 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.08.12 14:44:27 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.04.03 14:16:40 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.12.14 19:32:17 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.02.20 19:22:51 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\engine@conduit.com
[2011.01.08 11:23:32 | 000,000,935 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\conduit.xml
[2011.12.29 20:12:58 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-1.xml
[2011.04.05 17:49:23 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-10.xml
[2010.02.20 00:13:04 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-2.xml
[2010.03.31 16:39:04 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-3.xml
[2010.04.05 17:46:16 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-4.xml
[2010.09.10 18:39:44 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-5.xml
[2010.09.23 13:09:10 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-6.xml
[2010.11.04 17:47:46 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-7.xml
[2010.12.29 21:43:14 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-8.xml
[2011.02.21 23:39:12 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-9.xml
[2011.04.05 17:45:51 | 000,000,168 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin.gif
[2011.04.05 17:45:51 | 000,000,618 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin.src
[2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin.xml
[2010.12.31 11:51:33 | 000,001,223 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\kikin-search.xml
[2009.12.14 19:32:15 | 000,003,915 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\sweetim.xml
[2009.11.29 21:55:53 | 000,002,486 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\{0C8A9D37-8AE6-4FCB-8C8A-83D999EDD1E1}.xml
[2009.11.29 21:55:53 | 000,001,058 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\{844DD9B9-DA23-43B7-952A-67E5353C2DA1}.xml
[2009.11.29 21:55:53 | 000,002,152 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\{A1A30ECE-7CFA-43A8-BFFB-C439CD5085B5}.xml
[2009.11.29 21:55:53 | 000,001,834 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\{C31FAF09-FAEE-4EB9-B8E3-9B47E6AE2735}.xml
[2009.11.29 21:55:53 | 000,024,003 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\{EF879F44-AD60-49D9-A8C5-A6BC91B51E51}.xml
[2009.11.29 21:55:53 | 000,002,041 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\{F41C7E40-ECCA-4B09-854A-B27A8DB4C9CC}.xml
[2012.01.04 18:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.11.29 19:04:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.01.20 00:33:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.10.11 17:14:37 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\{A51A36E6-31E7-4838-9FF7-76298B527EC0}
File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\{AA994882-F391-4D2E-806F-8908DA4814ED}
File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.11.04 17:47:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.11.04 17:47:25 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.11.04 17:47:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.11.04 17:47:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.11.04 17:47:25 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========


O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (softonic-Germany Toolbar) - {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Program Files (x86)\softonic-Germany\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-Germany Toolbar) - {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Program Files (x86)\softonic-Germany\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-Germany Toolbar) - {A51A36E6-31E7-4838-9FF7-76298B527EC0} - C:\Program Files (x86)\softonic-Germany\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Dennis Kröger\AppData\Roaming\OCS\SM\SearchAnonymizer.exe ()
O4:64bit: - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [RDVCHG] C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [flash.exe] C:\Users\Dennis Kröger\AppData\Roaming\Adobe\Flash Player\flash.exe ()
O4 - HKCU..\Run: [ICQ] "C:\Program Files (x86)\ICQ6.5\ICQ.exe" silent File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Dennis Kröger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Dennis Kröger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Dennis Kröger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dennis Kröger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Dennis Kröger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dennis Kröger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 217.237.151.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAFFBC51-3434-4A7D-9F89-F357D11D4D28}: DhcpNameServer = 192.168.1.1 217.237.151.97
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011.12.07 17:53:06 | 000,000,000 | ---D | C] -- C:\Users\Dennis Kröger\Documents\RCT3
[2011.12.07 17:53:06 | 000,000,000 | ---D | C] -- C:\Users\Dennis Kröger\AppData\Roaming\Atari
[2011.12.07 17:52:13 | 000,000,000 | ---D | C] -- C:\Users\Dennis Kröger\AppData\Roaming\Leadertech
[2011.12.07 17:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2011.12.07 17:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari
[2010.01.13 00:30:37 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp325.dll
[2010.01.13 00:30:37 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnp325.dll
[2010.01.13 00:30:37 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp325.dll

========== Files - Modified Within 30 Days ==========

[2012.01.04 18:39:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.04 18:39:56 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.04 18:18:14 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.04 18:15:56 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.04 17:41:47 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.04 17:41:47 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.04 17:41:47 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.04 17:41:47 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.04 17:41:47 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.04 17:36:40 | 000,000,000 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Local\{FBB7CEB3-7657-4256-8F8D-104CF045DB59}
[2012.01.03 21:26:35 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.03 21:26:35 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.31 10:37:47 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011.12.27 19:43:51 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDennis Kröger.job
[2011.12.16 13:23:25 | 000,331,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.07 17:52:59 | 000,043,520 | ---- | M] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.12.07 17:52:56 | 000,001,215 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk
[2011.12.07 17:49:56 | 000,001,221 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
[2011.12.06 22:04:32 | 530,117,192 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2012.01.04 17:36:40 | 000,000,000 | ---- | C] () -- C:\Users\Dennis Kröger\AppData\Local\{FBB7CEB3-7657-4256-8F8D-104CF045DB59}
[2011.12.26 16:03:58 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDennis Kröger.job
[2011.12.07 17:52:59 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.12.07 17:52:56 | 000,001,215 | ---- | C] () -- C:\Users\Dennis Kröger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk
[2011.12.07 17:49:56 | 000,001,221 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
[2010.08.25 21:10:50 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.25 21:10:34 | 002,373,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.08.25 21:10:34 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.04.28 15:06:20 | 000,000,276 | ---- | C] () -- C:\Users\Dennis Kröger\AppData\Roaming\wklnhst.dat
[2010.01.13 00:30:51 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2010.01.13 00:30:49 | 000,827,392 | ---- | C] () -- C:\Windows\vsnp325.exe
[2010.01.13 00:30:49 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2010.01.13 00:30:48 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2009.12.20 11:31:23 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.16 19:35:08 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009.10.01 01:40:06 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009.10.01 01:05:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.15 16:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.05.26 17:38:12 | 000,031,880 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys

========== LOP Check ==========

[2011.12.07 17:53:06 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\Atari
[2009.12.20 11:31:20 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\Bytemobile
[2009.11.29 21:55:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\Desktopicon
[2011.08.27 13:38:22 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\DVDVideoSoft
[2011.03.26 12:31:10 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.27 00:07:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\go
[2009.12.29 17:07:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\gtk-2.0
[2012.01.03 21:10:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\ICQ
[2010.04.29 14:41:49 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\InterTrust
[2010.02.16 17:26:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\kikin
[2011.12.07 17:52:13 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\Leadertech
[2012.01.03 21:20:44 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\LimeWire
[2010.11.13 17:08:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\LolClient
[2009.11.29 21:55:49 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\OCS
[2009.11.29 21:55:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\Opera
[2010.04.28 15:06:20 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\Template
[2011.07.08 11:45:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\TS3Client
[2011.06.03 13:49:23 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\ts3overlay
[2009.12.01 23:16:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\WildTangent
[2009.12.16 19:35:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\_MDLogs
[2011.12.31 10:37:47 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012.01.04 17:46:39 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2010.02.16 20:40:03 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.04.29 14:41:37 | 000,000,000 | ---D | M] -- C:\BlueByte
[2011.04.15 17:34:39 | 000,000,000 | ---D | M] -- C:\deee2266b086b94135e39490d14aa7
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.11.29 18:49:15 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.07.27 21:07:39 | 000,000,000 | ---D | M] -- C:\gPotato.eu
[2010.03.31 09:20:27 | 000,000,000 | -H-D | M] -- C:\hp
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2010.03.07 15:36:48 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.07 17:46:57 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.11.27 00:48:08 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.11.29 18:49:15 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.11.13 17:04:14 | 000,000,000 | ---D | M] -- C:\Riot Games
[2012.01.03 16:39:33 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.04.03 14:16:41 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.04 18:26:56 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007.05.17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IASTORV.SYS >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaSt orV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
__________________

Alt 04.01.2012, 19:16   #4
Salekkk
 
Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen - Standard

Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen



< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvsto r.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: USER32.DLL >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %USERPROFILE%\*.* >
[2010.11.14 12:03:10 | 000,000,887 | ---- | M] () -- C:\Users\Dennis Kröger\.recently-used.xbel
[2012.01.04 19:06:03 | 002,359,296 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT
[2012.01.04 19:06:03 | 000,262,144 | -HS- | M] () -- C:\Users\Dennis Kröger\ntuser.dat.LOG1
[2009.11.29 18:49:37 | 000,000,000 | -HS- | M] () -- C:\Users\Dennis Kröger\ntuser.dat.LOG2
[2009.11.30 01:04:15 | 000,065,536 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.11.30 01:04:15 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.11.30 01:04:15 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.04.29 02:16:55 | 000,065,536 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{31313c28-71a4-11e0-9257-002481cdfb3b}.TM.blf
[2011.04.29 02:16:55 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{31313c28-71a4-11e0-9257-002481cdfb3b}.TMContainer00000000000000000001.regtrans-ms
[2011.04.29 02:16:55 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{31313c28-71a4-11e0-9257-002481cdfb3b}.TMContainer00000000000000000002.regtrans-ms
[2011.05.13 02:01:21 | 000,065,536 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{315331d5-7ca8-11e0-aabf-002481cdfb3b}.TM.blf
[2011.05.13 02:01:21 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{315331d5-7ca8-11e0-aabf-002481cdfb3b}.TMContainer00000000000000000001.regtrans-ms
[2011.05.13 02:01:21 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{315331d5-7ca8-11e0-aabf-002481cdfb3b}.TMContainer00000000000000000002.regtrans-ms
[2011.05.31 22:02:38 | 000,065,536 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{40a7a3ae-87ab-11e0-b01c-002481cdfb3b}.TM.blf
[2011.05.31 22:02:37 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{40a7a3ae-87ab-11e0-b01c-002481cdfb3b}.TMContainer00000000000000000001.regtrans-ms
[2011.05.31 22:02:37 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{40a7a3ae-87ab-11e0-b01c-002481cdfb3b}.TMContainer00000000000000000002.regtrans-ms
[2010.11.29 07:13:55 | 000,065,536 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{4ba991bc-fa17-11df-97af-002481cdfb3b}.TM.blf
[2010.11.29 07:13:55 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{4ba991bc-fa17-11df-97af-002481cdfb3b}.TMContainer00000000000000000001.regtrans-ms
[2010.11.29 07:13:55 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{4ba991bc-fa17-11df-97af-002481cdfb3b}.TMContainer00000000000000000002.regtrans-ms
[2009.11.29 18:49:37 | 000,000,020 | -HS- | M] () -- C:\Users\Dennis Kröger\ntuser.ini

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >

Extras.TxtOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.01.2012 18:51:29 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Dennis Kröger\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,25 Gb Available Physical Memory | 81,33% Memory free
8,00 Gb Paging File | 7,30 Gb Available in Paging File | 91,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918,22 Gb Total Space | 787,54 Gb Free Space | 85,77% Space Free | Partition Type: NTFS
Drive D: | 13,20 Gb Total Space | 2,77 Gb Free Space | 20,96% Space Free | Partition Type: NTFS
 
Computer Name: COMPAQ | User Name: Dennis Kröger | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{3CC023A9-CE6C-44E5-BB0E-457F84F0B895}" = Sprint SmartView
"{5BFB956C-3AB9-492A-9E91-5D8C87DCC599}" = Paint.NET v3.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{E601CC5B-6D8F-11DE-4E95-3FE0187790C9}" = ccc-utility64
"{F4934901-B3C8-9918-F018-2D68F94B380E}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D" = Windows Driver Package - Palm (WinUSB) Palm Devices  (11/30/2008 1.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Hardwarediagnosetools
"SearchAnonymizer" = SearchAnonymizer
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0304767D-5AF0-A6EF-5774-6E0D7A42687A}" = CCC Help Polish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0BF4F0C7-8074-4D37-9650-DBB893670B9A}" = CCC Help English
"{0C747AF8-6910-ED23-4E6B-A198FC5A592B}" = CCC Help Thai
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BD84D49-F8D4-C48B-44C3-454B886B996F}" = CCC Help Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{230C2422-DEBC-3592-9543-70A3929FBACC}" = CCC Help Danish
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23
"{2B929487-3B32-7115-8CDB-B2209464B6A9}" = CCC Help Norwegian
"{2BEB102E-F9CD-4881-984B-E288F66FD394}" = Quake Live Mozilla Plugin
"{2C0FFAE3-B7B2-400F-9D71-B711DB0BEB98}_is1" = ICQ Self Remover 1.2
"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54625876-FFA9-CDD4-AE9F-F229CE6F1CFC}" = CCC Help Czech
"{5AD05333-600A-4CD8-88C6-BF22A3BE9767}_is1" = Multi-ICQ 1.2
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.0
"{5ED619AE-AF12-0038-32BA-A56C1C1684ED}" = Catalyst Control Center Graphics Full New
"{5EE3FC44-D3B4-DBEF-13C9-DDC0DC8DB5C0}" = CCC Help Greek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F669C27-AD76-5EF1-5DD0-B4F39DDABF82}" = CCC Help Russian
"{646BCF4C-9014-1D5B-194C-AE7E5234E173}" = Catalyst Control Center Graphics Full Existing
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6E5734E9-30D4-2912-A273-3EA6A8D38A4C}" = CCC Help Korean
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{73CFF804-031A-145F-B4B1-54DBADE4BF5A}" = Catalyst Control Center Core Implementation
"{7619C9D8-BC52-F5A0-B184-56F1BCA8FDCD}" = CCC Help German
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80D881D9-2241-FDB2-917B-754D27B1711A}" = CCC Help Portuguese
"{812E1043-3795-2164-8607-FBF53B045EC5}" = CCC Help Turkish
"{854FC493-0A42-A237-ADE7-59FDEEAD444D}" = CCC Help Dutch
"{88661107-C9FE-F236-5885-BD043F43C290}" = CCC Help Italian
"{8A06714C-F24B-4144-9BA2-788B5DD4F270}_is1" = ICQ Ignore Checker 1.3
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F35D245-64DC-6231-F394-F1C70B1879E2}" = CCC Help French
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{94BB375E-E8DC-555A-EC06-4BF1E1641E6F}" = Catalyst Control Center InstallProxy
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE27CE5-2442-EEA6-1D66-ED8D95E2EDF6}" = HydraVision
"{A3698519-6043-889E-F219-3434BBD87A44}" = CCC Help Japanese
"{A4AA1A93-DFB5-4726-9522-B054EF1A456A}" = Catalyst Control Center - Branding
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AE41A33E-C9B5-47FE-9586-9D47B43E73B5}" = CCC Help Chinese Standard
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B5F30211-27A0-C178-8D76-D838572EDEBD}" = ccc-core-static
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup aktivieren
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7855E6-B7C8-2E8E-9C10-EE996978A644}" = CCC Help Chinese Traditional
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DC792B88-128D-0DF8-B8E0-86369110C15F}" = Catalyst Control Center Graphics Light
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{E1A278B7-38E9-25B7-248A-2D233D9A5104}" = CCC Help Hungarian
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin (Murb.com Edition) 2.0
"{E6930026-9C0D-8D0E-B5A0-B434B6FB9940}" = CCC Help Finnish
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA0D9E39-87E0-A1AD-8059-17090989C403}" = Catalyst Control Center HydraVision Full
"{ED89ADF0-7BA1-5B34-CFA1-203BEFB298C0}" = Catalyst Control Center Localization All
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F55C356C-2B50-BC6F-3221-56E4A46E1A90}" = CCC Help Spanish
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = 325 USB PC Camera 
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires II Trial" = Microsoft Age of Empires II Trial Version
"Akamai" = Akamai NetSession Interface Service
"AOL Toolbar" = AOL Toolbar 5.0
"ASIO4ALL" = ASIO4ALL
"avast5" = avast! Free Antivirus
"CABAL Online_is1" = CABAL Online
"conduitEngine" = Conduit Engine
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dragonica(DE)" = Dragonica(DE)
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EasyBits Magic Desktop" = Magic Desktop
"eBay Icon" = eBay Icon
"FL Studio 9" = FL Studio 9
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 5.1.7
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Hardcore" = Hardcore
"HP Remote Solution" = HP Remote Solution
"ICQToolbar" = ICQ Toolbar
"ICQ-Tools_is1" = mehr ICQ Statussymbole
"IL Download Manager" = IL Download Manager
"Imperium Galactica 2" = Imperium Galactica 2
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LimeWire" = LimeWire 5.3.6
"LOCO" = LOCO EU
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"S4Uninst" = Die Siedler IV
"Sakura" = Sakura
"Sawer" = Sawer
"softonic-Germany Toolbar" = softonic-Germany Toolbar
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"WildTangent hp Master Uninstall" = HP Games
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Zoo Tycoon 1.0" = Zoo Tycoon-Erweiterungen
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Game Organizer" = GameXN GO
"Palm webOS(R) Doctor(tm) Build 141.122, webOS 1.3.1" = Palm webOS(R) Doctor(tm) Build 141.122, webOS 1.3.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.11.2011 13:05:08 | Computer Name = Compaq | Source = System Restore | ID = 8211
Description = 
 
Error - 11.11.2011 15:05:00 | Computer Name = Compaq | Source = BugSplat | ID = 1
Description = 
 
Error - 13.11.2011 10:06:41 | Computer Name = Compaq | Source = BugSplat | ID = 1
Description = 
 
Error - 13.11.2011 12:15:19 | Computer Name = Compaq | Source = BugSplat | ID = 1
Description = 
 
Error - 13.11.2011 16:09:36 | Computer Name = Compaq | Source = BugSplat | ID = 1
Description = 
 
Error - 14.11.2011 16:01:41 | Computer Name = Compaq | Source = Application Hang | ID = 1002
Description = Programm League of Legends.exe, Version 1.0.0.128 kann nicht mehr 
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: ec0    Startzeit: 01cca307fbaa034c    Endzeit: 2    Anwendungspfad: C:\Riot
 Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.89\deploy\League
 of Legends.exe    Berichts-ID: 75dd4e6d-0efb-11e1-96f3-002481cdfb3b  
 
Error - 22.11.2011 17:44:47 | Computer Name = Compaq | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: League of Legends.exe, Version: 1.0.0.129,
 Zeitstempel: 0x4ec47111  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x76e8efb2  ID des fehlerhaften
 Prozesses: 0x1184  Startzeit der fehlerhaften Anwendung: 0x01cca95f2bc0243c  Pfad der
 fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.94\deploy\League
 of Legends.exe  Pfad des fehlerhaften Moduls: unknown  Berichtskennung: 32226dac-1553-11e1-b379-002481cdfb3b
 
Error - 07.12.2011 13:20:43 | Computer Name = Compaq | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RCT3plus.exe, Version: 3.2.8.13, 
Zeitstempel: 0x00000000  Name des fehlerhaften Moduls: RCT3plus.exe, Version: 3.2.8.13,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000f1263  ID des fehlerhaften
 Prozesses: 0x1534  Startzeit der fehlerhaften Anwendung: 0x01ccb500aca1f380  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Berichtskennung:
 ca9a5748-20f7-11e1-a840-002481cdfb3b
 
Error - 09.12.2011 09:29:14 | Computer Name = Compaq | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.4095 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 17f0    Startzeit:
 01ccb67236d14c78    Endzeit: 31    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 c0b1b835-2269-11e1-baa5-002481cdfb3b  
 
Error - 10.12.2011 06:55:59 | Computer Name = Compaq | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.4095 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1064    Startzeit:
 01ccb6768c816654    Endzeit: 30    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 87a7b9bd-231d-11e1-baa5-002481cdfb3b  
 
[ Hewlett-Packard Events ]
Error - 21.02.2011 11:57:49 | Computer Name = Compaq | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

   bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
 RoutedEventArgs e)     bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
 target, RoutedEventArgs routedEventArgs)     bei System.Windows.EventRoute.InvokeHandlersImpl(Object
 source, RoutedEventArgs args, Boolean reRaised)     bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
 sender, RoutedEventArgs args)     bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
 e)     bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
 RoutedEvent routedEvent)     bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
 root)     bei MS.Internal.LoadedOrUnloadedOperation.DoWork()     bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

   bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()     bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
 resizedCompositionTarget)     bei System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
 resizedCompositionTarget)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 06.06.2011 11:13:09 | Computer Name = Compaq | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

   bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
 RoutedEventArgs e)     bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
 target, RoutedEventArgs routedEventArgs)     bei System.Windows.EventRoute.InvokeHandlersImpl(Object
 source, RoutedEventArgs args, Boolean reRaised)     bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
 sender, RoutedEventArgs args)     bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
 e)     bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
 RoutedEvent routedEvent)     bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
 root)     bei MS.Internal.LoadedOrUnloadedOperation.DoWork()     bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

   bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()     bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
 resizedCompositionTarget)     bei System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
 resizedCompositionTarget)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 19.09.2011 12:28:44 | Computer Name = Compaq | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

   bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
 RoutedEventArgs e)     bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
 target, RoutedEventArgs routedEventArgs)     bei System.Windows.EventRoute.InvokeHandlersImpl(Object
 source, RoutedEventArgs args, Boolean reRaised)     bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
 sender, RoutedEventArgs args)     bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
 e)     bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
 RoutedEvent routedEvent)     bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
 root)     bei MS.Internal.LoadedOrUnloadedOperation.DoWork()     bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

   bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()     bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
 resizedCompositionTarget)     bei System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
 resizedCompositionTarget)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
[ Media Center Events ]
Error - 28.10.2011 10:02:34 | Computer Name = Compaq | Source = MCUpdate | ID = 0
Description = 16:02:34 - Fehler beim Herstellen der Internetverbindung.  16:02:34 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.10.2011 10:02:41 | Computer Name = Compaq | Source = MCUpdate | ID = 0
Description = 16:02:39 - Fehler beim Herstellen der Internetverbindung.  16:02:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.10.2011 11:04:22 | Computer Name = Compaq | Source = MCUpdate | ID = 0
Description = 17:04:22 - Fehler beim Herstellen der Internetverbindung.  17:04:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.10.2011 11:04:28 | Computer Name = Compaq | Source = MCUpdate | ID = 0
Description = 17:04:27 - Fehler beim Herstellen der Internetverbindung.  17:04:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.10.2011 13:38:51 | Computer Name = Compaq | Source = MCUpdate | ID = 0
Description = 19:38:51 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 07.11.2011 13:00:17 | Computer Name = Compaq | Source = MCUpdate | ID = 0
Description = 18:00:17 - Fehler beim Herstellen der Internetverbindung.  18:00:17 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.11.2011 13:00:26 | Computer Name = Compaq | Source = MCUpdate | ID = 0
Description = 18:00:22 - Fehler beim Herstellen der Internetverbindung.  18:00:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.11.2011 14:00:33 | Computer Name = Compaq | Source = MCUpdate | ID = 0
Description = 19:00:33 - Fehler beim Herstellen der Internetverbindung.  19:00:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.11.2011 14:00:40 | Computer Name = Compaq | Source = MCUpdate | ID = 0
Description = 19:00:39 - Fehler beim Herstellen der Internetverbindung.  19:00:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.11.2011 13:44:17 | Computer Name = Compaq | Source = MCUpdate | ID = 0
Description = 18:44:17 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
[ System Events ]
Error - 04.01.2012 14:02:19 | Computer Name = Compaq | Source = nvstor64 | ID = 14548995
Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: WDC WD10EADS-65M2B0

Firmware-Version:
 01.0    Seriennummer:      WD-WCAV52053840    Anschluss: 0  
 
Error - 04.01.2012 14:02:22 | Computer Name = Compaq | Source = nvstor64 | ID = 14548995
Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: WDC WD10EADS-65M2B0

Firmware-Version:
 01.0    Seriennummer:      WD-WCAV52053840    Anschluss: 0  
 
Error - 04.01.2012 14:02:26 | Computer Name = Compaq | Source = nvstor64 | ID = 14548995
Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: WDC WD10EADS-65M2B0

Firmware-Version:
 01.0    Seriennummer:      WD-WCAV52053840    Anschluss: 0  
 
Error - 04.01.2012 14:02:29 | Computer Name = Compaq | Source = nvstor64 | ID = 14548995
Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: WDC WD10EADS-65M2B0

Firmware-Version:
 01.0    Seriennummer:      WD-WCAV52053840    Anschluss: 0  
 
Error - 04.01.2012 14:02:32 | Computer Name = Compaq | Source = nvstor64 | ID = 14548995
Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: WDC WD10EADS-65M2B0

Firmware-Version:
 01.0    Seriennummer:      WD-WCAV52053840    Anschluss: 0  
 
Error - 04.01.2012 14:02:35 | Computer Name = Compaq | Source = nvstor64 | ID = 14548995
Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: WDC WD10EADS-65M2B0

Firmware-Version:
 01.0    Seriennummer:      WD-WCAV52053840    Anschluss: 0  
 
Error - 04.01.2012 14:02:38 | Computer Name = Compaq | Source = nvstor64 | ID = 14548995
Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: WDC WD10EADS-65M2B0

Firmware-Version:
 01.0    Seriennummer:      WD-WCAV52053840    Anschluss: 0  
 
Error - 04.01.2012 14:03:36 | Computer Name = Compaq | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.01.2012 14:03:36 | Computer Name = Compaq | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.01.2012 14:03:36 | Computer Name = Compaq | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---



kann damit nun überhaupt nix anfangen

Alt 05.01.2012, 12:39   #5
markusg
/// Malware-holic
 
Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen - Standard

Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen



hi



dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [flash.exe] C:\Users\Dennis Kröger\AppData\Roaming\Adobe\Flash Player\flash.exe ()
 :Files
C:\Users\Dennis Kröger\AppData\Roaming\Adobe\Flash Player\flash.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.01.2012, 17:37   #6
Salekkk
 
Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen - Standard

Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen



also nu läuft mein pc wieder vielen dank dafür =)



All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\flash.exe deleted successfully.
C:\Users\Dennis Kröger\AppData\Roaming\Adobe\Flash Player\flash.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Dennis Kröger
->Flash cache emptied: 73035 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dennis Kröger
->Temp folder emptied: 3463625945 bytes
->Temporary Internet Files folder emptied: 213932664 bytes
->Java cache emptied: 285075844 bytes
->FireFox cache emptied: 155572150 bytes
->Google Chrome cache emptied: 6363821 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 123798341 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85163 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.052,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01052012_164451

Files\Folders moved on Reboot...
C:\Users\Dennis Kröger\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...



was kann ich denn nun machen damit sowas nicht wieder passiert?

LG Dennis

Alt 05.01.2012, 17:43   #7
markusg
/// Malware-holic
 
Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen - Standard

Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen



du bist doch noch nicht fertig, was ist mit dem rest der anleitung, dem upload?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.01.2012, 18:24   #8
Salekkk
 
Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen - Standard

Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen



hja sry....habs nun hochgeladen und nu? fertig oder kommt noch was?

Alt 05.01.2012, 18:37   #9
markusg
/// Malware-holic
 
Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen - Standard

Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.01.2012, 17:58   #10
Salekkk
 
Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen - Standard

Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-01-06.03 - Dennis Kröger 07.01.2012  17:44:27.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4095.3380 [GMT 1:00]
ausgeführt von:: c:\combofix\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dennis Kröger\AppData\Roaming\Microsoft\loadhst.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-07 bis 2012-01-07  ))))))))))))))))))))))))))))))
.
.
2012-01-07 16:52 . 2012-01-07 16:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-07 16:20 . 2012-01-07 16:20	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6040C823-D3FA-42EE-B98D-CE2E5BF03054}\offreg.dll
2012-01-06 13:54 . 2011-11-21 11:40	8822856	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6040C823-D3FA-42EE-B98D-CE2E5BF03054}\mpengine.dll
2012-01-05 15:44 . 2012-01-05 17:18	--------	d-----w-	C:\_OTL
2011-12-15 16:28 . 2011-10-15 06:25	723456	----a-w-	c:\windows\system32\EncDec.dll
2011-12-15 16:28 . 2011-10-15 05:48	534528	----a-w-	c:\windows\SysWow64\EncDec.dll
2011-12-15 16:28 . 2011-11-05 05:17	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-15 16:28 . 2011-11-05 04:30	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 17:35 . 2009-12-24 17:28	1248080	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-07 16:52 . 2011-12-07 16:52	43520	----a-w-	c:\windows\SysWow64\CmdLineExt03.dll
2011-11-07 19:02 . 2009-12-02 17:44	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-11-07 19:02 . 2010-05-19 17:16	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-11-07 19:01 . 2009-12-02 17:44	1092400	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-28 17:39 . 2010-04-08 16:50	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-10-28 17:39 . 2010-06-03 17:15	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-11 01:47 . 2011-10-11 01:47	561800	----a-w-	c:\windows\system32\drivers\NISx64\1008030.006\cchpx64.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files (x86)\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
"{a51a36e6-31e7-4838-9ff7-76298b527ec0}"= "c:\program files (x86)\softonic-Germany\tbsoft.dll" [2010-12-09 3911776]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{a51a36e6-31e7-4838-9ff7-76298b527ec0}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51	3911776	----a-w-	c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54	175912	----a-w-	c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a51a36e6-31e7-4838-9ff7-76298b527ec0}]
2010-12-09 11:51	3911776	----a-w-	c:\program files (x86)\softonic-Germany\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2011-02-26 03:04	930672	----a-w-	c:\program files (x86)\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-03-09 09:06	2355224	----a-w-	c:\program files (x86)\DVDVideoSoft\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15	1345336	----a-w-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files (x86)\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{a51a36e6-31e7-4838-9ff7-76298b527ec0}"= "c:\program files (x86)\softonic-Germany\tbsoft.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{a51a36e6-31e7-4838-9ff7-76298b527ec0}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-15 1668664]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-03 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-12 581480]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Sprint SmartView"="c:\program files (x86)\Sprint\Sprint SmartView\SprintSV.exe" [2009-05-26 75008]
"RDVCHG"="c:\program files (x86)\Sprint\Sprint SmartView\RDVCHG.exe" [2009-05-26 316672]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"tsnp325"="c:\windows\tsnp325.exe" [2006-10-10 270336]
.
c:\users\Dennis Kröger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2009-9-30 503808]
Product Registration.lnk - c:\users\Dennis Kröger\AppData\Local\Temp\is-UBH14.tmp\ATR1.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R1 aswSP;aswSP; [x]
R1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [x]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100125.001\IDSvia64.sys [2009-10-28 466992]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 gupdate1ca86eea9f30558;Google Update Service (gupdate1ca86eea9f30558);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-27 133104]
R2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-09-22 117648]
R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\amd64\novacomd.exe [2009-11-06 45568]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\Dennis Kröger\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2009-11-29 40960]
R3 CASprint;Sprint Con App Svc;c:\program files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2009-05-26 124160]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\gPotato.eu\FLYFF\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-27 133104]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1007020.00B\SYMNDISV.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-27 12:18]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-27 12:18]
.
2011-12-27 c:\windows\Tasks\HPCeeScheduleForDennis Kröger.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-10-01 12:38]
.
2011-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ocs_SM"="c:\users\Dennis Kröger\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2009-11-29 106496]
"snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-DE\local\search.html
IE: Free YouTube Download - c:\users\Dennis Kröger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Dennis Kröger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
LSP: bmnet.dll
TCP: DhcpNameServer = 192.168.1.1 217.237.151.97
FF - ProfilePath - c:\users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2449729&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: softonic-Germany Community Toolbar: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - %profile%\extensions\{a51a36e6-31e7-4838-9ff7-76298b527ec0}
FF - Ext: kikin plugin: {AA994882-F391-4d2e-806F-8908DA4814ED} - %profile%\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - %profile%\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ICQ - c:\program files (x86)\ICQ6.5\ICQ.exe
Wow6432Node-HKCU-Run-{84001046-AE10-11DE-8D5B-806E6F6E6963} - c:\users\Dennis Kröger\AppData\Roaming\Microsoft\loadhst.exe
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{A51A36E6-31E7-4838-9FF7-76298B527EC0} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-Imperium Galactica 2 - c:\windows\IsUn0407.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
AddRemove-Palm webOS(R) Doctor(tm) Build 141.122, webOS 1.3.1 - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-07  17:54:49
ComboFix-quarantined-files.txt  2012-01-07 16:54
.
Vor Suchlauf: 11 Verzeichnis(se), 850.851.192.832 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 850.480.951.296 Bytes frei
.
- - End Of File - - F8067623F81069075BA40A701F705C71
         
--- --- ---

Alt 07.01.2012, 18:18   #11
markusg
/// Malware-holic
 
Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen - Standard

Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen



hi, du sagst das problem ist noch mal aufgetreten, per pm, bitte das nächste mal hier ins forum schreiben, da wo es hingehört :-)
versuche combofix noch mal im abgesicherten modus.
wenn du in der zwischenzeit auf anderen seiten surfst, unterlasse es bitte mit diesem pc.
poste das neue cf log.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen
andere, anderes, bildschirm, blockiert, desktop, einzige, euro, frage, freischalten, installieren, keine programme, möglichkeit, pcs, problem, programme, sache, sachen, schwarze, starte, starten, taskmanager, theme, themen, windows, zugreifen, öffnen



Ähnliche Themen: Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen


  1. BKA Trojaner verschlüsselte Bilder lassen sich nicht wieder herstellen mit Tools
    Plagegeister aller Art und deren Bekämpfung - 06.06.2015 (1)
  2. Systweak Software gedownloadet, lies sich nach Neustart Deinstallieren - Würde es gerne kontrollieren lassen
    Plagegeister aller Art und deren Bekämpfung - 16.01.2014 (11)
  3. Hätte gerne eine Auswertung meiner HJT-logfiles und meiner OTL+Extras-logfiles
    Log-Analyse und Auswertung - 26.07.2012 (15)
  4. Windows blockiert, 100€ für Sicherheitspaket und freischalten, Deutschlandfahne
    Plagegeister aller Art und deren Bekämpfung - 30.04.2012 (7)
  5. Windows blockiert, 50€ zum freischalten
    Plagegeister aller Art und deren Bekämpfung - 22.04.2012 (11)
  6. Windows muss aus Sicherheitsgründen blockiert werden - bezahlen&freischalten
    Plagegeister aller Art und deren Bekämpfung - 08.03.2012 (43)
  7. Windows blockiert 50 Euro Betrug
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (1)
  8. Schwarzer Bildschirm, Windowssystem blockiert, 50 Euro um System wieder nutzen zu koennen
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (25)
  9. 50 Euro Windows blockiert Trojaner
    Log-Analyse und Auswertung - 22.01.2012 (1)
  10. Windossystem blockiert, 50 €uro zahlen zum freischalten...
    Log-Analyse und Auswertung - 12.01.2012 (6)
  11. Mal wieder: Windows blockiert aus Sicherheitsgründen - 50 Euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 20.12.2011 (8)
  12. Windows blockiert und Zahlungsaufforderung zum Freischalten
    Log-Analyse und Auswertung - 20.12.2011 (14)
  13. Windows7 blockiert 50€ zum Freischalten verlangt.
    Log-Analyse und Auswertung - 09.12.2011 (1)
  14. Einstellungen lassen sich nciht mehr ändern, div. webseiten lassen sich nicht öffnen
    Plagegeister aller Art und deren Bekämpfung - 23.02.2009 (82)
  15. Hätte gerne eine Auswertng zu meinem Logfile!
    Log-Analyse und Auswertung - 01.05.2007 (8)
  16. Bitte HijackThis-Logdatei checken (Rechner sauber? Hätte gerne zweite Meinung.)
    Log-Analyse und Auswertung - 09.11.2006 (3)
  17. Würde gerne meinen hijackthis Logfile von euch checken lassen. Vielen Dank
    Log-Analyse und Auswertung - 04.11.2004 (3)

Zum Thema Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen - hallo, habe wie einige andere auch das Problem das mein Windows blockiert und die einzige möglichkeit ist 50 Euro zu bezahlen... habe mir nun auch einige Themen darüber durchgelesen und - Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen...
Archiv
Du betrachtest: Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.