Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.01.2012, 14:07   #1
mariam.sh
 
Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt - Standard

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt



Hallo Leute!
Ich habe leider seit gestern abend einen hässlischen Virus. es kommt immer diese komische Fehlermeldung "" Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt """"
habe viele foren gesehen aber iregendwie habe ich es nicht genau verstanden was ich machen muss. OTL habe ich bereits auf mein Laptop installiert. das ergebiss schicke ich Ihnen auch. Malwarebytes habe ich auch und habe es 2 bis 3 mal voll laufen lassen aber das hat nicht geklappt. mehr weiss ich leider nicht. Ins internet komme ich mit abegesicherter Modus mit Netzwerk. Könnte mir vielleicht jemand helfen?..
danke!!! danke!!!!!



Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.19.01

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Vaio :: VAIO-VAIO [Administrator]

19.01.2012 13:41:04
mbam-log-2012-01-19 (13-41-04).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 619868
Laufzeit: 1 Stunde(n), 21 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
















OTL.txt


OTL logfile created on: 19.01.2012 13:49:55 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = G:\downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,84 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 50,64% Memory free
7,68 Gb Paging File | 5,92 Gb Available in Paging File | 77,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 161,87 Gb Total Space | 96,04 Gb Free Space | 59,34% Space Free | Partition Type: NTFS
Drive G: | 126,95 Gb Total Space | 112,43 Gb Free Space | 88,56% Space Free | Partition Type: NTFS

Computer Name: VAIO-VAIO | User Name: Vaio | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.19 10:57:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\downloads\OTL.exe
PRC - [2011.12.24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe


========== Modules (No Company Name) ==========

MOD - [2011.12.21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.12.13 16:57:50 | 000,071,680 | ---- | M] () -- C:\Users\Vaio\AppData\Roaming\Mozilla\Firefox\Profiles\e4dv3yhs.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko9\WINNT_x86-msvc\SSSLauncher.dll
MOD - [2011.11.04 12:45:43 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.03.15 06:13:46 | 004,254,560 | -H-- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.04.27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009.08.12 23:11:54 | 000,522,240 | -H-- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2009.07.31 21:02:00 | 000,382,976 | ---- | M] (Marvell) [Auto | Stopped] -- C:\Windows\SysNative\yk62x64.dll -- (yksvc)
SRV:64bit: - [2009.07.16 09:36:56 | 000,411,496 | -H-- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009.06.26 14:56:10 | 000,357,672 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009.06.26 14:35:04 | 000,468,264 | -H-- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009.06.17 18:50:30 | 000,110,888 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.09 17:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2011.04.26 10:21:06 | 000,014,848 | -H-- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010.12.05 16:48:38 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | -H-- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.07.31 21:09:12 | 000,436,736 | -H-- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009.07.27 16:58:40 | 000,091,432 | -H-- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009.07.27 16:58:38 | 000,427,304 | -H-- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009.07.27 16:58:38 | 000,075,048 | -H-- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009.07.27 16:58:38 | 000,070,952 | -H-- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009.07.27 16:58:36 | 000,120,104 | -H-- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009.07.24 05:34:31 | 000,189,984 | -H-- | M] (Realtek Semiconductor) [Auto | Stopped] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV - [2009.07.23 10:39:38 | 000,313,264 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009.07.23 10:39:38 | 000,069,632 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.07.23 10:39:36 | 000,206,336 | -H-- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.07.22 15:03:04 | 000,642,920 | -H-- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.07.01 17:54:02 | 000,864,032 | -H-- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.01 11:49:34 | 000,204,648 | -H-- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009.06.26 11:25:36 | 000,362,992 | -H-- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.06.26 11:25:24 | 000,313,840 | -H-- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 18:03:06 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.11.09 21:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.09.18 10:59:10 | 000,104,960 | -H-- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007.05.28 17:57:54 | 000,275,968 | -H-- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006.04.29 06:32:56 | 000,049,152 | -H-- | M] (Dassault Systemes) [Auto | Stopped] -- C:\Program Files (x86)\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.01.04 15:28:36 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011.12.19 13:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.12.09 12:40:20 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.09 12:40:19 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.09.09 17:00:05 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011.09.09 16:59:19 | 000,106,408 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2011.07.20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011.04.27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.04.26 10:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.02 09:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.07.07 18:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010.05.28 16:49:39 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.08.09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.08.04 21:09:34 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.08.03 21:13:00 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.08.03 21:12:59 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.08.03 21:12:59 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.08.03 21:12:31 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.08.03 21:04:18 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.31 21:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009.07.31 21:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009.07.31 21:09:12 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009.07.31 21:09:08 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009.07.31 21:09:08 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009.07.31 21:09:05 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009.07.31 21:09:05 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009.07.31 21:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.27 21:13:24 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.24 06:24:03 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.07.14 01:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2009.07.14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.11 21:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 21:04:10 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.28 21:03:08 | 000,025,120 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\shpf.sys -- (shpf)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008.01.02 12:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://find.localstrike.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://find.localstrike.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://find.localstrike.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://find.localstrike.net/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://find.localstrike.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?hl=de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0
FF - prefs.js..keyword.URL: "hxxp://utils.babylon.com/abt/index.php?url="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Vaio\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vaio\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vaio\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.24 00:39:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.19 10:53:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.24 00:39:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.19 10:53:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.24 00:39:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.19 10:53:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.24 00:39:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.19 10:53:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\Users\Vaio\AppData\Roaming\5008 [2010.11.16 01:50:13 | 000,000,000 | -H-D | M]

[2010.05.21 18:23:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Vaio\AppData\Roaming\mozilla\Extensions
[2011.12.17 11:28:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\e4dv3yhs.default\extensions
[2011.12.17 11:28:53 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\e4dv3yhs.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.12.12 22:25:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\e4dv3yhs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.16 21:44:44 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\e4dv3yhs.default\extensions\firefox@tvunetworks.com
[2011.04.09 23:10:43 | 000,000,000 | -H-D | M] (GamePlayLabs Plugin) -- C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\e4dv3yhs.default\extensions\plugin2@gameplaylabs.com
[2010.06.05 01:44:39 | 000,001,819 | -H-- | M] () -- C:\Users\Vaio\AppData\Roaming\Mozilla\Firefox\Profiles\e4dv3yhs.default\searchplugins\bing.xml
[2010.12.01 17:22:54 | 000,000,913 | -H-- | M] () -- C:\Users\Vaio\AppData\Roaming\Mozilla\Firefox\Profiles\e4dv3yhs.default\searchplugins\conduit.xml
[2012.01.19 07:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.19 07:27:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011.11.21 09:43:34 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007.09.23 23:41:20 | 000,404,992 | -H-- | M] (PLATINUM technology, inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npcosmop211.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.16 14:34:56 | 000,002,191 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.17 14:03:08 | 000,023,148 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\localstrike.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vaio\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Vaio\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vaio\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Vaio\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: Cosmo Player 2.1.1 from PLATINUM technology, inc. (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npcosmop211.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Vaio\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011.03.03 21:02:55 | 000,430,706 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14824 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Vaio\AppData\Roaming\Mozilla\Firefox\Profiles\e4dv3yhs.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.91.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
O4 - HKLM..\Run: [VMSwitch] C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Firefox helper] C:\Users\Vaio\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet File not found
O4:64bit: - HKLM..\RunOnce: [GrpConv] C:\Windows\SysNative\grpconv.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.99.1.5 10.99.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E160BB91-F817-42D8-AA98-A2C8A6C1A252}: DhcpNameServer = 10.99.1.5 10.99.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\GOOGLE\GOOGLE~1\GO36F4~1.DLL) -C:\PROGRA~2\GOOGLE\GOOGLE~1\GO36F4~1.DLL (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{55583895-8416-11df-b0fd-b01ede825cfa}\Shell - "" = AutoRun
O33 - MountPoints2\{55583895-8416-11df-b0fd-b01ede825cfa}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b9864d15-6a70-11df-b2e2-002643af25ab}\Shell - "" = AutoRun
O33 - MountPoints2\{b9864d15-6a70-11df-b2e2-002643af25ab}\Shell\AutoRun\command - "" = J:\Setup.bat
O33 - MountPoints2\{eaf38ca0-6986-11df-906e-002643af25ab}\Shell - "" = AutoRun
O33 - MountPoints2\{eaf38ca0-6986-11df-906e-002643af25ab}\Shell\AutoRun\command - "" = H:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.01.19 13:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.01.19 13:09:11 | 000,000,000 | ---D | C] -- C:\Users\Vaio\Documents\Simply Super Software
[2012.01.19 12:32:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.01.19 12:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.01.19 11:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.01.19 07:27:56 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.01.19 07:27:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.01.19 07:27:56 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.01.19 07:27:56 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.01.19 00:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.01.19 00:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012.01.19 00:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.19 00:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.18 21:18:47 | 000,000,000 | ---D | C] -- C:\Users\Vaio\Desktop\Behnevis_farsi-Dateien
[2012.01.16 19:06:53 | 000,000,000 | ---D | C] -- C:\Users\Vaio\Desktop\Fortran
[2012.01.16 18:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2012.01.16 18:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012.01.10 14:07:22 | 000,000,000 | ---D | C] -- C:\Users\Vaio\VirtualBox VMs
[2012.01.10 14:05:41 | 000,000,000 | ---D | C] -- C:\Users\Vaio\.VirtualBox
[2012.01.10 14:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012.01.10 14:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.01.04 15:28:36 | 000,016,640 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\gtkdrv.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Vaio\AppData\Roaming\*.tmp files -> C:\Users\Vaio\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.01.19 13:22:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.19 13:22:29 | 3094,634,496 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.19 12:58:48 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.01.19 12:32:26 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.01.19 12:32:03 | 000,749,960 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.19 12:32:03 | 000,704,342 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.19 12:32:03 | 000,168,334 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.19 12:32:03 | 000,141,048 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.19 12:20:00 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.19 12:20:00 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.19 12:17:25 | 001,754,730 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.19 12:10:08 | 000,001,102 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.19 05:59:09 | 000,017,192 | ---- | M] () -- C:\Users\Vaio\Desktop\cc_20120119_055901.reg
[2012.01.19 00:54:07 | 000,001,106 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.19 00:45:27 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.18 23:06:00 | 000,001,116 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-919360019-1797649444-2993766005-1000UA.job
[2012.01.18 21:06:00 | 000,001,064 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-919360019-1797649444-2993766005-1000Core.job
[2012.01.18 11:54:59 | 000,058,926 | ---- | M] () -- C:\Users\Vaio\Desktop\VANALYS.pdf
[2012.01.16 18:05:33 | 002,442,752 | ---- | M] () -- C:\Users\Vaio\Desktop\anyconnect-win-2.5.0217-pre-deploy-k9.msi
[2012.01.13 15:14:09 | 000,213,239 | ---- | M] () -- C:\Users\Vaio\Desktop\kp.pdf
[2012.01.13 14:59:22 | 000,155,159 | ---- | M] () -- C:\Users\Vaio\Desktop\2011F-Fragen.pdf
[2012.01.11 23:44:15 | 000,101,784 | ---- | M] () -- C:\Users\Vaio\Desktop\mir hossein mousavi-lahijan.jpg
[2012.01.10 14:04:14 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2012.01.08 22:50:32 | 001,798,719 | ---- | M] () -- C:\Users\Vaio\Desktop\IMG_20111221_174756.jpg
[2012.01.07 16:07:04 | 000,002,393 | ---- | M] () -- C:\Users\Vaio\Desktop\Google Chrome.lnk
[2012.01.04 15:28:36 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\gtkdrv.sys
[2011.12.24 00:39:12 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.23 18:45:58 | 000,085,201 | ---- | M] () -- C:\Users\Vaio\Desktop\Loesung_Uebung02.pdf
[2011.12.21 12:28:33 | 000,850,595 | ---- | M] () -- C:\Users\Vaio\Desktop\IAG Auswertung.pdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Vaio\AppData\Roaming\*.tmp files -> C:\Users\Vaio\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.19 12:31:56 | 000,001,934 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.01.19 11:38:05 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.01.19 05:59:07 | 000,017,192 | ---- | C] () -- C:\Users\Vaio\Desktop\cc_20120119_055901.reg
[2012.01.19 00:57:15 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.01.19 00:45:27 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.18 11:54:59 | 000,058,926 | ---- | C] () -- C:\Users\Vaio\Desktop\VANALYS.pdf
[2012.01.16 18:05:35 | 002,442,752 | ---- | C] () -- C:\Users\Vaio\Desktop\anyconnect-win-2.5.0217-pre-deploy-k9.msi
[2012.01.13 15:14:09 | 000,213,239 | ---- | C] () -- C:\Users\Vaio\Desktop\kp.pdf
[2012.01.13 14:59:22 | 000,155,159 | ---- | C] () -- C:\Users\Vaio\Desktop\2011F-Fragen.pdf
[2012.01.11 23:44:15 | 000,101,784 | ---- | C] () -- C:\Users\Vaio\Desktop\mir hossein mousavi-lahijan.jpg
[2012.01.10 14:04:14 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2012.01.02 21:31:46 | 001,798,719 | ---- | C] () -- C:\Users\Vaio\Desktop\IMG_20111221_174756.jpg
[2011.12.23 18:49:25 | 001,209,791 | ---- | C] () -- C:\Users\Vaio\Desktop\Aufgaben.pdf
[2011.12.23 18:46:01 | 000,085,201 | ---- | C] () -- C:\Users\Vaio\Desktop\Loesung_Uebung02.pdf
[2011.12.21 12:28:33 | 000,850,595 | ---- | C] () -- C:\Users\Vaio\Desktop\IAG Auswertung.pdf
[2011.03.19 13:27:21 | 000,007,602 | -H-- | C] () -- C:\Users\Vaio\AppData\Local\Resmon.ResmonCfg
[2011.03.01 17:07:14 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.01.11 23:36:57 | 000,000,040 | -H-- | C] () -- C:\Windows\ND5.ini
[2011.01.08 04:24:05 | 000,000,256 | -H-- | C] () -- C:\Windows\SysWow64\pool.bin
[2010.12.27 18:15:10 | 001,526,948 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.01 20:26:19 | 000,002,560 | -H-- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.11.16 17:10:02 | 000,000,034 | -H-- | C] () -- C:\Users\Vaio\AppData\Roaming\urhtps.dat
[2010.07.20 20:31:18 | 000,000,179 | -H-- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.07.20 20:31:15 | 000,103,424 | -H-- | C] () -- C:\Windows\SysWow64\ShowroomFramework_nat.dll
[2010.07.20 20:31:15 | 000,103,424 | -H-- | C] () -- C:\Windows\SysWow64\ShowroomControls_nat.dll
[2010.06.04 21:20:13 | 000,019,456 | -H-- | C] () -- C:\Users\Vaio\AppData\Local\WebpageIcons.db
[2010.05.23 02:34:31 | 000,000,000 | -H-- | C] () -- C:\Users\Vaio\AppData\Roaming\wklnhst.dat
[2010.02.23 09:18:30 | 000,000,000 | -H-- | C] () -- C:\Windows\VAIOUpdt.INI
[2010.02.23 09:04:10 | 000,002,835 | -H-- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
[2009.08.17 21:19:56 | 000,982,220 | -H-- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.08.17 21:19:53 | 000,134,592 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.08.17 21:19:53 | 000,092,216 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.08.17 21:19:50 | 000,439,300 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.08.17 11:30:53 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.09.23 23:41:20 | 000,285,184 | -H-- | C] () -- C:\Windows\SysWow64\cp211_graphicslarge16.dll
[2007.09.23 23:41:20 | 000,026,624 | -H-- | C] () -- C:\Windows\SysWow64\cp211_basic.dll

========== LOP Check ==========

[2010.05.23 14:54:36 | 000,000,000 | -HSD | M] -- C:\Users\Vaio\AppData\Roaming\.#
[2010.11.16 01:50:13 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\5008
[2010.08.24 10:38:00 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Afuxus
[2010.09.06 16:27:46 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Aharo
[2011.03.21 15:05:27 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Avequ
[2010.08.24 10:37:54 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Buatlu
[2010.11.16 01:49:35 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\cock
[2010.05.27 00:18:33 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\DassaultSystemes
[2010.05.24 20:46:11 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Diniz
[2012.01.19 12:07:33 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Dropbox
[2012.01.18 19:45:53 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\EasyVoip
[2010.09.06 16:27:46 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Eweke
[2010.06.20 14:48:59 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Facebook
[2010.08.24 12:59:37 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Fieft
[2011.07.05 16:19:37 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\FireShot
[2010.08.14 01:59:44 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Guybe
[2010.06.22 00:13:53 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Imarre
[2010.08.24 11:06:58 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Irceiz
[2011.10.13 00:25:05 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\JonDo
[2010.09.16 09:37:06 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\JustVoip
[2010.09.06 16:27:46 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Luvuyn
[2010.05.23 11:15:37 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Mathsoft
[2010.08.23 16:08:23 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Olonz
[2011.10.02 18:38:14 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\ooVoo Details
[2010.06.07 20:06:39 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\OpenOffice.org
[2011.03.04 01:06:02 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Opera
[2011.03.03 20:44:51 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Qyheo
[2010.05.14 09:19:31 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Saig
[2010.05.23 02:34:32 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Template
[2010.12.03 17:09:30 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\UAs
[2011.05.26 10:49:00 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\UDC Profiles
[2011.01.19 13:26:56 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Ugyv
[2010.12.27 18:38:00 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Unigraphics Solutions
[2010.06.17 00:34:42 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Usxap
[2011.03.18 20:41:18 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Wecyc
[2011.01.04 01:01:00 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\xmldm
[2010.08.24 11:06:47 | 000,000,000 | -H-D | M] -- C:\Users\Vaio\AppData\Roaming\Ylef
[2011.10.25 12:21:39 | 000,032,632 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========




< End of report >

Alt 19.01.2012, 14:29   #2
mariam.sh
 
Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt - Standard

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt



Hier auch 2 Logfiles OTL.TXT und EXTRAS.TXT
Use SafeList
Minimal Output:
Angehängte Dateien
Dateityp: txt OTL2.Txt (97,2 KB, 176x aufgerufen)
__________________


Geändert von mariam.sh (19.01.2012 um 14:42 Uhr)

Alt 19.01.2012, 14:32   #3
mariam.sh
 
Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt - Standard

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt



kann noch jemand mir helfen?
__________________

Geändert von mariam.sh (19.01.2012 um 14:39 Uhr)

Antwort

Themen zu Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt
achtung!, adobe, antivir, autorun, avira, babylon, bho, dateisystem, desktop, document, error, excel, explorer, fehlermeldung, firefox, format, gesperrt, google earth, heuristiks/extra, heuristiks/shuriken, home, internet, intranet, kaspersky, logfile, mbamservice.exe, microsoft security, mozilla, realtek, registry, scan, search the web, security, server, software, super, usb, webcheck, windowssystem gesperrt, wurde ihr



Ähnliche Themen: Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt


  1. Screen gesperrt - Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 31.03.2012 (9)
  2. achtung! ihr windowssystem wurde aus sicherheitsgründen gesperrt - trojaner
    Log-Analyse und Auswertung - 30.03.2012 (3)
  3. Achtung Ihr Windowssystem wurde aus Sicherheitsgründen blockiert
    Log-Analyse und Auswertung - 23.02.2012 (25)
  4. "Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt."
    Log-Analyse und Auswertung - 09.02.2012 (2)
  5. Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt!
    Log-Analyse und Auswertung - 09.02.2012 (25)
  6. Achtung! Aus Sicherheitsgründen würde ihr Windowssystem gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (3)
  7. Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"
    Log-Analyse und Auswertung - 24.01.2012 (40)
  8. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"-Meldung blockiert Benutzerkonto
    Log-Analyse und Auswertung - 16.01.2012 (9)
  9. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt!"
    Log-Analyse und Auswertung - 05.01.2012 (22)
  10. ACHTUNG! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (10)
  11. Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt
    Log-Analyse und Auswertung - 29.12.2011 (5)
  12. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt!"
    Log-Analyse und Auswertung - 28.12.2011 (11)
  13. Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 28.12.2011 (10)
  14. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt!" OTL-Analyse
    Log-Analyse und Auswertung - 28.12.2011 (1)
  15. Metzes Problem: Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt
    Log-Analyse und Auswertung - 25.12.2011 (12)
  16. Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.
    Plagegeister aller Art und deren Bekämpfung - 22.12.2011 (34)
  17. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"-Meldung blockiert Benutzerkonto
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (9)

Zum Thema Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt - Hallo Leute! Ich habe leider seit gestern abend einen hässlischen Virus. es kommt immer diese komische Fehlermeldung "" Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt """" habe viele foren gesehen - Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt...
Archiv
Du betrachtest: Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.