Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows gesperrt ..aufforderung 50 € bezahlen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.02.2012, 11:00   #1
TrueTaru
 
Windows gesperrt ..aufforderung 50 € bezahlen - Standard

Windows gesperrt ..aufforderung 50 € bezahlen



Hallo ,
Als ich heut mein gestartet habe Laptop kam ein Fenster mit Deutschland Fahne oben und einer aufforderung 50 € zubezahlen um Windows zu entsperren . Ich bitte um schnelle und eine "Dummi-Sichere" Hilfe da ich in sowas relativ ungeschult bin . Danke im voraus .
MfG

Alt 08.02.2012, 11:02   #2
markusg
/// Malware-holic
 
Windows gesperrt ..aufforderung 50 € bezahlen - Standard

Windows gesperrt ..aufforderung 50 € bezahlen



hi,
neustarten, f8 drücken, abgesicherter modus mit netzwerk wählen.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 08.02.2012, 11:39   #3
TrueTaru
 
Windows gesperrt ..aufforderung 50 € bezahlen - Standard

Windows gesperrt ..aufforderung 50 € bezahlen



OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.02.2012 12:03:32 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Standard\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 86,21% Memory free
5,99 Gb Paging File | 5,62 Gb Available in Paging File | 93,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 178,97 Gb Free Space | 38,43% Space Free | Partition Type: NTFS
Drive D: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PBEASYNOTETJ65 | User Name: Standard | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1BC7D0BA-B16E-43E5-BBC9-5F2AD3E2F70D}_is1" = MoonMt2 (2011) PvP Funserver Version 1.5.2
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{454784CB-457E-4f43-8C7F-32A751BD1FA3}" = Dealio Toolbar v4.9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}" = ICQ Sparberater
"{5C2B3F57-A149-4BFC-92DB-5AF59A707750}" = MorphVOX Pro
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B28C48B-0769-40B1-9731-6914DE54D8AE}" = Crysis 2
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8426BA89-CB8C-4D6C-AF14-3BFDE6C8F425}" = XSplit
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Deutsch
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1" = Artweaver 1.0
"{A1194237-547A-461d-BD44-B97B1574A7DA}" = SweetIM Toolbar for Internet Explorer 4.1
"{A1DB7CFC-1B10-4C49-8ECB-0D8A3A45D3CA}" = LogMeIn Hamachi
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B41EFE93-0329-4547-8C6C-B13A9A76F917}" = ÓÀÔ¶µÄ»ÙÃ𹫾ô
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{BAF9C020-BE4C-4136-8095-697158179464}_is1" = Sirius MT2 Version 9.2
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5872D3F-EEAD-4D77-9C8C-2CBD61152E53}_is1" = FinalMT2 Client 1.0
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}" = MorphVOX Junior
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD66AF34-C18A-4cea-8421-2F3B39E9B07E}" = YouTube Downloader Toolbar v4.9
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AirRivals_is1" = AirRivals
"Alive Video Converter_is1" = Alive Video Converter (version 3.2.0.8)
"Any Video Converter_is1" = Any Video Converter 3.2.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Audiosurf_is1" = Audiosurf Beta
"CABAL Online Europe DE_is1" = CABAL Online Europe DE
"Cheat Engine 5.3_is1" = Cheat Engine 5.3
"DAEMON Tools Lite" = DAEMON Tools Lite
"EW : Cossacks" = Cossacks - European Wars
"ffdshow" = ffdshow
"FinalMediaPlayer_is1" = Final Media Player 2011
"Fraps" = Fraps (remove only)
"Free Video Converter_is1" = Free Video Converter V 2.92
"Free YouTube Download_is1" = Free YouTube Download version 3.0.815
"Freemake Video Converter_is1" = Freemake Video Converter Version 2.1.1
"Google Chrome" = Google Chrome
"Graffiti Studio 2.0_is1" = Graffiti Studio 2.0
"HyperCam 2" = HyperCam 2
"Hyperionics DB Toolbar" = Hyperionics DB Toolbar
"ICQToolbar" = ICQ Toolbar
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LogMeIn Hamachi" = LogMeIn Hamachi
"McAfee Security Scan" = McAfee Security Scan Plus
"Metin2_is1" = Metin2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"Opera 11.52.1100" = Opera 11.52
"Origin" = Origin
"PriceGong" = PriceGong 2.1.0
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trusted Software Assistant_is1" = File Type Assistant
"Valkyrie Mt2" = Valkyrie Mt2 1.0
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free (Standard)
"Game Organizer" = EasyBits GO
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.08.2011 05:07:33 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0062-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: HTTP-Status 404: Die angeforderte URL ist auf diesem Server
 nicht vorhanden.  
 
Error - 20.08.2011 07:55:32 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml
 HResult: 0x1. OException caught while loading the descriptor xml
 
Error - 20.08.2011 07:55:32 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml
 Type: 45::InvalidMetadataFile. 
 
Error - 20.08.2011 15:00:26 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml
 HResult: 0x1. OException caught while loading the descriptor xml
 
Error - 20.08.2011 15:00:26 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml
 Type: 45::InvalidMetadataFile. 
 
Error - 21.08.2011 07:08:14 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml
 HResult: 0x1. OException caught while loading the descriptor xml
 
Error - 21.08.2011 07:08:14 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml
 Type: 45::InvalidMetadataFile. 
 
Error - 21.08.2011 09:42:47 | Computer Name = PBEasynoteTJ65 | Source = VSS | ID = 8194
Description = 
 
Error - 21.08.2011 14:14:40 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml
 HResult: 0x1. OException caught while loading the descriptor xml
 
Error - 21.08.2011 14:14:40 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml
 Type: 45::InvalidMetadataFile. 
 
[ System Events ]
Error - 08.02.2012 06:49:19 | Computer Name = PBEasynoteTJ65 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.02.2012 06:49:19 | Computer Name = PBEasynoteTJ65 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.02.2012 06:49:19 | Computer Name = PBEasynoteTJ65 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.02.2012 06:49:21 | Computer Name = PBEasynoteTJ65 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.02.2012 06:49:21 | Computer Name = PBEasynoteTJ65 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.02.2012 06:49:21 | Computer Name = PBEasynoteTJ65 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.02.2012 06:49:23 | Computer Name = PBEasynoteTJ65 | Source = DCOM | ID = 10005
Description = 
 
Error - 08.02.2012 06:49:24 | Computer Name = PBEasynoteTJ65 | Source = DCOM | ID = 10005
Description = 
 
Error - 08.02.2012 06:49:25 | Computer Name = PBEasynoteTJ65 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.02.2012 06:49:46 | Computer Name = PBEasynoteTJ65 | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.02.2012 12:03:32 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Standard\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 86,21% Memory free
5,99 Gb Paging File | 5,62 Gb Available in Paging File | 93,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 178,97 Gb Free Space | 38,43% Space Free | Partition Type: NTFS
Drive D: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PBEASYNOTETJ65 | User Name: Standard | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.08 11:33:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
PRC - [2012.02.02 13:22:40 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.02 13:22:40 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.12.13 17:35:24 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.10.28 14:36:53 | 001,506,824 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2011.10.28 14:36:11 | 000,457,536 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011.10.28 02:40:14 | 001,554,184 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2011.08.10 13:20:28 | 001,613,424 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2011.05.15 20:25:00 | 004,264,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011.03.04 19:56:12 | 000,381,448 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.09.14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.09.02 21:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.11.09 08:35:17 | 000,041,336 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2011.11.09 08:34:27 | 000,079,992 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2011.11.09 08:34:27 | 000,040,440 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2011.11.09 08:34:14 | 000,054,648 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2011.09.07 17:28:42 | 000,030,256 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2011.09.07 12:26:17 | 000,049,016 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2011.09.07 10:54:03 | 000,029,400 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GdNetMon32.sys -- (GdNetMon)
DRV - [2011.08.17 15:56:03 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.08.17 15:56:02 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.07.17 19:17:50 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.12.02 09:36:42 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.09.14 04:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010.09.14 04:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010.09.14 04:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010.09.14 04:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009.12.01 15:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009.06.22 14:50:00 | 009,753,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.05.01 06:43:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2005.01.04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{C81F2EA2-1039-428C-886A-5B6882B2FE03}
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 E8 C4 3F 18 BE CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.9\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Programme\Hyperionics DB Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.bigseekpro.com/hypercam/{C81F2EA2-1039-428C-886A-5B6882B2FE03}"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Yahoo"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Standard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011.03.27 16:14:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.23 05:51:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.23 05:51:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2011.03.09 16:11:05 | 000,000,000 | ---D | M]
 
[2011.01.27 18:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\Mozilla\Extensions
[2012.02.04 08:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions
[2012.02.04 08:49:01 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.09.18 16:35:01 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012.01.26 15:27:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.09.18 19:03:58 | 000,000,000 | ---D | M] (Hyperionics DB Toolbar) -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2012.01.05 06:42:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.28 14:04:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.22 15:42:15 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.10.21 19:39:37 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\battlefieldplay4free@ea.com
[2011.09.23 06:08:11 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\toolbar@ask.com
[2011.03.29 12:36:23 | 000,000,570 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\bing.xml
[2011.09.14 23:34:22 | 000,000,917 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\conduit.xml
[2012.01.25 16:40:58 | 000,000,950 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\icqplugin-1.xml
[2011.08.22 15:42:26 | 000,000,950 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\icqplugin-2.xml
[2011.11.09 11:39:45 | 000,000,950 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\icqplugin-3.xml
[2011.11.30 07:18:18 | 000,000,950 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\icqplugin-4.xml
[2011.12.21 08:13:43 | 000,000,950 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\icqplugin-5.xml
[2012.01.05 15:07:39 | 000,000,950 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\icqplugin-6.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\icqplugin.xml
[2011.09.18 19:32:11 | 000,002,374 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\search.xml
[2011.08.22 15:41:37 | 000,003,915 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\SweetIM Search.xml
[2011.08.22 15:42:08 | 000,003,915 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\sweetim.xml
[2011.12.24 20:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.19 09:18:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.09.07 10:54:08 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2011.09.07 10:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2011.02.04 19:16:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.12.25 09:25:44 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011.12.22 12:18:32 | 000,000,000 | ---D | M] (Dealio Toolbar) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF
[2011.03.27 16:14:59 | 000,000,000 | ---D | M] (FreemakeConverter) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2011.10.19 09:18:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.09.07 10:54:08 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{906305F7-AAFC-45E9-8BBD-941950A84DAD}
[2011.02.04 19:16:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.09 16:11:05 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
[2011.12.25 09:25:45 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF
[2011.05.23 05:51:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.04 19:16:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.23 05:51:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.23 05:51:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.23 05:51:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.23 05:51:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.23 05:51:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.23 05:51:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Standard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Skype Click to Call = C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: ICQ Sparberater = C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.671_0\
CHR - Extension: Google Mail = C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.9\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (ICQ Sparberater) - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\Hyperionics DB Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.9\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Hyperionics DB Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.91.dll File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Hyperionics DB Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Programme\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ffdwnd] C:\Users\Standard\AppData\Local\Mozilla\Firefox\firefox.exe ()
O4 - HKCU..\Run: [NCsoft Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Standard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4163D7FB-B051-473F-A6E4-B57963244180}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0C31ED9-BE41-494C-8A12-AA6C11228167}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\g data\internetsecurity\avkkid\avkcks.exe) -c:\Programme\G Data\InternetSecurity\AVKKid\AvkCKS.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.11.06 23:20:46 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2006.11.06 22:59:47 | 000,569,344 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2006.11.06 23:18:16 | 000,000,180 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2006.10.29 03:39:19 | 000,880,640 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{3f547d56-b051-11e0-bbd7-001f16c11090}\Shell - "" = AutoRun
O33 - MountPoints2\{3f547d56-b051-11e0-bbd7-001f16c11090}\Shell\AutoRun\command - "" = E:\INSTALL.EXE
O33 - MountPoints2\{d6bd4437-2a02-11e0-914a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d6bd4437-2a02-11e0-914a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2006.11.06 22:59:47 | 000,569,344 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.08 11:33:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
[2012.02.08 11:19:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.02.08 10:47:01 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.02.08 10:18:44 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{29265440-AAFC-4A03-ACDB-9E804DB472F4}
[2012.02.08 10:18:18 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{561C7267-F833-4846-8FD2-2575887A6658}
[2012.02.07 09:45:11 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{862DD7C1-5676-4E58-BFE7-7185CF6B3044}
[2012.02.07 09:44:57 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{F3679029-1133-4AAD-B868-0FA7F407F20D}
[2012.02.07 09:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.02.07 09:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012.02.06 11:13:09 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{A1369566-A7D2-4084-879E-12D653CEDA77}
[2012.02.05 14:17:17 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\Injashi2
[2012.02.05 11:11:14 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\Testserver
[2012.02.05 10:03:37 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{6E076C07-C1E1-4973-8B7B-BCF85517848F}
[2012.02.05 10:03:17 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{92413046-E77C-4A37-B691-E8026ED40865}
[2012.02.04 17:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2012.02.04 16:35:17 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Screaming Bee
[2012.02.04 16:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2012.02.04 16:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\Screaming Bee
[2012.02.04 08:49:05 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{AEAABBC7-5EB2-4A05-996E-2505B3AC2078}
[2012.02.03 13:50:21 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\Client
[2012.02.03 09:17:40 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{DD4CF3B8-80A1-4E56-AC34-A4F08583F3E6}
[2012.02.03 08:46:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012.02.03 08:44:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.02.03 08:40:46 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{6C8B34C8-1566-4223-BA29-6B0ACC622652}
[2012.02.02 17:32:45 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2012.02.02 17:13:04 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{70896114-84FF-4586-9CF5-D065A7C3B053}
[2012.02.02 14:16:07 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{88D14BD3-F17D-45D1-875C-3078A064C088}
[2012.02.01 17:23:42 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{23037B75-B2B1-405B-9352-43F9F10A29EA}
[2012.01.31 16:01:32 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{7C4D0917-68F5-4B34-B286-2B9D0D84CBC0}
[2012.01.30 17:52:00 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cossacks - European Wars
[2012.01.30 17:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cossacks - European Wars
[2012.01.30 17:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Cossacks
[2012.01.30 16:32:12 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Petroglyph
[2012.01.30 16:31:14 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2012.01.30 16:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts
[2012.01.30 16:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
[2012.01.30 14:17:07 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{CC09A5F6-1F24-49DC-87E9-B2DC5E93A32E}
[2012.01.29 17:00:42 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{64FADF5D-BD2A-4987-87DF-7B360E2BAC3D}
[2012.01.28 15:04:17 | 004,264,632 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des
[2012.01.28 15:03:49 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[2012.01.28 15:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2012.01.28 15:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CABAL Online (Europe)
[2012.01.28 14:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Games-Masters.com
[2012.01.27 20:59:23 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Skyrim
[2012.01.27 20:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\The Elder Scrolls V Skyrim
[2012.01.27 17:28:21 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{8622F5F8-EC7F-440D-8957-4806EA3EB37C}
[2012.01.27 14:15:41 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{20A345ED-BAC6-492F-A95D-1701DFB7F595}
[2012.01.27 14:15:27 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{CA80BE59-F14E-419A-9D4E-C526C5CFBA67}
[2012.01.27 07:08:42 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{A45DC1D9-C958-46AF-AF32-BB1313963054}
[2012.01.26 15:21:59 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{A6FEB3F4-3D05-4B3E-98D0-41E3B1ACD3E5}
[2012.01.26 15:21:43 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{DB606BDB-8C39-4443-AF06-7B948B3E1167}
[2012.01.25 07:11:34 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{B32536E1-8EBB-4D0B-A2A0-F0365A31EA14}
[2012.01.25 07:11:20 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{0F9D1A17-CA27-4C8E-8F76-1A97605067B5}
[2012.01.24 12:16:52 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{3258A6EA-EF9F-4E7D-95F4-2E903C195F52}
[2012.01.24 12:16:28 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{97445029-929D-48D5-A637-1A8DDCFB9B1F}
[2012.01.22 09:18:23 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{4D89571C-A5C1-4C0A-BCAC-C64991D20DC3}
[2012.01.20 17:49:48 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{A924CFE6-40AF-40C0-A57A-0FD174FC88F8}
[2012.01.20 17:49:24 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{8C1069F5-9D56-4B85-8690-AE8179860B5B}
[2012.01.19 16:56:05 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\One Piece ab Folge 001-195
[2012.01.19 15:36:49 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{A3797879-6841-4E83-98B5-1620C622EC09}
[2012.01.19 15:35:54 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{171D8A61-0CAF-4C29-859E-C97AA116F75C}
[2012.01.18 15:42:10 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{20E93709-D541-48BD-B400-C7458C89EA13}
[2012.01.18 15:41:32 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{23922ACA-25E2-477A-8D54-702ADDDA8CE8}
[2012.01.17 15:50:37 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{75E9A87D-52D2-42A1-B75B-7E59BBBB1A16}
[2012.01.17 15:50:10 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{C1C40C23-202B-4B2B-A8B3-936273ACCDE8}
[2012.01.16 15:50:19 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{A1A4D78B-EDFB-4335-83EA-39527E8CCD9B}
[2012.01.15 09:36:53 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{061C246C-D2EA-4A25-B29D-3B7F6316864A}
[2012.01.15 09:36:23 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{46D60189-8793-4EE5-B584-612C89B932A9}
[2012.01.13 06:33:56 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{FC235461-3665-4BFE-8DE4-6D1FBD469CA9}
[2012.01.13 06:33:36 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{BAFCC9DF-61C8-4F34-9315-C6E29DB22D47}
[2012.01.12 15:33:27 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{D3599BBF-4C7A-4580-BC26-6FA528A74C1F}
[2012.01.11 08:26:58 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{9FCCDA14-B26C-4506-BD03-96C0E9D5062B}
[2012.01.11 08:26:34 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{9995DE43-D4CE-4D49-93B0-5129EBBBC96A}
[2012.01.10 11:42:54 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.01.10 11:07:18 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{F916AC61-8032-4C95-864F-4CBA7586DADC}
[2012.01.10 11:05:25 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{6E4903C6-DA03-4745-88A2-6DF1CBDC64D7}
[2012.01.09 15:04:42 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{FF177188-3417-47A6-B9D0-4A5B638D0FD9}
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.08 11:48:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.08 11:48:12 | 2411,864,064 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.08 11:44:51 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.08 11:44:51 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.08 11:43:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.08 11:37:27 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.08 11:37:22 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012.02.08 11:33:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
[2012.02.08 10:48:23 | 000,003,368 | ---- | M] () -- C:\bootsqm.dat
[2012.02.07 17:46:48 | 000,541,439 | ---- | M] () -- C:\Windows\System32\sig.bin
[2012.02.07 17:46:48 | 000,036,597 | ---- | M] () -- C:\Windows\System32\nmp.map
[2012.02.04 11:53:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.02.04 11:53:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.02.04 08:53:33 | 000,697,322 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.04 08:53:33 | 000,652,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.04 08:53:33 | 000,148,328 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.04 08:53:33 | 000,121,274 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.04 08:46:07 | 000,295,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.04 01:42:34 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Standard.job
[2012.01.30 17:49:25 | 000,053,248 | ---- | M] () -- C:\Windows\System32\unrar.dll
[2012.01.30 16:31:14 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2012.01.28 15:00:45 | 000,001,231 | ---- | M] () -- C:\Users\Standard\Desktop\CABAL Online (Europe).lnk
[2012.01.20 16:38:18 | 000,004,065 | ---- | M] () -- C:\Users\Standard\.recently-used.xbel
 
========== Files Created - No Company Name ==========
 
[2012.02.08 10:48:23 | 000,003,368 | ---- | C] () -- C:\bootsqm.dat
[2012.02.04 11:53:28 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.02.04 11:53:28 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.01.30 17:49:25 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.01.28 15:03:49 | 000,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd
[2012.01.28 15:00:45 | 000,001,231 | ---- | C] () -- C:\Users\Standard\Desktop\CABAL Online (Europe).lnk
[2012.01.20 16:38:18 | 000,004,065 | ---- | C] () -- C:\Users\Standard\.recently-used.xbel
[2012.01.10 11:32:57 | 000,002,480 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011.11.22 16:05:08 | 000,370,541 | ---- | C] () -- C:\Windows\System32\fmtp.bin
[2011.11.05 02:22:00 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011.09.29 16:19:07 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2011.09.08 14:11:58 | 000,541,439 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.08.26 23:22:30 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.08.17 15:56:03 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.08.17 15:56:02 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.08.15 17:47:34 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.08.15 17:47:33 | 000,138,056 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\PnkBstrK.sys
[2011.08.15 17:47:02 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.08.15 17:46:59 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.08.08 09:33:34 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011.08.08 09:33:33 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011.08.08 09:33:33 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011.08.08 09:30:25 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.07.29 10:35:43 | 000,101,480 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.05.05 16:10:32 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.05.05 16:10:31 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.02.06 10:41:05 | 000,005,024 | ---- | C] () -- C:\Windows\System32\FilterData.dat
[2011.02.06 09:05:24 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.07.14 09:47:43 | 000,697,322 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,148,328 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,295,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,652,600 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,121,274 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.12.21 11:36:46 | 000,009,728 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
 
========== LOP Check ==========
 
[2011.12.03 01:59:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\.minecraft
[2011.03.27 16:22:29 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\AnvSoft
[2011.08.30 19:07:46 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Artweaver
[2012.02.06 22:56:32 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Audacity
[2011.07.17 19:30:59 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DAEMON Tools Lite
[2011.08.28 14:04:32 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DVDVideoSoft
[2011.08.28 14:04:24 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.10 08:09:35 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\FinalMediaPlayer
[2011.07.09 14:26:08 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\FireShot
[2011.04.01 14:35:45 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\FreeVideoConverter
[2011.05.28 06:49:20 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\go
[2012.01.20 16:38:18 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\gtk-2.0
[2011.09.08 14:09:04 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\ICQ
[2011.07.02 13:45:57 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\LolClient
[2012.02.02 17:37:05 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2011.10.08 12:03:47 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2011.08.24 19:42:53 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\OpenOffice.org
[2011.10.31 18:39:31 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Opera
[2011.09.29 20:48:13 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Origin
[2012.01.30 16:32:12 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Petroglyph
[2011.04.26 16:57:05 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Publish Providers
[2012.02.04 17:03:05 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Screaming Bee
[2011.10.22 22:16:34 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\SoftGrid Client
[2011.04.26 16:57:19 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Sony
[2011.05.04 17:23:34 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\TeamViewer
[2011.05.05 14:31:14 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\TP
[2011.06.12 21:43:01 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\TS3Client
[2011.12.06 16:24:04 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Ubisoft
[2011.05.14 15:07:16 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Unity
[2011.05.29 07:51:30 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Windows Live Writer
[2012.02.08 11:37:22 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2012.01.25 07:09:27 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.01.27 11:55:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.12.24 16:08:46 | 000,000,000 | ---D | M] -- C:\Acer
[2011.01.27 12:07:43 | 000,000,000 | ---D | M] -- C:\b17082b7b4beda9773de
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.01.27 11:55:05 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.03.17 18:15:33 | 000,000,000 | ---D | M] -- C:\Fanatsy-Server
[2012.02.08 10:47:01 | 000,000,000 | -HSD | M] -- C:\found.000
[2011.12.11 20:31:54 | 000,000,000 | ---D | M] -- C:\Fraps
[2011.01.27 12:51:31 | 000,000,000 | ---D | M] -- C:\Intel
[2011.05.05 14:44:14 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.02.07 09:43:12 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.04 17:01:07 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.01.27 11:55:05 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.01.27 11:55:06 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.07.02 12:25:21 | 000,000,000 | ---D | M] -- C:\Riot Games
[2011.08.08 09:30:25 | 000,000,000 | ---D | M] -- C:\Sierra
[2012.02.08 10:23:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.01.27 11:55:18 | 000,000,000 | ---D | M] -- C:\Users
[2012.02.08 11:12:45 | 000,000,000 | ---D | M] -- C:\Windows
[2012.02.08 11:19:10 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.02.12 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\X64\IaStor.sys
[2009.02.12 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\X86\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2011.03.02 22:44:35 | 000,000,121 | ---- | M] () -- C:\Users\Standard\.gtk-bookmarks
[2012.01.20 16:38:18 | 000,004,065 | ---- | M] () -- C:\Users\Standard\.recently-used.xbel
[2011.06.02 09:35:39 | 000,462,363 | ---- | M] () -- C:\Users\Standard\0601_211611.jpg
[2011.06.02 09:35:41 | 000,454,458 | ---- | M] () -- C:\Users\Standard\0601_211616.jpg
[2011.10.01 11:09:45 | 000,376,582 | ---- | M] () -- C:\Users\Standard\0930_193947.jpg
[2011.10.01 11:09:45 | 000,358,980 | ---- | M] () -- C:\Users\Standard\1001_001207.jpg
[2011.10.23 13:33:08 | 000,396,892 | ---- | M] () -- C:\Users\Standard\1023_143141.jpg
[2011.10.23 13:33:09 | 000,397,043 | ---- | M] () -- C:\Users\Standard\1023_143146.jpg
[2011.10.23 13:33:10 | 000,398,439 | ---- | M] () -- C:\Users\Standard\1023_143157.jpg
[2012.02.08 12:27:12 | 003,145,728 | -HS- | M] () -- C:\Users\Standard\NTUSER.DAT
[2012.02.08 12:27:12 | 000,262,144 | -HS- | M] () -- C:\Users\Standard\ntuser.dat.LOG1
[2011.06.04 11:58:30 | 000,262,144 | -HS- | M] () -- C:\Users\Standard\ntuser.dat.LOG2
[2011.01.27 11:58:44 | 000,065,536 | -HS- | M] () -- C:\Users\Standard\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2011.01.27 11:58:44 | 000,524,288 | -HS- | M] () -- C:\Users\Standard\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2011.01.27 11:58:44 | 000,524,288 | -HS- | M] () -- C:\Users\Standard\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2011.01.27 11:55:21 | 000,000,020 | -HS- | M] () -- C:\Users\Standard\ntuser.ini
[2011.10.23 13:33:23 | 000,081,920 | -HS- | M] () -- C:\Users\Standard\Thumbs.db
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Files - Unicode (All) ==========
[2011.11.28 22:06:59 | 000,191,087 | ---- | M] ()(C:\Users\Standard\Documents\?? ICH ??.gif) -- C:\Users\Standard\Documents\♥♥ ICH ♥♥.gif
[2011.11.28 22:06:48 | 000,191,087 | ---- | C] ()(C:\Users\Standard\Documents\?? ICH ??.gif) -- C:\Users\Standard\Documents\♥♥ ICH ♥♥.gif

< End of report >
         
--- --- ---


Hier der Inhalt von OTL.txt und Exta.txt
__________________

Alt 08.02.2012, 12:23   #4
markusg
/// Malware-holic
 
Windows gesperrt ..aufforderung 50 € bezahlen - Standard

Windows gesperrt ..aufforderung 50 € bezahlen



hi


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [ffdwnd] C:\Users\Standard\AppData\Local\Mozilla\Firefox\firefox.exe ()
 :Files
C:\Users\Standard\AppData\Local\Mozilla\Firefox\firefox.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.02.2012, 12:37   #5
TrueTaru
 
Windows gesperrt ..aufforderung 50 € bezahlen - Standard

Windows gesperrt ..aufforderung 50 € bezahlen



Tausend dank für die Hilfe !! (:
Es geht alles wieder Problemlos.
Und der Upload war erfolgreich.
Mfg und nochmals viele dank!


Alt 08.02.2012, 12:43   #6
markusg
/// Malware-holic
 
Windows gesperrt ..aufforderung 50 € bezahlen - Standard

Windows gesperrt ..aufforderung 50 € bezahlen



danke für den upload.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
--> Windows gesperrt ..aufforderung 50 € bezahlen

Antwort

Themen zu Windows gesperrt ..aufforderung 50 € bezahlen
aufforderung, bezahlen, deutschland, erklärung, fenster, gesperrt, laptop, relativ, schnelle, sperre, sperren, windows, windows gesperrt



Ähnliche Themen: Windows gesperrt ..aufforderung 50 € bezahlen


  1. BSI Maleware mit Aufforderung zum Bezahlen - wie bereinigen ?
    Plagegeister aller Art und deren Bekämpfung - 05.08.2013 (19)
  2. Windows gesperrt-Aufforderung 50 Euro zu zahlen
    Plagegeister aller Art und deren Bekämpfung - 13.04.2012 (2)
  3. 50-Euro Bezahlen und Windows gesperrt ?
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (1)
  4. 50-Euro Bezahlen und Windows gesperrt ?
    Alles rund um Windows - 12.04.2012 (3)
  5. Windows gesperrt: Bezahlen für Upgrade
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (15)
  6. Windows gesperrt - bezahlen...
    Log-Analyse und Auswertung - 14.03.2012 (31)
  7. Windows aus Sicherheitsgründen gesperrt (Aufforderung 50,- € zu zahlen)
    Plagegeister aller Art und deren Bekämpfung - 10.03.2012 (25)
  8. Windows aus Sicherheitsgründen gesperrt (50€ bezahlen)
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (11)
  9. Windows gesperrt, Bezahlen und Runterladen
    Log-Analyse und Auswertung - 20.02.2012 (15)
  10. Windows gesperrt - bezahlen und herunterladen
    Plagegeister aller Art und deren Bekämpfung - 17.02.2012 (1)
  11. 50 euro bezahlen, windows gesperrt
    Log-Analyse und Auswertung - 16.02.2012 (13)
  12. 50 euro bezahlen, windows gesperrt
    Log-Analyse und Auswertung - 10.02.2012 (1)
  13. Windows gesperrt, bezahlen
    Plagegeister aller Art und deren Bekämpfung - 08.02.2012 (3)
  14. Windows 7 gesperrt muss 100€ bezahlen
    Plagegeister aller Art und deren Bekämpfung - 06.02.2012 (3)
  15. Windows 7 Schwarzer Bildschirm und die aufforderung 50€ zu bezahlen
    Plagegeister aller Art und deren Bekämpfung - 18.01.2012 (3)
  16. Schwarzer Bildschirm bei Windows 7 Starter Edition und Aufforderung "bezahlen und runterladen"
    Plagegeister aller Art und deren Bekämpfung - 17.01.2012 (4)
  17. windows gesperrt...geld bezahlen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (2)

Zum Thema Windows gesperrt ..aufforderung 50 € bezahlen - Hallo , Als ich heut mein gestartet habe Laptop kam ein Fenster mit Deutschland Fahne oben und einer aufforderung 50 € zubezahlen um Windows zu entsperren . Ich bitte um - Windows gesperrt ..aufforderung 50 € bezahlen...
Archiv
Du betrachtest: Windows gesperrt ..aufforderung 50 € bezahlen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.