Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: 50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.03.2012, 10:41   #1
Benji1304
 
50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift) - Standard

50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift)



Hallo,
ich habe mir auf meinen Computer(Windows Vista Home Premium 64-bit) einen Virus/Trojaner eingefangen, der mein System blockiert, wobei der Bildschirm schwarz wird und in roter Schrift steht das mein System aus Sicherheitsgründen blockiert wurde und darunter ein Button auf dem steht, dass ich 50€ zahlen soll und dann etwas runterladen muss.
Da ich bereits einige Beiträge in diesem Forum dazu gefunden und gelesen habe, habe ich mir bereits OTL.exe heruntergeladen und es mit den Benutzerdefinierten Scans aus anderen Beiträge, die das gleiche Problem beschrieben haben, durchlaufen lassen.

Benutzerdefinierte Scans:
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
Hier ist die OTL.txt:
Code:
ATTFilter
OTL logfile created on: 19.03.2012 10:47:22 - Run 3
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Benjamin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,84 Gb Available Physical Memory | 85,50% Memory free
16,05 Gb Paging File | 15,26 Gb Available in Paging File | 95,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,97 Gb Total Space | 165,21 Gb Free Space | 18,02% Space Free | Partition Type: NTFS
Drive D: | 14,54 Gb Total Space | 2,00 Gb Free Space | 13,73% Space Free | Partition Type: NTFS
Drive L: | 1863,01 Gb Total Space | 1264,77 Gb Free Space | 67,89% Space Free | Partition Type: NTFS
 
Computer Name: BENJAMIN-PC | User Name: Benjamin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Benjamin\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\SysNative\TUProgSt.exe (TuneUp Software)
SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (usprserv) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (DFSVC) -- C:\Program Files (x86)\T-Online\Dialerschutz-Software\DFInject64.exe (T-Systems International GmbH)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (taphss) -- C:\Windows\SysNative\DRIVERS\taphss.sys (AnchorFree Inc)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\N360x64\0502000.00D\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\0502000.00D\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (SipIMNDI) -- C:\Windows\SysNative\DRIVERS\SipIMNDI64.sys (T-Systems International GmbH)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (vcd9bus) -- C:\Windows\SysNative\DRIVERS\vcd9bus.sys (H+H Software GmbH)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120316.005\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120302.001\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120317.009\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120317.009\ENG64.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (DFSYS) -- C:\Program Files (x86)\T-Online\Dialerschutz-Software\DFSYS64.sys (T-Systems International GmbH)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B37203BD-4CBD-42A1-A518-27C8484DF7F4}
IE:64bit: - HKLM\..\SearchScopes\{3FD8531F-DB80-44B5-B2BE-B01E05C99EDC}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{B37203BD-4CBD-42A1-A518-27C8484DF7F4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{E7CC65E8-77CD-4EA8-8B1B-27953AABC8AA}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {B37203BD-4CBD-42A1-A518-27C8484DF7F4}
IE - HKLM\..\SearchScopes\{3FD8531F-DB80-44B5-B2BE-B01E05C99EDC}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{B37203BD-4CBD-42A1-A518-27C8484DF7F4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{E7CC65E8-77CD-4EA8-8B1B-27953AABC8AA}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Benjamin\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:tabs
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {9C053F03-28C6-4FD3-9DC4-171DD703AE5E}
IE - HKCU\..\SearchScopes\{3FD8531F-DB80-44B5-B2BE-B01E05C99EDC}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{9C053F03-28C6-4FD3-9DC4-171DD703AE5E}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKCU\..\SearchScopes\{A5580A13-A7DE-4BDC-B9B5-0A2A9E461C67}: "URL" = hxxp://romdata.buffed.de/?f={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{B37203BD-4CBD-42A1-A518-27C8484DF7F4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKCU\..\SearchScopes\{E7CC65E8-77CD-4EA8-8B1B-27953AABC8AA}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.8.0191
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: support@platinumhideip.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - prefs.js..network.proxy.share_proxy_settings: true
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Benjamin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012.02.10 21:32:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_6_3 [2012.03.18 10:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\info@allpremiumplay.info: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\extensions\info@allpremiumplay.info [2012.03.17 12:16:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.26 09:50:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.26 09:50:40 | 000,000,000 | ---D | M]
 
[2010.11.21 20:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Extensions
[2012.03.17 12:16:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\extensions
[2011.06.25 16:22:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.16 15:52:18 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.25 16:22:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.06.25 16:22:28 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\extensions\DTToolbar@toolbarnet.com
[2012.03.17 12:16:20 | 000,000,000 | ---D | M] (Codec-C) -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\extensions\info@allpremiumplay.info
[2011.12.19 01:05:49 | 000,000,000 | ---D | M] (Platinum Hide IP) -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\extensions\support@platinumhideip.com
[2009.05.29 20:28:38 | 000,002,399 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\searchplugins\daemon-search.xml
[2012.03.07 18:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.07.04 21:06:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.03.29 19:59:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.18 21:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.12.05 10:59:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.02.10 21:32:52 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.26 09:50:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.26 09:50:32 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.26 09:50:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.26 09:50:32 | 000,000,986 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.26 09:50:32 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Benjamin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2010.04.21 20:03:53 | 000,000,967 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 	static3.cdn.ubi.com 
O1 - Hosts: 127.0.0.1 	ubisoft-orbit.s3.amazonaws.com 
O1 - Hosts: 127.0.0.1 	onlineconfigservice.ubi.com 
O1 - Hosts: 127.0.0.1 	orbitservice.ubi.com 
O1 - Hosts: 127.0.0.1 	ubisoft-orbit-savegames.s3.amazonaws.com 
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Codec-C Class) - {12C6811D-8E9B-48B7-93AE-1D40F8B9CD4D} - C:\ProgramData\Codec-C\bhoclass.dll (Injector)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback\razerhid.exe ()
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files (x86)\T-Online\Dialerschutz-Software\Defender64.exe (T-Systems International GmbH)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Benjamin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SkypePM] C:\Users\Benjamin\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Benjamin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Benjamin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game14.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D96B4E8-CD7C-4D40-AF54-A2E1E309910C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.27 13:02:30 | 000,000,000 | RH-D | M] - L:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.16 13:56:50 | 000,000,036 | RH-- | M] () - L:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{2a60cb49-79b7-11de-b6fe-002354a3b226}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{2a60cb49-79b7-11de-b6fe-002354a3b226}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
O33 - MountPoints2\{b653b839-dc37-11df-8c4b-002354a3b226}\Shell\AutoRun\command - "" = M:\Setup.exe
O33 - MountPoints2\{e267771b-713c-11df-850c-002354a3b226}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL vaaWA.Exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.19 09:52:48 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe
[2012.03.17 12:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.03.17 12:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codec-C
[2012.03.17 12:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Codec-C
[2012.03.17 12:16:12 | 000,000,000 | ---D | C] -- C:\codec-info
[2012.03.17 12:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012.03.14 08:34:01 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.03.14 08:34:01 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.14 08:34:01 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.03.14 08:34:01 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.03.14 08:34:01 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.03.14 08:33:23 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2012.03.14 08:33:23 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2012.03.01 18:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2012.03.01 17:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect
[2012.02.29 09:24:53 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.02.29 08:06:05 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\SCE
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benjamin\Documents\*.tmp files -> C:\Users\Benjamin\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.19 10:34:24 | 000,007,836 | ---- | M] () -- C:\Users\Benjamin\AppData\Local\d3d9caps.dat
[2012.03.19 09:52:57 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe
[2012.03.19 09:38:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.18 10:57:03 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.03.18 10:56:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.18 10:56:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.18 10:56:25 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.18 10:48:28 | 014,776,434 | ---- | M] () -- C:\Users\Benjamin\Desktop\Chapter 03 - The Assassination Order.rar
[2012.03.18 10:27:17 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.18 03:00:58 | 000,002,512 | ---- | M] () -- C:\{F97A6DCC-9712-40B7-8EED-04B26216C1C5}
[2012.03.18 02:59:38 | 000,002,512 | ---- | M] () -- C:\{9856DA1A-5EA2-456D-AF20-3484B151C671}
[2012.03.18 00:55:20 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-742170127-2975432880-950054135-1000UA.job
[2012.03.17 21:55:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-742170127-2975432880-950054135-1000Core.job
[2012.03.14 22:18:27 | 000,334,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.03 09:40:08 | 001,743,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.03 09:40:08 | 000,736,736 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.03 09:40:08 | 000,697,466 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.03 09:40:08 | 000,168,994 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.03 09:40:08 | 000,143,182 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.01 23:10:53 | 000,000,966 | ---- | M] () -- C:\Users\Benjamin\Desktop\Mass Effect.lnk
[2012.03.01 08:31:16 | 000,002,576 | ---- | M] () -- C:\{9CB6C82E-6626-42A2-97C4-7CD2063C9E63}
[2012.02.29 09:24:54 | 000,002,160 | ---- | M] () -- C:\Users\Benjamin\Desktop\DC Universe Online Live.lnk
[2012.02.19 08:00:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benjamin\Documents\*.tmp files -> C:\Users\Benjamin\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.18 10:47:56 | 014,776,434 | ---- | C] () -- C:\Users\Benjamin\Desktop\Chapter 03 - The Assassination Order.rar
[2012.03.18 03:00:57 | 000,002,512 | ---- | C] () -- C:\{F97A6DCC-9712-40B7-8EED-04B26216C1C5}
[2012.03.18 02:59:37 | 000,002,512 | ---- | C] () -- C:\{9856DA1A-5EA2-456D-AF20-3484B151C671}
[2012.03.01 18:37:15 | 000,000,966 | ---- | C] () -- C:\Users\Benjamin\Desktop\Mass Effect.lnk
[2012.03.01 08:31:16 | 000,002,576 | ---- | C] () -- C:\{9CB6C82E-6626-42A2-97C4-7CD2063C9E63}
[2012.02.29 08:04:45 | 000,002,160 | ---- | C] () -- C:\Users\Benjamin\Desktop\DC Universe Online Live.lnk
[2012.02.29 08:04:45 | 000,002,052 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online Live.lnk
[2011.12.18 23:21:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.11.01 20:31:43 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\dvttrn.dll
[2011.10.10 09:48:23 | 000,007,836 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\d3d9caps.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.10.27 11:35:59 | 000,001,940 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.07.24 19:26:52 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010.04.25 13:50:17 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
 
========== LOP Check ==========
 
[2010.11.21 13:00:11 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Alarmstufe Rot 3 Der Aufstand
[2009.11.15 20:25:50 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Blitware
[2010.11.25 21:22:31 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Canon
[2010.02.28 17:32:42 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Command & Conquer 3 Kanes Rache
[2010.02.21 14:42:39 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.12.19 00:29:47 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\C__Users_Benjamin_AppData_Local_Temp_AutoHideIP.exe
[2011.01.23 15:04:22 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DAEMON Tools Lite
[2011.08.21 20:12:45 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DisneyInteractiveStudios
[2011.11.04 12:13:33 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DVDVideoSoft
[2011.11.04 12:12:45 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.03 12:51:48 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\elsterformular
[2011.06.27 21:53:21 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\gamigoGr
[2011.09.30 17:57:43 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Gatling Gears
[2011.07.29 18:41:01 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Hi-Rez Studios
[2009.02.04 21:40:41 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\ICQ
[2011.10.04 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\ImgBurn
[2011.06.27 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\launcher
[2010.01.21 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Leadertech
[2011.05.29 16:42:45 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Lionhead Studios
[2010.11.23 20:56:38 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\LolClient
[2011.06.27 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Martial Empires Launcher
[2010.11.21 13:00:14 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\muvee Technologies
[2011.05.24 13:13:34 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\OpenCandy
[2009.11.30 14:39:46 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\PC Suite
[2011.12.19 01:05:35 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\PlatinumHideIP
[2011.05.27 14:39:56 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\ProtectDISC
[2011.09.01 07:31:09 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\PunkBuster
[2010.02.18 19:01:22 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Red Alert 3
[2009.11.30 14:00:09 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Samsung
[2011.03.04 20:12:26 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Stardock
[2011.12.14 16:19:54 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Tific
[2009.03.06 19:58:48 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\TuneUp Software
[2011.12.19 00:06:47 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Tunngle
[2011.12.10 22:03:59 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Ubisoft
[2012.03.18 10:57:03 | 000,000,518 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.01.02 02:50:27 | 000,000,468 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2009.02.09 05:57:40 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012.03.18 10:57:52 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.03.08 09:01:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.12.27 15:17:22 | 000,000,000 | ---D | M] -- C:\alaplaya
[2009.11.28 16:10:02 | 000,000,000 | ---D | M] -- C:\ATI
[2009.05.27 18:16:50 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.03.29 16:35:48 | 000,000,000 | ---D | M] -- C:\Canon
[2009.03.29 16:43:37 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2012.03.17 12:16:12 | 000,000,000 | ---D | M] -- C:\codec-info
[2009.02.04 22:37:02 | 000,000,000 | ---D | M] -- C:\CrashReport
[2006.11.02 16:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.02.04 18:52:09 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.09.17 09:14:05 | 000,000,000 | ---D | M] -- C:\Down
[2011.06.27 20:50:35 | 000,000,000 | ---D | M] -- C:\Gamigo
[2010.09.12 16:23:13 | 000,000,000 | ---D | M] -- C:\Gamplifier
[2011.12.27 15:08:20 | 000,000,000 | ---D | M] -- C:\gPotato.eu
[2009.11.28 16:47:32 | 000,000,000 | ---D | M] -- C:\GraphPap
[2009.02.09 04:52:37 | 000,000,000 | -H-D | M] -- C:\hp
[2009.02.04 18:55:45 | 000,000,000 | ---D | M] -- C:\Intel
[2012.03.02 10:42:18 | 000,000,000 | ---D | M] -- C:\Joymax
[2011.06.27 20:45:27 | 000,000,000 | ---D | M] -- C:\MAE
[2010.02.05 16:05:21 | 000,000,000 | ---D | M] -- C:\Manga
[2009.05.30 12:47:56 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.03.02 10:41:06 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment
[2008.01.21 04:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.16 23:12:17 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.02 10:35:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.03.17 12:16:42 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.02.04 18:52:09 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.09.19 16:37:42 | 000,000,000 | ---D | M] -- C:\PWE
[2010.01.04 16:57:19 | 000,000,000 | ---D | M] -- C:\Riot Games
[2011.12.27 15:15:46 | 000,000,000 | ---D | M] -- C:\ROHAN_Blood_Feud
[2012.03.18 10:57:58 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.18 14:11:38 | 000,000,000 | ---D | M] -- C:\temp
[2009.02.04 18:52:22 | 000,000,000 | ---D | M] -- C:\Users
[2009.05.30 12:44:24 | 000,000,000 | ---D | M] -- C:\visio2k7
[2010.06.08 16:13:14 | 000,000,000 | ---D | M] -- C:\WeMade Entertainment
[2012.03.19 09:38:21 | 000,000,000 | ---D | M] -- C:\Windows
[2011.09.17 09:13:42 | 000,000,000 | ---D | M] -- C:\Windyzone
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.10.06 13:03:22 | 000,327,704 | ---- | M] (Intel Corporation) MD5=9FD8B9BBD067B0FCAABBEA166A794A4B -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.10.06 14:18:02 | 000,405,528 | ---- | M] (Intel Corporation) MD5=E411B4D01DE654CF1A4F8BCA28FA5076 -- C:\hp\DRIVERS\Intel_Storage\IaStor.sys
[2008.10.06 13:18:02 | 000,405,528 | ---- | M] (Intel Corporation) MD5=E411B4D01DE654CF1A4F8BCA28FA5076 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.10.06 14:18:02 | 000,405,528 | ---- | M] (Intel Corporation) MD5=E411B4D01DE654CF1A4F8BCA28FA5076 -- C:\Windows\SysNative\drivers\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SysNative\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2009.09.10 16:38:04 | 000,005,221 | ---- | M] () -- C:\Users\Benjamin\1-8bc315f454677165.jpg
[2005.08.03 19:19:24 | 000,053,248 | ---- | M] (-) -- C:\Users\Benjamin\10TvHanoi30.exe
[2009.04.02 21:03:14 | 000,149,319 | ---- | M] () -- C:\Users\Benjamin\2009_04rechnung_4759064214.pdf
[2010.07.02 14:06:16 | 000,009,015 | ---- | M] () -- C:\Users\Benjamin\4FE5EB909E574BF1FFE6A9689B9DAF40.node2.pdf
[2009.01.10 11:31:56 | 000,029,184 | ---- | M] () -- C:\Users\Benjamin\=_ISO-8859-1_Q_Eigenpr=E4sentation.doc
[2010.12.06 17:05:54 | 002,911,190 | ---- | M] () -- C:\Users\Benjamin\AKAIO.1.8.1.rar
[2011.05.13 06:55:32 | 068,086,568 | ---- | M] (Petroglyph Games, Inc.) -- C:\Users\Benjamin\apppatch.exe
[2009.06.28 16:05:20 | 001,414,080 | ---- | M] (System SoftLab                                              ) -- C:\Users\Benjamin\artmoney730eng.exe
[2009.02.02 18:24:05 | 000,516,516 | ---- | M] () -- C:\Users\Benjamin\Aufgaben Klasse12 2 02 2009.zip
[2008.11.18 06:53:58 | 002,901,504 | ---- | M] () -- C:\Users\Benjamin\Bilderbogen_deutsch-deutsche_Geschichte.doc
[2005.08.03 20:44:20 | 000,053,248 | ---- | M] (-) -- C:\Users\Benjamin\bridges30.exe
[2011.05.24 13:12:38 | 005,296,197 | ---- | M] (Dark Byte                                                   ) -- C:\Users\Benjamin\CheatEngine60.exe
[2011.08.16 15:52:11 | 003,813,640 | ---- | M] () -- C:\Users\Benjamin\CMP_userEvocheats.rar
[2011.08.16 17:46:26 | 001,168,382 | ---- | M] () -- C:\Users\Benjamin\CMP_USRcheat.rar
[2010.04.15 13:18:02 | 001,432,064 | ---- | M] () -- C:\Users\Benjamin\Complete_Overheads_Grundkurs_2009_04_16.doc
[2011.05.24 12:15:41 | 011,193,664 | ---- | M] (DT Soft Ltd.) -- C:\Users\Benjamin\DTLite4402-0131.exe
[2011.03.08 14:38:49 | 000,020,098 | ---- | M] () -- C:\Users\Benjamin\Effektivrechner.rar
[2008.07.06 15:00:50 | 004,836,553 | ---- | M] () -- C:\Users\Benjamin\English-1.18.rar
[2011.06.11 20:47:25 | 001,941,160 | ---- | M] () -- C:\Users\Benjamin\evo-firmware-2.3.zip
[2010.04.10 09:19:30 | 000,481,019 | ---- | M] () -- C:\Users\Benjamin\EvoTools-1.0-BETA2.zip
[2011.05.09 10:42:24 | 000,215,552 | ---- | M] () -- C:\Users\Benjamin\exp pendel.doc
[2011.02.08 22:29:58 | 078,623,130 | ---- | M] () -- C:\Users\Benjamin\Final Fantasy XIII (PS3. Xbox 360) - English voice trailer.mp4
[2009.12.30 11:44:22 | 011,256,164 | ---- | M] (DVDVideoSoft Limited.                                       ) -- C:\Users\Benjamin\FreeYouTubeDownload.exe
[2011.11.04 12:10:41 | 015,184,088 | ---- | M] (DVDVideoSoft Ltd.                                           ) -- C:\Users\Benjamin\FreeYouTubeToMP3Converter.exe
[2010.04.01 13:52:14 | 000,093,443 | ---- | M] (SteelBytes) -- C:\Users\Benjamin\HD_Speed.exe
[2010.07.24 19:36:27 | 000,000,124 | ---- | M] () -- C:\Users\Benjamin\Heroes of Might & Magic 5.txt
[2011.03.24 12:31:09 | 000,194,885 | ---- | M] () -- C:\Users\Benjamin\hjsplit3.zip
[2010.07.27 11:16:34 | 000,008,496 | ---- | M] () -- C:\Users\Benjamin\homm5save.zip
[2008.06.22 19:12:16 | 083,896,373 | ---- | M] () -- C:\Users\Benjamin\Longman Student Grammar of Spoken and Written English.pdf
[2012.03.19 10:47:13 | 004,194,304 | -HS- | M] () -- C:\Users\Benjamin\NTUSER.DAT
[2012.03.19 10:47:13 | 000,262,144 | -H-- | M] () -- C:\Users\Benjamin\ntuser.dat.LOG1
[2009.02.04 18:52:34 | 000,000,000 | -H-- | M] () -- C:\Users\Benjamin\ntuser.dat.LOG2
[2012.03.18 10:57:49 | 000,065,536 | -HS- | M] () -- C:\Users\Benjamin\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2012.03.18 10:57:49 | 000,524,288 | -HS- | M] () -- C:\Users\Benjamin\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2011.09.29 13:34:26 | 000,524,288 | -HS- | M] () -- C:\Users\Benjamin\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2009.02.04 18:52:34 | 000,000,020 | -HS- | M] () -- C:\Users\Benjamin\ntuser.ini
[2008.06.02 13:53:14 | 000,000,068 | ---- | M] () -- C:\Users\Benjamin\PS2-Games.txt
[2009.09.02 12:10:35 | 000,000,016 | ---- | M] () -- C:\Users\Benjamin\RoM - Fertigkeitsstein.txt
[2009.05.30 14:40:57 | 000,000,219 | ---- | M] () -- C:\Users\Benjamin\RoM - Set der Musen Codes.txt
[2009.12.01 15:38:52 | 001,690,363 | ---- | M] () -- C:\Users\Benjamin\S5230WallpaperCreatorSetup_1_2.zip
[2008.07.06 14:49:10 | 012,483,784 | ---- | M] () -- C:\Users\Benjamin\Softwarepaket.rar
[2009.04.04 13:26:10 | 000,044,544 | ---- | M] () -- C:\Users\Benjamin\sonnenschwert2.doc
[2008.07.31 11:30:34 | 000,000,125 | ---- | M] () -- C:\Users\Benjamin\Spellforce Platinum Key.txt
[2009.03.29 17:06:30 | 000,000,000 | ---- | M] () -- C:\Users\Benjamin\Sti_Trace.log
[2010.08.02 14:22:34 | 329,227,285 | ---- | M] () -- C:\Users\Benjamin\TFU2_E3_720.mov
[2010.04.03 19:47:06 | 000,022,561 | ---- | M] () -- C:\Users\Benjamin\usa_flag.jpg
[2011.08.16 17:45:28 | 001,208,035 | ---- | M] () -- C:\Users\Benjamin\Wood_R4_v1.35_v2.7z
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Benjamin\Final Fantasy XIII (PS3. Xbox 360) - English voice trailer.mp4:TOC.WMV

< End of report >
         
und Extras.txt habe ich dem Anhang beigefügt, da der Platz in diesen Beitrag nicht gereicht hat.

Es ist Run 3, weil ich zuerst nach der Anleitung im OTL-Beitrag gegangen bin und mit Scan OTL durchlaufen ließ, danach aufgrund von einem anderen Beitrag im Forum mit Quick Scan OTL durchlaufen lassen, was allerdings keine Extras.txt ergab. Run 3 ist dann wieder mit den gleichen Einstellungen wie Run1 geschehen.
Ich hoffe das es soweit richtig war und das mir jemand bei meinem Problem helfen kann.
Angehängte Dateien
Dateityp: txt Extras.Txt (67,3 KB, 195x aufgerufen)

Alt 19.03.2012, 10:53   #2
markusg
/// Malware-holic
 
50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift) - Standard

50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift)



hi
warum ist ubisoft in deiner hosts datei geblockt?
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
usw
__________________

__________________

Alt 19.03.2012, 11:02   #3
Benji1304
 
50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift) - Standard

50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift)



Ich bin mir nicht sicher warum die geblockt sind, aber das genannte Problem trat vor 2 Tagen auf und ich habe schon eine ganze weile nichts mehr von Ubisoft installiert glaube ich jedenfalls.
Wenn es aber mit dem Problem zu tun haben könnte, kann ich versuchen das zu ändern, obwohl ich mir nicht mehr ganz sicher bin wann und wie ich das gemacht habe. Es müsste auf jeden Fall schon mindestens einen Monat zurückliegen oder mehr.
__________________

Alt 19.03.2012, 11:04   #4
markusg
/// Malware-holic
 
50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift) - Standard

50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift)



sind deine ubisoft games legal erworben?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.03.2012, 11:19   #5
Benji1304
 
50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift) - Standard

50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift)



Ich besitze nicht alle installierten Spiele, da ich mir die meisten ausgeliehen hatte und später dann im Internet Offline-Lösungen ohne DVD gefunden habe, aber das hat bisher nie zu problemen geführt, da Norton immer alles Schädliche geblockt hat.
Übrigens habe ich Norton auch einmal einen Vollständigen Scan durchführen lassen, als ich den Computer einmal ohne Internetverbindung gestartet habe, wobei das Problem nicht gelöst wurde.


Geändert von Benji1304 (19.03.2012 um 11:29 Uhr) Grund: Rechtschreibung verbessert

Alt 19.03.2012, 12:07   #6
markusg
/// Malware-holic
 
50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift) - Standard

50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift)



ja, aber illegale versionen unterstützen wir hier nicht, da gibts nur hilfe beim formatieren und neu aufsetzen.
und, woher willst du wissen das norton 100 % aller schädlichen aktionen blocken konnte, dass kann kein programm.
__________________
--> 50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift)

Antwort

Themen zu 50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift)
0x00000001, adblock, akamai, alternate, autorun, bho, bildschirm, blockiert, browser, computer, converter, dvdvideosoft ltd., error, firefox, helper, home, hotspot, hotspot shield, intranet, logfile, mp3, problem, realtek, registry, required, schwarzer bildschirm, searchscopes, server, software, svchost.exe, symantec, system, version=1.0, virus/trojaner, vista, visual studio, windows



Ähnliche Themen: 50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift)


  1. Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster)
    Plagegeister aller Art und deren Bekämpfung - 15.04.2013 (20)
  2. "Windows gesperrt" Virus mit Desktopblockade mit roter Schrift
    Log-Analyse und Auswertung - 31.05.2012 (5)
  3. Monitor wird Schwarz mit roter Schrift ( Windows blockiert bezahlen um es wieder zu aktivieren)
    Log-Analyse und Auswertung - 25.04.2012 (1)
  4. Monitor wird Schwarz mit roter Schrift ( Windows blockiert 100 € um es wieder zu aktivieren)
    Plagegeister aller Art und deren Bekämpfung - 24.04.2012 (13)
  5. Schwarzer Bildschirm Rote SChrift Ihr Windows ist blockiert Bezahlne und Herunterladen
    Log-Analyse und Auswertung - 24.04.2012 (10)
  6. "windows gesperrt" -schwarzer Bildschirm, rote Schrift/ keine Bezahlsumme angegeben
    Log-Analyse und Auswertung - 01.04.2012 (6)
  7. Trojaner 50€ Schwarzer Bildschirm Rote Schrift
    Log-Analyse und Auswertung - 29.03.2012 (5)
  8. schwarzer bildschirm mit roter schrift und einer zahlungs aufforderung von 50 euro
    Plagegeister aller Art und deren Bekämpfung - 20.03.2012 (9)
  9. Virus/Trojaner + Schwarzer Bildschirm und Zahlungsaufforderung
    Log-Analyse und Auswertung - 16.02.2012 (13)
  10. 50€ Virus: Schwarzer Bildschirm, roter Text: Achtung! Windowssystem blockiert
    Log-Analyse und Auswertung - 07.02.2012 (9)
  11. 50€ Virus: Schwarzer Bildschirm, roter Text: Achtung! Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (14)
  12. 50 € Trojaner Schwarzer Bilfschirm Rote Schrift Bildschirm gesperrt Taskmanager gesperrt
    Log-Analyse und Auswertung - 05.02.2012 (11)
  13. Schwarzer Bildschirm,50 Euro Virus
    Plagegeister aller Art und deren Bekämpfung - 14.01.2012 (46)
  14. schwarzer bildschirm virus warnung 50€
    Plagegeister aller Art und deren Bekämpfung - 10.01.2012 (3)
  15. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert(schwarzer Hintergrund, Rote Schrift)
    Log-Analyse und Auswertung - 04.01.2012 (1)
  16. Virus? schwarzer Bildschirm !
    Mülltonne - 01.11.2008 (0)
  17. Schwarzer Bildschirm roter bullet Bitte Hijack log auswerten
    Log-Analyse und Auswertung - 05.05.2006 (1)

Zum Thema 50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift) - Hallo, ich habe mir auf meinen Computer( Windows Vista Home Premium 64-bit ) einen Virus/Trojaner eingefangen, der mein System blockiert, wobei der Bildschirm schwarz wird und in roter Schrift steht - 50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift)...
Archiv
Du betrachtest: 50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.