Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.03.2012, 14:10   #1
Heinrichter
 
Virus -  "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" - Standard

Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"



Hallo Liebe Freunde,
Ich bin neu hier und wollte um eure Hilfe bitten. Ich hab schon einige Threads zu meinem Problem gefunden, aber man soll sein eigenes erstellen. Naja ich fang mal an. Ich war heute in einer Internet Seite ein Video gucken dann kam die Meldung "Ihr Windows System wurde aus Sicherheitsgründen blockiert" "Bezahlen und Runterladen" und man konnte da nicht raus. Jetzt wollte ich euch bitten mir zu erklären was ich da machen muss, achja ich bin manchmal leider schwer von Begriff und kenn mich mit den Sachen hier nur mäßig aus, also bitte hilft mir. Mein Tag ist versaut

Extras.txt
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.03.2012 14:26:03 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Koc\Documents\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 5,26 Gb Available Physical Memory | 87,61% Memory free
15,00 Gb Paging File | 14,28 Gb Available in Paging File | 95,23% Paging File free
Paging file location(s): c:\pagefile.sys 9214 9214 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,79 Gb Total Space | 349,48 Gb Free Space | 60,07% Space Free | Partition Type: NTFS
Drive D: | 14,28 Gb Total Space | 2,51 Gb Free Space | 17,58% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 277,78 Gb Free Space | 46,59% Space Free | Partition Type: NTFS
 
Computer Name: KOC-PC | User Name: Koc | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{2DB39FB6-161E-44E7-B2A1-B654C85EFBC1}" = MySQL Server 5.5
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Hardwarediagnosetools
"WinGimp-2.0_is1" = GIMP 2.6.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.42
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{675DD1E6-637A-4F0E-B6DE-26F45CC26092}_is1" = AC2 server emulator 0.44 by Dormine
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox!
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91591AEF-F2AB-45DF-9BAA-4288B5EC8032}" = Tt eSPORTS Challenger Pro
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEDE732-24D7-468A-AB10-DC5D088C04D3}" = DDBAC
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBA46D83-6DDE-4332-A29A-10F9553C9F06}" = EMS SQL Query 2010 for MySQL
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Afterburner" = MSI Afterburner 2.1.0
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Battlelog Web Plugins" = Battlelog Web Plugins
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup.divx.com" = DivX-Setup
"EasyBits Magic Desktop" = Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"facemoods" = facemoods
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free Studio_is1" = Free Studio version 5.0.8
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727
"Free YouTube Download_is1" = Free YouTube Download version 3.0.22.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MySSID_is1" = EXPERTool 7.20
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PriceGong" = PriceGong 2.5.1
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Steam App 240" = Counter-Strike: Source
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"BitTorrent DNA" = DNA
"Kies Air Discovery Service" = Kies Air Discovery Service
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.03.2012 12:56:18 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 21.03.2012 12:56:25 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 21.03.2012 12:56:26 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 21.03.2012 12:56:28 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 21.03.2012 12:56:38 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 21.03.2012 13:31:56 | Computer Name = Koc-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 22.03.2012 11:04:17 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 23.03.2012 01:57:44 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 23.03.2012 08:46:23 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 23.03.2012 09:15:09 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Hewlett-Packard Events ]
Error - 01.11.2011 11:42:10 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
Error - 01.11.2011 11:42:11 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
Error - 01.11.2011 11:42:11 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = 
 
Error - 15.11.2011 09:32:38 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
Error - 15.11.2011 09:32:38 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
Error - 27.12.2011 09:44:46 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
Error - 27.12.2011 09:44:47 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
Error - 14.02.2012 11:55:51 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
Error - 14.02.2012 11:55:52 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
Error - 06.03.2012 12:10:38 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
[ OSession Events ]
Error - 05.12.2010 10:51:28 | Computer Name = Koc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2552
 seconds with 2400 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 23.03.2012 09:20:46 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.03.2012 09:22:28 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.03.2012 09:22:28 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.03.2012 09:22:28 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.03.2012 09:27:28 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.03.2012 09:27:28 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.03.2012 09:27:28 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.03.2012 09:29:36 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.03.2012 09:29:36 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.03.2012 09:29:36 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---

otl.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.03.2012 14:26:03 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Koc\Documents\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 5,26 Gb Available Physical Memory | 87,61% Memory free
15,00 Gb Paging File | 14,28 Gb Available in Paging File | 95,23% Paging File free
Paging file location(s): c:\pagefile.sys 9214 9214 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,79 Gb Total Space | 349,48 Gb Free Space | 60,07% Space Free | Partition Type: NTFS
Drive D: | 14,28 Gb Total Space | 2,51 Gb Free Space | 17,58% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 277,78 Gb Free Space | 46,59% Space Free | Partition Type: NTFS
 
Computer Name: KOC-PC | User Name: Koc | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.23 14:24:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Koc\Documents\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.12.03 20:12:04 | 009,619,456 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV:64bit: - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.03.21 13:32:01 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.10 20:57:30 | 003,340,064 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 08:55:53 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.05 19:31:17 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.07.18 21:35:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.04 19:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.11.12 18:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007.01.11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.31 08:56:33 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.01.31 08:56:33 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.11.24 22:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.11.24 22:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.02 09:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.02.07 13:34:45 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.02.07 13:34:45 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.01.31 23:48:10 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.19 17:19:38 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}
IE:64bit: - HKLM\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKLM\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2124320
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=5453387e00000000000090e6ba6515c1
IE - HKCU\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKCU\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2124320
IE - HKCU\..\SearchScopes\{B4BE5E59-3B3E-4FFD-BC3F-D6AB1DC7838F}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20111044,16981,0,22,0"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=110000&babsrc=adbartrp&mntrId=5453387e00000000000090e6ba6515c1&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Koc\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.20 13:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.14 10:44:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.20 13:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.14 10:44:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Koc\Program Files (x86)\DNA [2011.11.05 19:53:26 | 000,000,000 | ---D | M]
 
[2010.02.01 12:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Koc\AppData\Roaming\Mozilla\Extensions
[2012.03.10 23:16:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions
[2011.10.19 17:57:23 | 000,000,000 | ---D | M] (DDBAC) -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions\{271A3CF5-5A54-447B-A08F-BE805F0DA60A}
[2011.10.14 13:06:25 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2010.06.02 18:26:04 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.12 10:51:21 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions\toolbar@ask.com
[2010.02.04 00:05:30 | 000,002,163 | ---- | M] () -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\searchplugins\bing.xml
[2010.01.12 15:26:12 | 000,000,941 | ---- | M] () -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\searchplugins\conduit.xml
[2011.10.14 13:06:07 | 000,003,915 | ---- | M] () -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\searchplugins\sweetim.xml
[2012.02.22 21:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\KOC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HHENO98.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012.03.20 13:44:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.22 21:31:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.25 15:14:05 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.22 21:31:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.22 21:31:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.28 17:56:18 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchFxt.xml
[2012.02.22 21:31:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.22 21:31:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.22 21:31:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.18 16:19:00 | 000,001,050 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1       ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1       onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1       orbitservice.ubi.com
O1 - Hosts: 127.0.0.1       ubisoft-orbit-savegames.s3.amazonaws.com
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.1\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (no name) - {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ChallengerPro] C:\Program Files (x86)\Thermaltake Challenger Pro\Ttsystray.exe (Chicony)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [{1D0A50C5-0A46-11DF-8BA7-806E6F6E6963}] C:\Users\Koc\AppData\Roaming\Microsoft\newsrdr.exe (the VideoLAN Team)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Koc\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: olb.de ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB (B+S Banksysteme AG DDBAC Plug-In)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBBF891A-96DD-4D2F-9DEB-58A1ECE03F8D}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cc69dd07-0eba-11df-a591-90e6ba6515c1}\Shell - "" = AutoRun
O33 - MountPoints2\{cc69dd07-0eba-11df-a591-90e6ba6515c1}\Shell\AutoRun\command - "" = K:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.23 14:24:03 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Koc\Documents\Desktop\OTL.exe
[2012.03.23 06:58:12 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{2CB59A15-9B96-4C3C-B9DA-97DEB293706A}
[2012.03.23 06:58:01 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{46FBFB16-EB0B-4FF2-B359-DBA2C9524E01}
[2012.03.21 07:16:52 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B2BB6F2C-E1C3-4734-A2D7-8E4E61D59A30}
[2012.03.21 07:16:41 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{2E9D5AA7-D0B8-4989-9D16-5E6373472999}
[2012.03.20 07:01:00 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{3A42C2AA-708D-4DE5-B6D3-0CFBF0BE81C2}
[2012.03.20 07:00:47 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{D7749010-F33C-47BB-805B-7C3968315DDD}
[2012.03.19 07:30:01 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{3B662F78-6D85-4E91-9637-D294E0B6C41B}
[2012.03.19 07:29:50 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{5CDB5B73-1017-4A66-A883-CD44304B007D}
[2012.03.18 11:49:30 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{DFF64290-0598-4D58-ABC1-253BF07F5137}
[2012.03.18 11:49:19 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B81C251A-5F66-4BA4-AEA7-F54087FA2FF2}
[2012.03.17 22:50:16 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{E9258F6D-F815-4C6D-BBF8-45CE8E204A50}
[2012.03.17 22:50:04 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{D7DC526C-4844-4D47-9734-850E773E245D}
[2012.03.17 08:21:31 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{37940648-A346-40B4-A83F-406D5D6B8688}
[2012.03.17 08:21:20 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{15120BE7-24DF-4C5D-9332-8A7C7A6F3337}
[2012.03.16 06:58:35 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{F4E5FD0B-45DC-43D2-910C-1E0472DA72CA}
[2012.03.16 06:58:21 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{0D3C03DA-C69D-44CE-9653-A8AC33514A1D}
[2012.03.15 06:24:21 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{12B4DB6A-117A-45F6-BED5-C4582A4D945D}
[2012.03.15 06:24:10 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{8E02982A-16EE-4B43-8013-E6311434ED93}
[2012.03.14 13:23:35 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{869AD0B9-1A4B-4B2F-A348-F45FCA7DBA15}
[2012.03.14 13:23:24 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B90EFAF9-4590-49E6-B6AB-3433BEEA44E8}
[2012.03.13 06:45:54 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{5EA971FA-4049-404E-A5E2-B80A949CEF32}
[2012.03.13 06:45:41 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{EAC6E2BC-7D83-41A4-8A81-56CC6AEF0037}
[2012.03.12 06:45:57 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{E4840277-5EFA-4B8E-84E2-882AC616C02F}
[2012.03.12 06:45:47 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{189E10DF-7726-4D15-8C46-D7ABB4657BA9}
[2012.03.11 11:15:25 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{21890387-EB44-4828-AA65-03033AB929C5}
[2012.03.11 11:15:15 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{BF498C1B-379E-4438-9773-BE346C484A4D}
[2012.03.10 11:27:24 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{9B78DBBD-A58B-4353-A684-2E6693EC3A07}
[2012.03.10 11:27:12 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{3645D781-8361-4BDF-8541-8D8E93A01582}
[2012.03.09 22:51:59 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{0428779E-8B04-40B8-874D-2B601201DB74}
[2012.03.09 22:51:48 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{7083B940-C92A-4CAA-8F43-DBFE94425C97}
[2012.03.09 08:09:35 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{8E93D105-7E25-49BD-8E71-B9EE6E2AC54A}
[2012.03.09 08:09:24 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{75D7A1A8-A7F3-46E3-8BAA-DF36870836FC}
[2012.03.08 07:28:04 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{38DD7A48-2129-4018-8834-73515EBF1C80}
[2012.03.08 07:27:41 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{003B6C1A-B213-416F-A172-377913A3A34B}
[2012.03.07 15:34:16 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{F1AF3298-1B1E-42A3-9A05-4AA521A66702}
[2012.03.07 15:34:06 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{408C0D5A-6B18-4FF6-9D51-D8693796A9FB}
[2012.03.06 13:29:50 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{4B340039-B14B-4F63-B8F0-9879707983C8}
[2012.03.06 13:29:40 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{3447D83A-A379-4468-AC17-692FAC8E7285}
[2012.03.05 13:33:51 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{C5688367-D23D-40B2-B735-021AC709E9EF}
[2012.03.05 13:33:39 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{40293C7B-9B6F-478E-8DBC-4A5B2605E53F}
[2012.03.04 13:04:57 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{035D35FB-E1BF-4322-AA90-2876490F5169}
[2012.03.04 13:04:47 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{5A210FE0-01EC-46FF-9808-A59D4CB7664C}
[2012.03.04 12:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012.03.03 09:07:17 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B1BF5AD6-4459-4926-801A-7B8D403EB2AD}
[2012.03.03 09:07:07 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{9CA9FADF-F4A5-47A5-906C-6575FD62ADE2}
[2012.03.02 06:50:48 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{1BBD3B26-E1EC-4CE7-9247-4EC6A38F9B17}
[2012.03.02 06:50:38 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{36E5AF48-1C93-42AB-94AC-8B2D129A76D9}
[2012.03.01 07:00:04 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{77F7B208-6095-4824-AEAB-8FEBCD870174}
[2012.03.01 06:59:53 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{389DCF49-2166-48AD-AB02-F404549E7EE5}
[2012.02.29 13:20:57 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{4FD698CB-3753-4529-9AB2-EA6459AB479D}
[2012.02.29 13:20:46 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{40CBFE62-A22C-4015-B231-D3EBE5F05E21}
[2012.02.28 19:29:54 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{6E24C06B-D188-41C6-8F6E-A4E6C8A46CE0}
[2012.02.28 19:29:33 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{50C7176A-360C-4143-984C-DDE97398B06F}
[2012.02.28 07:28:52 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{EEDDA2B5-C103-4AD3-8DD5-B9E689A4851E}
[2012.02.28 07:28:40 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{30C033DC-D93F-49D1-B3A1-09FED3366F68}
[2012.02.27 18:41:12 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{83EF20B7-5BFC-4D66-B20D-AA570E7C8F9C}
[2012.02.27 18:40:51 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{519F1C82-6828-43C8-8562-AD711DE9668D}
[2012.02.27 18:19:44 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Roaming\ProgSense
[2012.02.27 18:19:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Beschleunigen
[2012.02.27 18:19:44 | 000,000,000 | ---D | C] -- C:\Downloads
[2012.02.27 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Roaming\Orbit
[2012.02.27 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Roaming\OpenCandy
[2012.02.27 06:40:25 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{43FFDA3E-3943-4A48-812A-20AEE9427C40}
[2012.02.27 06:40:15 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{2B762216-AD84-40EE-978B-4B09DB238728}
[2012.02.26 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{5E50EC1C-A3AD-4299-89B4-9BF6B82D81A2}
[2012.02.26 09:27:52 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{EE63B937-EB71-443D-B8BB-1C1A605322EA}
[2012.02.25 15:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.02.25 09:05:35 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{0B465A1A-8C44-4D20-A189-8432D30659E8}
[2012.02.25 09:05:23 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B0EF51DC-89F0-4271-974B-8536AE0426DA}
[2012.02.24 07:50:09 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{A86C5033-90EA-4985-B102-4011E28C91C0}
[2012.02.24 07:49:58 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B97683E3-9789-451B-B07E-9303B593189C}
[2012.02.23 08:10:47 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{70A0A887-C5F9-429A-BAA7-BDC2D4ADFC13}
[2012.02.23 08:10:36 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{FEA3E3C6-CA95-41A4-BF6F-93E118093A66}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.23 14:24:29 | 001,642,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.23 14:24:29 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.23 14:24:29 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.23 14:24:29 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.23 14:24:29 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.23 14:24:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Koc\Documents\Desktop\OTL.exe
[2012.03.23 14:20:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.23 14:20:08 | 536,268,799 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.23 14:14:38 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2012.03.23 13:53:14 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.23 13:53:14 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.20 18:23:52 | 000,307,650 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\OpenDocument Text (neu) (2).odt
[2012.03.20 14:24:57 | 001,619,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.14 15:59:32 | 003,309,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.10 23:13:53 | 000,000,600 | ---- | M] () -- C:\Users\Koc\PUTTY.RND
[2012.03.04 12:42:57 | 000,002,003 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\JDownloader.lnk
[2012.02.26 19:18:30 | 000,005,176 | ---- | M] () -- C:\Users\Koc\.TransferManager.db
[2012.02.25 15:14:10 | 000,000,237 | ---- | M] () -- C:\user.js
[2012.02.25 14:49:06 | 000,002,003 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\Kies Air Discovery Service.lnk
[2012.02.25 14:41:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.02.22 20:26:15 | 000,001,302 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\Free YouTube Download.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.10 18:09:38 | 000,000,600 | ---- | C] () -- C:\Users\Koc\PUTTY.RND
[2012.03.04 12:42:57 | 000,002,003 | ---- | C] () -- C:\Users\Koc\Documents\Desktop\JDownloader.lnk
[2012.03.04 12:42:54 | 000,001,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.03.04 12:42:54 | 000,001,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.03.04 12:42:54 | 000,001,890 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.02.26 18:57:36 | 000,005,176 | ---- | C] () -- C:\Users\Koc\.TransferManager.db
[2012.02.25 15:14:10 | 000,000,237 | ---- | C] () -- C:\user.js
[2012.02.25 14:49:06 | 000,002,003 | ---- | C] () -- C:\Users\Koc\Documents\Desktop\Kies Air Discovery Service.lnk
[2012.02.25 14:41:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.02.12 18:46:11 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.06.02 08:17:24 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.11.24 13:06:46 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.08.16 09:11:13 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.07.05 19:53:26 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.04.28 14:27:37 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
 
========== LOP Check ==========
 
[2011.10.12 18:29:25 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\.minecraft
[2010.09.19 13:08:32 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Azureus
[2011.10.25 22:01:54 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Babylon
[2010.02.01 12:16:19 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DAEMON Tools Lite
[2011.07.20 19:34:33 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DataDesign
[2010.05.22 12:34:38 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Dev-Cpp
[2011.11.05 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DNA
[2012.02.22 20:26:21 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DVDVideoSoft
[2011.04.13 11:09:39 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.16 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\EPSON
[2010.11.01 12:01:35 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\GetRightToGo
[2010.07.14 20:39:31 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\GMX
[2011.03.26 14:16:50 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\gtk-2.0
[2010.07.09 21:52:18 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Leadertech
[2011.07.11 15:02:22 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Need for Speed World
[2012.02.27 18:19:36 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\OpenCandy
[2010.04.18 12:32:59 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\OpenOffice.org
[2012.02.27 21:47:36 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Orbit
[2012.01.05 16:35:06 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Origin
[2012.02.27 18:19:44 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\ProgSense
[2010.02.22 10:43:24 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Sports Interactive
[2010.02.03 10:48:15 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Steganos
[2011.10.15 17:24:20 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\The Creative Assembly
[2010.11.27 14:31:53 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\TubeBox
[2010.03.16 17:36:02 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Ubisoft
[2010.02.16 23:12:55 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Uniblue
[2010.01.30 12:34:56 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\WildTangent
[2010.02.01 18:58:43 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\WinBatch
[2010.01.30 12:35:18 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\_MDLogs
[2012.03.23 14:14:38 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
[2012.01.31 12:46:29 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012.03.09 13:23:06 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.03.22 18:45:10 | 000,000,000 | ---D | M](C:\Users\Koc\Documents\Desktop\???? GØÐ?I??™?) -- C:\Users\Koc\Documents\Desktop\☪๖ۣۜ GØÐĿĪҚЄ™☪
[2010.02.06 00:09:05 | 000,000,000 | ---D | C](C:\Users\Koc\Documents\Desktop\???? GØÐ?I??™?) -- C:\Users\Koc\Documents\Desktop\☪๖ۣۜ GØÐĿĪҚЄ™☪

< End of report >
         
--- --- ---

hab ich das richtig gemacht??^^

Alt 23.03.2012, 14:39   #2
Heinrichter
 
Virus -  "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" - Standard

Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"



Nein das ist das Richtige mit den Benutzerdefinierten Dingern
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.03.2012 15:22:54 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Koc\Documents\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,93 Gb Available Physical Memory | 82,16% Memory free
15,00 Gb Paging File | 14,04 Gb Available in Paging File | 93,61% Paging File free
Paging file location(s): c:\pagefile.sys 9214 9214 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,79 Gb Total Space | 348,78 Gb Free Space | 59,95% Space Free | Partition Type: NTFS
Drive D: | 14,28 Gb Total Space | 2,51 Gb Free Space | 17,58% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 277,78 Gb Free Space | 46,59% Space Free | Partition Type: NTFS
 
Computer Name: KOC-PC | User Name: Koc | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.23 15:04:21 | 000,939,872 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012.03.23 14:24:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Koc\Documents\Desktop\OTL.exe
PRC - [2012.01.31 08:55:52 | 000,492,496 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.23 15:04:21 | 000,939,872 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012.01.31 08:56:07 | 000,398,288 | ---- | M] () -- C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.12.03 20:12:04 | 009,619,456 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV:64bit: - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.03.23 15:04:22 | 000,909,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2012.03.21 13:32:01 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.10 20:57:30 | 003,340,064 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 08:55:53 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.05 19:31:17 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.10.12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.07.18 21:35:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.04 19:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.11.12 18:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007.01.11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.31 08:56:33 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.01.31 08:56:33 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.11.24 22:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.11.24 22:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.10.07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.08.08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.07.11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.07.11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.07.11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.07.11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.02 09:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.02.07 13:34:45 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.02.07 13:34:45 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.01.31 23:48:10 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.19 17:19:38 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}
IE:64bit: - HKLM\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKLM\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2124320
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=5453387e00000000000090e6ba6515c1
IE - HKCU\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKCU\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={45AF05C8-ED7B-41DD-878B-6DEDC97FA553}&mid=43b40588aaf347d0a03c41affc81fc32-450bf629469fd1682f1cead1d522c8d33fd0288f&lang=de&ds=AVG&pr=fr&d=2012-03-23 15:04:23&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2124320
IE - HKCU\..\SearchScopes\{B4BE5E59-3B3E-4FFD-BC3F-D6AB1DC7838F}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20111044,16981,0,22,0"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=110000&babsrc=adbartrp&mntrId=5453387e00000000000090e6ba6515c1&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Koc\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.03.23 15:04:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012.03.23 15:04:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.20 13:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.14 10:44:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.20 13:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.14 10:44:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Koc\Program Files (x86)\DNA [2011.11.05 19:53:26 | 000,000,000 | ---D | M]
 
[2010.02.01 12:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Koc\AppData\Roaming\Mozilla\Extensions
[2012.03.10 23:16:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions
[2011.10.19 17:57:23 | 000,000,000 | ---D | M] (DDBAC) -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions\{271A3CF5-5A54-447B-A08F-BE805F0DA60A}
[2011.10.14 13:06:25 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2010.06.02 18:26:04 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.12 10:51:21 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions\toolbar@ask.com
[2010.02.04 00:05:30 | 000,002,163 | ---- | M] () -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\searchplugins\bing.xml
[2010.01.12 15:26:12 | 000,000,941 | ---- | M] () -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\searchplugins\conduit.xml
[2011.10.14 13:06:07 | 000,003,915 | ---- | M] () -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\searchplugins\sweetim.xml
[2012.02.22 21:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\KOC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HHENO98.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012.03.20 13:44:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.22 21:31:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.23 15:04:20 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.25 15:14:05 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.22 21:31:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.22 21:31:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.28 17:56:18 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchFxt.xml
[2012.02.22 21:31:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.22 21:31:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.22 21:31:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.18 16:19:00 | 000,001,050 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1       ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1       onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1       orbitservice.ubi.com
O1 - Hosts: 127.0.0.1       ubisoft-orbit-savegames.s3.amazonaws.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.1\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ChallengerPro] C:\Program Files (x86)\Thermaltake Challenger Pro\Ttsystray.exe (Chicony)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [{1D0A50C5-0A46-11DF-8BA7-806E6F6E6963}] C:\Users\Koc\AppData\Roaming\Microsoft\newsrdr.exe (the VideoLAN Team)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Koc\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: olb.de ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB (B+S Banksysteme AG DDBAC Plug-In)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBBF891A-96DD-4D2F-9DEB-58A1ECE03F8D}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cc69dd07-0eba-11df-a591-90e6ba6515c1}\Shell - "" = AutoRun
O33 - MountPoints2\{cc69dd07-0eba-11df-a591-90e6ba6515c1}\Shell\AutoRun\command - "" = K:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4732DEB2-7C6F-40F6-10F6-3F425E33C220} - Internet Explorer
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5A525B7A-82D3-214A-CBA5-E92CE1399C60} - Browser Customizations
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4680B4F0-DCE8-84ED-F9B5-06775D2FB1EE} - Internet Explorer
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig:64bit - StartUpFolder: C:^Users^Koc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Users\Koc\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: facemoods - hkey= - key= - C:\Program Files (x86)\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe (facemoods.com)
MsConfig:64bit - StartUpReg: GAINWARD - hkey= - key= - C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
MsConfig:64bit - StartUpReg: GMX_GMX MultiMessenger - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: HPADVISOR - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: SmartMenu - hkey= - key= - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.23 15:11:22 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Roaming\AVG2012
[2012.03.23 15:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012.03.23 15:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.03.23 15:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012.03.23 15:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012.03.23 15:04:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.03.23 15:03:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012.03.23 15:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012.03.23 15:03:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012.03.23 15:03:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012.03.23 14:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.03.23 14:24:03 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Koc\Documents\Desktop\OTL.exe
[2012.03.23 06:58:12 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{2CB59A15-9B96-4C3C-B9DA-97DEB293706A}
[2012.03.23 06:58:01 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{46FBFB16-EB0B-4FF2-B359-DBA2C9524E01}
[2012.03.21 07:16:52 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B2BB6F2C-E1C3-4734-A2D7-8E4E61D59A30}
[2012.03.21 07:16:41 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{2E9D5AA7-D0B8-4989-9D16-5E6373472999}
[2012.03.20 07:01:00 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{3A42C2AA-708D-4DE5-B6D3-0CFBF0BE81C2}
[2012.03.20 07:00:47 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{D7749010-F33C-47BB-805B-7C3968315DDD}
[2012.03.19 07:30:01 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{3B662F78-6D85-4E91-9637-D294E0B6C41B}
[2012.03.19 07:29:50 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{5CDB5B73-1017-4A66-A883-CD44304B007D}
[2012.03.18 11:49:30 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{DFF64290-0598-4D58-ABC1-253BF07F5137}
[2012.03.18 11:49:19 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B81C251A-5F66-4BA4-AEA7-F54087FA2FF2}
[2012.03.17 22:50:16 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{E9258F6D-F815-4C6D-BBF8-45CE8E204A50}
[2012.03.17 22:50:04 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{D7DC526C-4844-4D47-9734-850E773E245D}
[2012.03.17 08:21:31 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{37940648-A346-40B4-A83F-406D5D6B8688}
[2012.03.17 08:21:20 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{15120BE7-24DF-4C5D-9332-8A7C7A6F3337}
[2012.03.16 06:58:35 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{F4E5FD0B-45DC-43D2-910C-1E0472DA72CA}
[2012.03.16 06:58:21 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{0D3C03DA-C69D-44CE-9653-A8AC33514A1D}
[2012.03.15 06:24:21 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{12B4DB6A-117A-45F6-BED5-C4582A4D945D}
[2012.03.15 06:24:10 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{8E02982A-16EE-4B43-8013-E6311434ED93}
[2012.03.14 13:23:35 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{869AD0B9-1A4B-4B2F-A348-F45FCA7DBA15}
[2012.03.14 13:23:24 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B90EFAF9-4590-49E6-B6AB-3433BEEA44E8}
[2012.03.13 06:45:54 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{5EA971FA-4049-404E-A5E2-B80A949CEF32}
[2012.03.13 06:45:41 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{EAC6E2BC-7D83-41A4-8A81-56CC6AEF0037}
[2012.03.12 06:45:57 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{E4840277-5EFA-4B8E-84E2-882AC616C02F}
[2012.03.12 06:45:47 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{189E10DF-7726-4D15-8C46-D7ABB4657BA9}
[2012.03.11 11:15:25 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{21890387-EB44-4828-AA65-03033AB929C5}
[2012.03.11 11:15:15 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{BF498C1B-379E-4438-9773-BE346C484A4D}
[2012.03.10 11:27:24 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{9B78DBBD-A58B-4353-A684-2E6693EC3A07}
[2012.03.10 11:27:12 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{3645D781-8361-4BDF-8541-8D8E93A01582}
[2012.03.09 22:51:59 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{0428779E-8B04-40B8-874D-2B601201DB74}
[2012.03.09 22:51:48 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{7083B940-C92A-4CAA-8F43-DBFE94425C97}
[2012.03.09 08:09:35 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{8E93D105-7E25-49BD-8E71-B9EE6E2AC54A}
[2012.03.09 08:09:24 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{75D7A1A8-A7F3-46E3-8BAA-DF36870836FC}
[2012.03.08 07:28:04 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{38DD7A48-2129-4018-8834-73515EBF1C80}
[2012.03.08 07:27:41 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{003B6C1A-B213-416F-A172-377913A3A34B}
[2012.03.07 15:34:16 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{F1AF3298-1B1E-42A3-9A05-4AA521A66702}
[2012.03.07 15:34:06 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{408C0D5A-6B18-4FF6-9D51-D8693796A9FB}
[2012.03.06 13:29:50 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{4B340039-B14B-4F63-B8F0-9879707983C8}
[2012.03.06 13:29:40 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{3447D83A-A379-4468-AC17-692FAC8E7285}
[2012.03.05 13:33:51 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{C5688367-D23D-40B2-B735-021AC709E9EF}
[2012.03.05 13:33:39 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{40293C7B-9B6F-478E-8DBC-4A5B2605E53F}
[2012.03.04 13:04:57 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{035D35FB-E1BF-4322-AA90-2876490F5169}
[2012.03.04 13:04:47 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{5A210FE0-01EC-46FF-9808-A59D4CB7664C}
[2012.03.04 12:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012.03.03 09:07:17 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B1BF5AD6-4459-4926-801A-7B8D403EB2AD}
[2012.03.03 09:07:07 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{9CA9FADF-F4A5-47A5-906C-6575FD62ADE2}
[2012.03.02 06:50:48 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{1BBD3B26-E1EC-4CE7-9247-4EC6A38F9B17}
[2012.03.02 06:50:38 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{36E5AF48-1C93-42AB-94AC-8B2D129A76D9}
[2012.03.01 07:00:04 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{77F7B208-6095-4824-AEAB-8FEBCD870174}
[2012.03.01 06:59:53 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{389DCF49-2166-48AD-AB02-F404549E7EE5}
[2012.02.29 13:20:57 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{4FD698CB-3753-4529-9AB2-EA6459AB479D}
[2012.02.29 13:20:46 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{40CBFE62-A22C-4015-B231-D3EBE5F05E21}
[2012.02.28 19:29:54 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{6E24C06B-D188-41C6-8F6E-A4E6C8A46CE0}
[2012.02.28 19:29:33 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{50C7176A-360C-4143-984C-DDE97398B06F}
[2012.02.28 07:28:52 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{EEDDA2B5-C103-4AD3-8DD5-B9E689A4851E}
[2012.02.28 07:28:40 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{30C033DC-D93F-49D1-B3A1-09FED3366F68}
[2012.02.27 18:41:12 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{83EF20B7-5BFC-4D66-B20D-AA570E7C8F9C}
[2012.02.27 18:40:51 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{519F1C82-6828-43C8-8562-AD711DE9668D}
[2012.02.27 18:19:44 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Roaming\ProgSense
[2012.02.27 18:19:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Beschleunigen
[2012.02.27 18:19:44 | 000,000,000 | ---D | C] -- C:\Downloads
[2012.02.27 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Roaming\Orbit
[2012.02.27 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Roaming\OpenCandy
[2012.02.27 06:40:25 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{43FFDA3E-3943-4A48-812A-20AEE9427C40}
[2012.02.27 06:40:15 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{2B762216-AD84-40EE-978B-4B09DB238728}
[2012.02.26 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{5E50EC1C-A3AD-4299-89B4-9BF6B82D81A2}
[2012.02.26 09:27:52 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{EE63B937-EB71-443D-B8BB-1C1A605322EA}
[2012.02.25 15:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.02.25 09:05:35 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{0B465A1A-8C44-4D20-A189-8432D30659E8}
[2012.02.25 09:05:23 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B0EF51DC-89F0-4271-974B-8536AE0426DA}
[2012.02.24 07:50:09 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{A86C5033-90EA-4985-B102-4011E28C91C0}
[2012.02.24 07:49:58 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B97683E3-9789-451B-B07E-9303B593189C}
[2012.02.23 08:10:47 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{70A0A887-C5F9-429A-BAA7-BDC2D4ADFC13}
[2012.02.23 08:10:36 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{FEA3E3C6-CA95-41A4-BF6F-93E118093A66}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.23 15:13:49 | 059,430,526 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.03.23 15:13:49 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjw.avm
[2012.03.23 15:04:32 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.03.23 15:03:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012.03.23 15:03:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012.03.23 14:24:29 | 001,642,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.23 14:24:29 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.23 14:24:29 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.23 14:24:29 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.23 14:24:29 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.23 14:24:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Koc\Documents\Desktop\OTL.exe
[2012.03.23 14:20:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.23 14:20:08 | 536,268,799 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.23 14:14:38 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2012.03.23 13:53:14 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.23 13:53:14 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.20 18:23:52 | 000,307,650 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\OpenDocument Text (neu) (2).odt
[2012.03.20 14:24:57 | 001,619,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.14 15:59:32 | 003,309,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.10 23:13:53 | 000,000,600 | ---- | M] () -- C:\Users\Koc\PUTTY.RND
[2012.03.04 12:42:57 | 000,002,003 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\JDownloader.lnk
[2012.02.26 19:18:30 | 000,005,176 | ---- | M] () -- C:\Users\Koc\.TransferManager.db
[2012.02.25 15:14:10 | 000,000,237 | ---- | M] () -- C:\user.js
[2012.02.25 14:49:06 | 000,002,003 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\Kies Air Discovery Service.lnk
[2012.02.25 14:41:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.02.22 20:26:15 | 000,001,302 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\Free YouTube Download.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.23 15:13:49 | 059,430,526 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.03.23 15:13:49 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjw.avm
[2012.03.23 15:04:32 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.03.23 15:03:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012.03.23 15:03:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012.03.10 18:09:38 | 000,000,600 | ---- | C] () -- C:\Users\Koc\PUTTY.RND
[2012.03.04 12:42:57 | 000,002,003 | ---- | C] () -- C:\Users\Koc\Documents\Desktop\JDownloader.lnk
[2012.03.04 12:42:54 | 000,001,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.03.04 12:42:54 | 000,001,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.03.04 12:42:54 | 000,001,890 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.02.26 18:57:36 | 000,005,176 | ---- | C] () -- C:\Users\Koc\.TransferManager.db
[2012.02.25 15:14:10 | 000,000,237 | ---- | C] () -- C:\user.js
[2012.02.25 14:49:06 | 000,002,003 | ---- | C] () -- C:\Users\Koc\Documents\Desktop\Kies Air Discovery Service.lnk
[2012.02.25 14:41:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.02.12 18:46:11 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.06.02 08:17:24 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.11.24 13:06:46 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.08.16 09:11:13 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.07.05 19:53:26 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.04.28 14:27:37 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
 
========== LOP Check ==========
 
[2011.10.12 18:29:25 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\.minecraft
[2012.03.23 15:11:22 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\AVG2012
[2010.09.19 13:08:32 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Azureus
[2011.10.25 22:01:54 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Babylon
[2010.02.01 12:16:19 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DAEMON Tools Lite
[2011.07.20 19:34:33 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DataDesign
[2010.05.22 12:34:38 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Dev-Cpp
[2011.11.05 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DNA
[2012.02.22 20:26:21 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DVDVideoSoft
[2011.04.13 11:09:39 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.16 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\EPSON
[2010.11.01 12:01:35 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\GetRightToGo
[2010.07.14 20:39:31 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\GMX
[2011.03.26 14:16:50 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\gtk-2.0
[2010.07.09 21:52:18 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Leadertech
[2011.07.11 15:02:22 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Need for Speed World
[2012.02.27 18:19:36 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\OpenCandy
[2010.04.18 12:32:59 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\OpenOffice.org
[2012.02.27 21:47:36 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Orbit
[2012.01.05 16:35:06 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Origin
[2012.02.27 18:19:44 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\ProgSense
[2010.02.22 10:43:24 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Sports Interactive
[2010.02.03 10:48:15 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Steganos
[2011.10.15 17:24:20 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\The Creative Assembly
[2010.11.27 14:31:53 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\TubeBox
[2010.03.16 17:36:02 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Ubisoft
[2010.02.16 23:12:55 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Uniblue
[2010.01.30 12:34:56 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\WildTangent
[2010.02.01 18:58:43 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\WinBatch
[2010.01.30 12:35:18 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\_MDLogs
[2012.03.23 14:14:38 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
[2012.01.31 12:46:29 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012.03.09 13:23:06 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.04.13 09:50:17 | 000,000,000 | ---D | M] -- C:\$Recycle.Bin
[2010.04.25 20:10:47 | 000,000,000 | ---D | M] -- C:\AeriaGames
[2011.03.24 17:28:38 | 000,000,000 | ---D | M] -- C:\Casino
[2010.05.22 12:31:00 | 000,000,000 | ---D | M] -- C:\Dev-Cpp
[2012.02.27 18:25:18 | 000,000,000 | ---D | M] -- C:\Downloads
[2010.08.14 16:58:20 | 000,000,000 | ---D | M] -- C:\Fraps
[2010.02.24 12:37:28 | 000,000,000 | ---D | M] -- C:\Games
[2010.07.31 09:43:41 | 000,000,000 | ---D | M] -- C:\hp
[2010.04.19 09:25:10 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.10.15 17:42:54 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.11.05 11:10:26 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.03.23 15:04:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.03.23 15:04:31 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012.03.05 19:27:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.15 17:44:07 | 000,000,000 | ---D | M] -- C:\Users
[2012.03.23 14:20:09 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.01.04 02:09:35 | 000,002,881 | ---- | M] () -- C:\Users\Koc\.recently-used.xbel
[2012.02.26 19:18:30 | 000,005,176 | ---- | M] () -- C:\Users\Koc\.TransferManager.db
[2012.03.23 15:28:04 | 005,505,024 | -HS- | M] () -- C:\Users\Koc\NTUSER.DAT
[2012.03.23 15:28:04 | 000,262,144 | -HS- | M] () -- C:\Users\Koc\ntuser.dat.LOG1
[2010.01.30 12:24:34 | 000,000,000 | -HS- | M] () -- C:\Users\Koc\ntuser.dat.LOG2
[2010.01.30 12:46:36 | 000,065,536 | -HS- | M] () -- C:\Users\Koc\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.01.30 12:46:36 | 000,524,288 | -HS- | M] () -- C:\Users\Koc\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.01.30 12:46:36 | 000,524,288 | -HS- | M] () -- C:\Users\Koc\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.01.30 12:24:34 | 000,000,020 | -HS- | M] () -- C:\Users\Koc\ntuser.ini
[2012.03.10 23:13:53 | 000,000,600 | ---- | M] () -- C:\Users\Koc\PUTTY.RND
[2010.03.06 15:46:10 | 000,000,000 | ---- | M] () -- C:\Users\Koc\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Files - Unicode (All) ==========
[2012.03.22 18:45:10 | 000,000,000 | ---D | M](C:\Users\Koc\Documents\Desktop\???? GØÐ?I??™?) -- C:\Users\Koc\Documents\Desktop\☪๖ۣۜ GØÐĿĪҚЄ™☪
[2010.02.06 00:09:05 | 000,000,000 | ---D | C](C:\Users\Koc\Documents\Desktop\???? GØÐ?I??™?) -- C:\Users\Koc\Documents\Desktop\☪๖ۣۜ GØÐĿĪҚЄ™☪

< End of report >
         
--- --- ---
__________________


Alt 23.03.2012, 16:12   #3
markusg
/// Malware-holic
 
Virus -  "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" - Standard

Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [{1D0A50C5-0A46-11DF-8BA7-806E6F6E6963}] C:\Users\Koc\AppData\Roaming\Microsoft\newsrdr.exe (the VideoLAN Team)
 :Files
C:\Users\Koc\AppData\Roaming\Microsoft\newsrdr.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
__________________

Alt 23.03.2012, 17:47   #4
Heinrichter
 
Virus -  "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" - Standard

Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"



Hab ich gemacht Chef, nur konnte mein antivirus programm nicht ausschalten hoffe ist nicht so dramatisch, naja danke ist seit echt gute Menschen besten Dank.

Alt 23.03.2012, 17:49   #5
markusg
/// Malware-holic
 
Virus -  "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" - Standard

Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"



schaun wir mal weiter:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.03.2012, 18:04   #6
Heinrichter
 
Virus -  "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" - Standard

Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"



Ich habe combofix runtergeladen aber der sagt mir das es bei mir nicht funktioniert, weil ich ja windows 7 64bit drauf habe, was kann ich machen chef? Es wäre natürlich optimal wenn du mir den Download Link von Combofix geben könntest, wenn es einen für 64 bit gibt, also ich habe keins gefunden

Alt 23.03.2012, 18:06   #7
markusg
/// Malware-holic
 
Virus -  "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" - Standard

Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"



da sind ganze 2 stück im tutorial, sollte für dein system passen :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.03.2012, 19:23   #8
Heinrichter
 
Virus -  "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" - Standard

Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"



Zitat:
Zitat von markusg Beitrag anzeigen
da sind ganze 2 stück im tutorial, sollte für dein system passen :-)
Tut mir Leid Meister hat bisschen lange gedauert, wie gesagt bin schwer von Begriff^^ hier das Ding. Danke für deine Bemühung

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-03-22.01 - Koc 23.03.2012  19:51:05.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6143.4325 [GMT 1:00]
ausgeführt von:: c:\users\Koc\Documents\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.8.1\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.8.1\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.8.1\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.8.1\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.8.1\uninstall.exe
c:\program files (x86)\IMinent Toolbar\tbHElper.dll
c:\users\Koc\videos\fraps.exe
c:\users\Koc\videos\uninstall.exe
c:\windows\IsUn0407.exe
c:\windows\RazorDOX
c:\windows\RazorDOX\RazorDOX.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-23 bis 2012-03-23  ))))))))))))))))))))))))))))))
.
.
2012-03-23 18:57 . 2012-03-23 18:57	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-03-23 18:02 . 2012-03-23 18:02	--------	d-----w-	c:\users\Koc\AppData\Roaming\Iminent
2012-03-23 18:02 . 2012-03-23 18:02	--------	d-----w-	c:\programdata\Iminent
2012-03-23 18:02 . 2012-03-23 18:57	--------	d-----w-	c:\program files (x86)\IMinent Toolbar
2012-03-23 18:02 . 2011-12-23 12:07	73216	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.80.dll
2012-03-23 18:02 . 2011-12-23 12:07	67072	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components\Iminent.WebBooster.XPCOM.18.dll
2012-03-23 18:02 . 2011-12-23 12:07	72704	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.50.dll
2012-03-23 18:02 . 2011-12-23 12:06	73216	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.90.dll
2012-03-23 18:02 . 2011-12-23 12:06	75264	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.20.dll
2012-03-23 18:02 . 2011-12-23 12:06	73216	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.60.dll
2012-03-23 18:02 . 2011-12-23 12:06	73216	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.70.dll
2012-03-23 18:02 . 2012-03-23 18:02	--------	d-----w-	c:\program files (x86)\Iminent
2012-03-23 17:42 . 2012-03-23 17:42	--------	d-----w-	c:\programdata\WinZip
2012-03-23 17:31 . 2012-03-23 17:43	--------	d-----w-	C:\_OTL
2012-03-23 16:48 . 2012-03-23 16:48	--------	d-----w-	C:\$AVG
2012-03-23 14:11 . 2012-03-23 14:11	--------	d-----w-	c:\users\Koc\AppData\Roaming\AVG2012
2012-03-23 14:04 . 2012-03-23 14:04	--------	d--h--w-	c:\programdata\Common Files
2012-03-23 14:03 . 2012-03-23 18:20	--------	d-----w-	c:\programdata\AVG2012
2012-03-23 14:03 . 2012-03-23 14:03	--------	d-----w-	c:\program files (x86)\AVG
2012-03-23 13:59 . 2012-03-23 18:18	--------	d-----w-	c:\programdata\MFAData
2012-03-20 12:44 . 2012-03-20 12:44	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 12:44 . 2012-03-20 12:44	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 13:22 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 13:22 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 13:22 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 12:29 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 12:29 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 12:29 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-14 12:28 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 12:28 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 12:28 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 12:28 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 12:28 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-14 12:28 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 12:28 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-04 11:42 . 2012-03-10 22:17	--------	d-----w-	c:\program files (x86)\JDownloader
2012-02-27 17:19 . 2012-02-28 15:10	--------	d-----w-	c:\program files (x86)\PC Beschleunigen
2012-02-27 17:19 . 2012-02-27 17:25	--------	d-----w-	C:\Downloads
2012-02-27 17:19 . 2012-02-27 17:19	--------	d-----w-	c:\users\Koc\AppData\Roaming\ProgSense
2012-02-27 17:19 . 2012-02-27 20:47	--------	d-----w-	c:\users\Koc\AppData\Roaming\Orbit
2012-02-27 17:19 . 2012-02-27 17:19	--------	d-----w-	c:\users\Koc\AppData\Roaming\OpenCandy
2012-02-25 14:14 . 2012-02-25 14:14	237	----a-w-	C:\user.js
2012-02-25 14:14 . 2012-02-25 14:14	--------	d-----w-	c:\program files (x86)\BabylonToolbar
2012-02-22 20:31 . 2012-02-22 20:31	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-22 20:31 . 2012-02-22 20:31	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-22 20:31 . 2012-02-22 20:31	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-23 18:02 . 2011-05-17 15:52	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-02-18 13:57	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-08 07:13 . 2012-03-23 13:22	8643640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{37820E9E-EE8A-42F8-8108-41FCF3644D68}\mpengine.dll
2012-02-07 13:23 . 2012-02-07 13:23	238440	----a-w-	c:\windows\SysWow64\AXFOAM.DLL
2012-01-25 17:55 . 2010-07-05 18:58	282880	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-01-25 17:55 . 2010-02-04 15:33	282880	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-01-25 17:51 . 2010-02-04 15:33	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-01-05 18:31 . 2010-02-04 15:33	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-01-04 10:44 . 2012-02-16 16:29	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 16:29	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-16 16:29	515584	----a-w-	c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 16:29	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-16 16:29	498688	----a-w-	c:\windows\system32\drivers\afd.sys
2006-05-03 09:06	163328	--sh--r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30	216064	--sh--r-	c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 08:54	2607872	----a-w-	c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2009-12-31 10:53	2349080	----a-w-	c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 19:20	1514152	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Koc\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-01-11 28201096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-09-08 888488]
"ChallengerPro"="c:\program files (x86)\Thermaltake Challenger Pro\Ttsystray.exe" [2010-06-21 1254912]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2011-12-23 445416]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2011-12-23 881144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-11-5 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Koc\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\WolfTeam\GameGuard\dump_wmimmc.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.iminent.com/?appId=BE9671BD-B3D0-4D74-BF98-5AF984BDA8E3
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: olb.de\www
TCP: DhcpNameServer = 192.168.178.1
DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} - hxxps://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB
FF - ProfilePath - c:\users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - SearchTheWeb
FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=BE9671BD-B3D0-4D74-BF98-5AF984BDA8E3
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4cf2d1e0-dc01-4c8a-8b5d-96383df0b315%7D&mid=43b40588aaf347d0a03c41affc81fc32-450bf629469fd1682f1cead1d522c8d33fd0288f&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2012-03-23%2015%3A04%3A23&sap=ku&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110000
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 5453387e00000000000090e6ba6515c1
FF - user.js: extensions.BabylonToolbar_i.hardId - 5453387e00000000000090e6ba6515c1
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15395
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:14
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{9b339f6e-ddcd-401b-8764-230adbd01761} - (no file)
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{9b339f6e-ddcd-401b-8764-230adbd01761} - (no file)
Toolbar-{9b339f6e-ddcd-401b-8764-230adbd01761} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.8.1\uninstall.exe
AddRemove-Fraps - c:\users\Koc\Videos\uninstall.exe
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
AddRemove-Kies Air Discovery Service - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1260347745-2057524765-1331118998-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:be,99,58,7a,13,a1,04,6f,b9,8e,08,96,a8,c0,39,56,93,72,d8,8e,b7,2a,6b,
   f2,63,12,48,af,b9,86,9c,f2,f1,ca,a6,24,2d,4a,27,01,af,8d,05,f2,42,85,77,e5,\
"??"=hex:68,ad,ff,19,4d,1d,95,e3,8a,d5,61,e6,91,cf,84,89
.
[HKEY_USERS\S-1-5-21-1260347745-2057524765-1331118998-1000\Software\SecuROM\License information*]
"datasecu"=hex:40,4d,3b,67,a6,7c,03,ec,a7,c8,be,38,46,2b,e1,5c,02,49,33,21,53,
   98,df,1d,b4,41,2a,f9,6a,3b,58,aa,f4,97,54,da,b8,45,14,27,3f,8c,16,75,80,22,\
"rkeysecu"=hex:b1,31,0c,17,14,ef,5b,cd,47,9b,ca,6a,f5,41,04,79
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-23  20:03:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-23 19:03
.
Vor Suchlauf: 16 Verzeichnis(se), 374.334.586.880 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 378.688.937.984 Bytes frei
.
- - End Of File - - B01C59E7E867967EB5382AC71122C286
         
--- --- ---

Alt 24.03.2012, 16:12   #9
markusg
/// Malware-holic
 
Virus -  "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" - Standard

Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"



war nicht bös gemeint oder so :-)
haben doch bisher alles gut über die bühne gebracht.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.03.2012, 14:16   #10
Heinrichter
 
Virus -  "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" - Standard

Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"



[QUOTE=markusg;799277]war nicht bös gemeint oder so :-)
haben doch bisher alles gut über die bühne gebracht.
QUOTE]

Jo bist ein guter mann, es kann ruhig mehr von deiner sorte geben
hier der bericht.
Und ich danke nochmal

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Koc :: KOC-PC [Administrator]

25.03.2012 12:02:21
mbam-log-2012-03-25 (12-02-21).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 561671
Laufzeit: 1 Stunde(n), 50 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\Electronic Arts\Battlefield Bad Company 2\rld-bbc2.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 25.03.2012, 18:37   #11
markusg
/// Malware-holic
 
Virus -  "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" - Standard

Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"



lade den CCleaner standard:
CCleaner Download - CCleaner 3.16.1666
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.03.2012, 15:43   #12
Heinrichter
 
Virus -  "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" - Standard

Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"



Halloooo, also wo ich unbekannt hinter geschrieben habe, die kenne ich nicht oder weiß nicht ob sie dem system schaden könnten.
Danke, wenn man sie deinstallieren würde.

Code:
ATTFilter
7-Zip 4.65 (x64 edition)	Igor Pavlov	03.02.2010	3,99MB	4.65.00.0 (notwendig)
AC2 server emulator 0.44 by Dormine	bjamikel	17.06.2010	7,11MB (unbekannt)	
Adobe AIR	Adobe Systems Inc.	23.05.2010		1.5.3.9120 (unbekannt)
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	22.03.2012	6,00MB	11.1.102.63 (unbekannt)
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	29.11.2011	6,00MB	11.1.102.55 (unbekannt)
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	29.11.2011	6,00MB	11.1.102.55 (unbekannt)
Adobe Media Player	Adobe Systems Incorporated	04.05.2010		1.1 (unbekannt)
Adobe Photoshop CS3	Adobe Systems Incorporated	17.07.2010	1.127MB	10.0 (unnötig)
Adobe Reader 9.4.5 - Deutsch	Adobe Systems Incorporated	13.07.2011	168,0MB	9.4.5 (unbekannt)
Akamai NetSession Interface		19.12.2011 (unbekannt)		
Akamai NetSession Interface Service		09.11.2011 (unbekannt)		
Avira Free Antivirus	Avira	22.03.2012	109,5MB	12.0.0.898 (notwendig)
Avira SearchFree Toolbar plus Web Protection	Ask.com	10.01.2012	4,56MB	1.14.1.0 (unnötig)
Babylon toolbar on IE		24.02.2012 (unnötig)		
Battlefield 3™	Electronic Arts	04.01.2012		1.0.0.0 (notwendig)
Battlelog Web Plugins	EA Digital Illusions CE AB	04.01.2012 	 1.104.0 (notwendig)	
Bing Bar	Microsoft Corporation	24.03.2011	24,4MB	7.0.609.0 (unbekannt)
Call of Duty Modern Warfare 2	Activision	27.06.2010 (unnötig)		
Call of Duty: Modern Warfare 3	Infinity Ward - Sledgehammer Games	08.11.2011 (notwendig)		
Call of Duty: Modern Warfare 3 - Dedicated Server	Infinity Ward - Sledgehammer Games	08.11.2011 (notwendig)		
Call of Duty: Modern Warfare 3 - Multiplayer	Infinity Ward - Sledgehammer Games	08.11.2011 (notwendig)		
Camera RAW Plug-In for EPSON Creativity Suite		05.03.2010		2.1.0.0 (notwendig)
CCleaner	Piriform	25.03.2012		3.16 (notwendig)
Compatibility Pack für 2007 Office System	Microsoft Corporation	19.03.2012	331MB	12.0.6612.1000 (notwendig)
Core Temp 1.0 RC2	Alcpu	24.10.2011	2,31MB	1.0 (unbekannt)
Counter-Strike: Source	Valve	01.12.2010	(notwendig)	
Crysis® 2	Electronic Arts	13.06.2011	7.757MB	1.0.0.0 (notwendig)
CSS FULL DZ [Oct 15 2007] v18.1	GrCs2Ek~	03.04.2010		v18.1 (unnötig)
CX4300_5500_DX4400 Handbuch		05.03.2010 (unbekannt)		
CyberLink DVD Suite Deluxe	CyberLink Corp.	11.10.2009	16,4MB	6.0.3101 (unbekannt)
DDBAC	DataDesign	19.07.2011	8,51MB	4.3.65 (unbekannt)
Dev-C++ 5 beta 9 release (4.9.9.2)		21.05.2010 (unbekannt)		
DivX-Setup	DivX, LLC	14.04.2011		2.4.1.4 (unnötig)
DNA	BitTorrent Inc.	03.04.2010		2.2.4 (16502) (unnötig)
Easy Driver Pro	Easy Driver Pro	14.10.2011	7,41MB	8.0.1 (unbekannt)
EMS SQL Query 2010 for MySQL	EMS	18.01.2011		3.2.0.5 (unbekannt)
EPSON Attach To Email	SEIKO EPSON	05.03.2010	1,08MB	1.01.0000 (notwendig)
EPSON Copy Utility 3		05.03.2010		3.2.0.0 (notwendig)
EPSON Easy Photo Print		05.03.2010		1.4.2.0 (notwendig)
EPSON File Manager		05.03.2010		1.3.0.0 (notwendig)
EPSON Scan		02.03.2010		
EPSON Scan Assistant		05.03.2010		1.10.00 (notwendig)
EPSON-Drucker-Software	SEIKO EPSON Corporation	05.03.2010 (notwendig)		
ESN Sonar	ESN Social Software AB	04.01.2012		0.70.4 (unbekannt)
EVEREST Home Edition v2.20	Lavalys Inc	19.10.2011		2.20 (unnötig)
EVEREST Ultimate Edition v5.50	Lavalys, Inc.	21.10.2011		5.50 (notwendig)
EXPERTool 7.20	Gainward Co., Ltd	02.11.2011	11,2MB	(unbekannt)
facemoods		15.08.2010 (unnötig)		
Fraps		29.12.2011 (unnötig)		
Free Audio CD Burner version 1.3	DVDVideoSoft Limited.	01.06.2010	8,06MB (notwendig)	
Free M4a to MP3 Converter 6.1	ManiacTools.com	14.08.2010 (notwendig)		
Free Studio version 5.0.8	DVDVideoSoft Limited.	12.04.2011	256MB (notwendig)	
Free YouTube Download 3 version 3.0.11.727	DVDVideoSoft Limited.	29.07.2011	44,8MB	(notwendig)
Free YouTube Download version 3.0.22.221	DVDVideoSoft Ltd.	21.02.2012	60,5MB	3.0.22.221 (notwendig)
Free YouTube to MP3 Converter version 3.10.13.1123	DVDVideoSoft Ltd.	04.12.2011	87,6MB (notwendig)	
FreeRIP v3.42	MGShareware	23.11.2010		3.42 (unbekannt)
FUSSBALL MANAGER 12	Electronic Arts	14.02.2012	6.721MB	1.0.0.3 (notwendig)
GIMP 2.6.8		13.01.2011 (notwendig)		
Google Chrome	Google Inc.	25.03.2012		17.0.963.83 (unnötig)
Half-Life 2: Lost Coast	Valve	19.02.2011 (unnötig)		
Hardwarediagnosetools	PC-Doctor, Inc.	12.10.2009 		6.0.5434.08 (unbekannt)
HP Advisor	Hewlett-Packard	11.10.2009	48,0MB	3.2.8946.3086 (unbekannt)
HP Games	WildTangent	25.01.2010		1.0.0.71 (unbekannt)
HP MediaSmart DVD	Hewlett-Packard	29.03.2010	95,3MB	3.0.3420 (unbekannt)
HP MediaSmart Movie Themes	Hewlett-Packard	11.10.2009	400MB	3.0.3102 (unbekannt)
HP MediaSmart Music/Photo/Video	Hewlett-Packard	29.03.2010	314MB	3.1.3601 (unbekannt)
HP MediaSmart SmartMenu	Hewlett-Packard	11.10.2009	1,86MB	3.0.28.2 (unbekannt)
HP Odometer	Hewlett-Packard	11.10.2009	48,00KB	2.10.0000 (unbekannt)
HP Remote Solution	TopSeed	11.10.2009		1.1.9.0 (unbekannt)
HP Setup	Hewlett-Packard	11.10.2009		1.2.3220.3079 (unbekannt)
HP Support Assistant	Hewlett-Packard	06.03.2010	19,4MB	4.3.1.2 (unbekannt)
HP Support Information	Hewlett-Packard	11.10.2009	0,16MB	10.1.0002 (unbekannt)
HP Update	Hewlett-Packard	11.10.2009	2,97MB	5.001.000.014 (unbekannt)
Iminent	Iminent	22.03.2012		4.52.52.0 (unbekannt)
IMinent Toolbar	IMinent	22.03.2012	3,38MB	3.26.0 (unbekannt)
IZArc 4.1	Ivan Zahariev	21.03.2010	12,4MB	4.1 (unbekannt)
Java(TM) 6 Update 29	Sun Microsystems, Inc.	21.05.2010	94,5MB	6.0.290 (unbekannt)
Java(TM) SE Development Kit 6 Update 23	Oracle	18.01.2011	128,3MB	1.6.0.230 (unbekannt)
JDownloader 0.9	AppWork GmbH	03.03.2012		0.9 (notwendig)
Kies Air Discovery Service	Samsung	22.03.2012 (notwendig)		
LabelPrint	CyberLink Corp.	11.10.2009	231MB	2.5.1901 (unbekannt)
LightScribe System Software	LightScribe	11.10.2009	22,5MB	1.18.5.1 (unbekannt)
Logitech SetPoint	Logitech	04.11.2011	17,00KB	4.80 (notwendig)
Magic Desktop	EasyBits Software AS	25.01.2010 (unbekannt)		
Malwarebytes Anti-Malware Version 1.60.1.1000	Malwarebytes Corporation	24.03.2012	17,4MB	1.60.1.1000 (unbekannt)
Messenger Plus! Live	Yuna Software	28.12.2010		4.90.0.392 (unnötig)
Microsoft .NET Framework 1.1	Microsoft	03.02.2010	34,8MB	1.1.4322 (unbekannt)
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	24.06.2010	38,8MB	4.0.30319 (unbekannt)
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	24.06.2010	2,94MB	4.0.30319 (unbekannt)
Microsoft .NET Framework 4 Extended	Microsoft Corporation	18.01.2011	52,0MB	4.0.30319 (unbekannt)
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	18.01.2011	10,7MB	4.0.30319 (unbekannt)
Microsoft .NET Framework 4 Multi-Targeting Pack	Microsoft Corporation	18.01.2011	83,5MB	4.0.30319 (unbekannt)
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	05.05.2011	31,3MB	3.5.88.0 (unnötig)
Microsoft Games for Windows Marketplace	Microsoft Corporation	05.05.2011	6,04MB	3.5.50.0 (unnötig)
Microsoft Help Viewer 1.0	Microsoft Corporation	18.01.2011	3,97MB	1.0.30319 (unbekannt)
Microsoft Help Viewer 1.0 Language Pack - DEU	Microsoft Corporation	18.01.2011	1,95MB	1.0.30319 (unbekannt)
Microsoft Office File Validation Add-In	Microsoft Corporation	15.09.2011	7,95MB	14.0.5130.5003 (unbekannt)
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	19.03.2012	102,2MB	12.0.6612.1000 (unbekannt)
Microsoft Silverlight	Microsoft Corporation	15.02.2012	194,1MB	4.1.10111.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	31.01.2010	1,72MB	3.1.0000 
Microsoft SQL Server 2008 R2 Management Objects	Microsoft Corporation	18.01.2011	17,1MB	10.50.1447.4
Microsoft SQL Server Compact 3.5 SP2 DEU	Microsoft Corporation	18.01.2011	3,69MB	3.5.8080.0
Microsoft SQL Server Compact 3.5 SP2 x64 DEU	Microsoft Corporation	18.01.2011	4,81MB	3.5.8080.0
Microsoft SQL Server System CLR Types	Microsoft Corporation	18.01.2011	2,55MB	10.50.1447.4
Microsoft Visual Basic 2010 Express - DEU	Microsoft Corporation	15.06.2011		10.0.30319
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	30.01.2010	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	30.01.2010	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	0,29MB	8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	11.10.2009	1,48MB	8.0.61000
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	30.01.2010	0,21MB	9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	30.01.2010	0,20MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	17.04.2010	1,70MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	11.10.2009	0,77MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	14.10.2011	3,14MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	13.06.2011	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	11.10.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	23.03.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974	Microsoft Corporation	18.01.2011	0,58MB	9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	06.01.2012	13,8MB	10.0.40219
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319	Microsoft Corporation	18.01.2011	33,0MB	10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	20.12.2011	15,0MB	10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools	Microsoft Corporation	18.01.2011	35,3MB	10.0.30319
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU	Microsoft Corporation	18.01.2011	4,32MB	10.0.30319 (unbekannt)
Microsoft Works	Microsoft Corporation	14.12.2010	500MB	9.7.0621
Mozilla Firefox 11.0 (x86 de)	Mozilla	19.03.2012	36,5MB	11.0 (notwendig)
MSI Afterburner 2.1.0	MSI Co., LTD	02.11.2011		2.1.0 (notwendig)
MSI Kombustor 2.0.0	MSI Co., LTD	02.11.2011	31,1MB	(unbekannt)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	30.01.2010	1,28MB	4.20.9870.0 (unbekannt)
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	30.01.2010	1,33MB	4.20.9876.0 (unbekannt)
MySQL Server 5.5	Oracle Corporation	18.01.2011	510MB	5.5.8 (unbekannt)
Need For Speed™ World	Electronic Arts	10.07.2011		1.0.0.105 (unnötig)
NVIDIA 3D Vision Controller-Treiber 285.62	NVIDIA Corporation	04.01.2012		285.62 (unbekannt)
NVIDIA 3D Vision Treiber 285.62	NVIDIA Corporation	04.01.2012		285.62
NVIDIA Drivers	NVIDIA Corporation	11.10.2009		1.3
NVIDIA Grafiktreiber 285.62	NVIDIA Corporation	04.01.2012		285.62
NVIDIA HD-Audiotreiber 1.2.24.0	NVIDIA Corporation	04.01.2012		1.2.24.0
NVIDIA PhysX-Systemsoftware 9.11.0621	NVIDIA Corporation	04.01.2012		9.11.0621
NVIDIA Update 1.5.20	NVIDIA Corporation	04.01.2012		1.5.20 (unbekannt)
OpenOffice.org 3.2	OpenOffice.org	17.04.2010	373MB	3.2.9483 (notwendig)
Origin	Electronic Arts, Inc.	13.01.2012		8.4.1.210 (notwendig)
PDFCreator	Frank Heindörfer, Philip Chinery	24.01.2011		1.2.0 (unbekannt)
Power2Go	CyberLink Corp.	11.10.2009	169,5MB	6.0.3101 (unbekannt)
PowerDirector	CyberLink Corp.	11.10.2009	522MB	7.0.3101 (unbekannt)
PriceGong 2.5.1	PriceGong	13.10.2011		2.5.1 (unbekannt)
PunkBuster Services	Even Balance, Inc.	04.01.2012		0.991 (unbekannt)
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	11.10.2009		6.0.1.5910 (unbekannt)
SpeedFan (remove only)		02.11.2011 (unbekannt)		
Steam	Valve Corporation	30.11.2010	1,49MB	1.0.0.0 (notwendig)
SUPER © Version 2010.bld.38 (May 2, 2010)	eRightSoft	31.10.2010		Version 2010.bld.38 (May 2, 2010) (unbekannt)
Testversion von Microsoft Office Home and Student 2007		29.01.2010 (unbekannt)		
The Elder Scrolls V: Skyrim	Bethesda Game Studios	19.12.2011 (notwendig)		
Total War: SHOGUN 2	The Creative Assembly	14.10.2011 (notwendig)		
Tt eSPORTS Challenger Pro	Tt eSPORTS	08.11.2011		2.2.0.0 (unbekannt)
TubeBox!	Jens Lorek	26.11.2010	12,9MB	3.4.1 (unbekannt)
Ubisoft Game Launcher	UBISOFT	03.05.2010		1.0.0.0 (unnötig)
Uninstall 1.0.0.1		12.04.2011	10,9MB	 (unbekannt)
Visual Studio 2008 x64 Redistributables	AVG Technologies	22.03.2012	11,6MB	10.0.0.2 (unbekannt) 
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU	Microsoft Corporation	18.01.2011	11,2MB	4.0.8080.0 (unbekannt)
VLC media player 1.1.4	VideoLAN	31.10.2010		1.1.4 (notwendig)
Vuze_Remote Toolbar		29.01.2010 (unnötig)		
Windows Live Essentials	Microsoft Corporation	17.09.2011		15.4.3538.0513 (unbekannt)
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	04.10.2010	5,58MB	15.4.5722.2 (unbekannt)
WinRAR		31.01.2010 (notwendig)		
WinZip 16.0	WinZip Computing, S.L. 	22.03.2012	71,5MB	16.0.9715 (notwendig)
         

Alt 26.03.2012, 15:49   #13
markusg
/// Malware-holic
 
Virus -  "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" - Standard

Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"



deinstaliere:
Adobe Photoshop
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Avira SearchFree
Babylon
Bing
Call of Duty: das unnötige
Core Temp
CSS
CyberLink
DivX
DNA
ESN
EVEREST Home
facemoods
Fraps
FreeRIP
Google Chrome
Half-Life
Iminent

IMinent Toolbar
IZArc
Java: beide
Download der kostenlosen Java-Software
downloade java jre, instalieren.

deinstaliere:
LabelPrint
LightScribe
Magic Desktop
Messenger Plus
Microsoft Games : beide
Microsoft Silverlight
Need For Speed™
PDFCreator
Power2Go
PowerDirector
PriceGong
SpeedFan
SUPER ©
Tt eSPORTS
TubeBox
Vuze_Remote
Windows Live : alle die du nicht nutzt

öffne otl bereinigen neustart.
öffne CCleaner analysieren bereinigen neustart.
testen wie das system läuft
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.03.2012, 17:59   #14
Heinrichter
 
Virus -  "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" - Standard

Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"



Chef hab alles so gemacht wie du es gesagt hast. Ich weiß zwar nicht was du mit meinem pc angestellt hast aber ich finds irgendwie super ^^ dankeee

Alt 26.03.2012, 19:24   #15
markusg
/// Malware-holic
 
Virus -  "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" - Standard

Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"



darf ich daraus schließen, dass es keine probleme mehr gibt?
dann sichern wir jetzt das system ab:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html
sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
Run updateChecker
when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
Windows 7 Systemabbild erstellen (Backup)
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"
7-zip, avira searchfree toolbar, babylon, babylon toolbar, babylontoolbar, bezahlen, bingbar, blockiert, call of duty, conduit, device driver, eigenes, erklären, freunde, heute, hilft, install.exe, interne, internet, jdownloader, konnte, liebe, meldung, microsoft office word, neu, nicht gefunden, nvidia update, office 2007, origin, problem, richtlinie, runterladen, sache, sachen, schwer, search the web, searchscopes, seite, super, system, threads, tubebox, video, virus, visual studio, windows



Ähnliche Themen: Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"


  1. II Blackscreen "Ihr Windowssystem wurde aus Sicherheitsgründen.... Bezahlen und runterladen.
    Log-Analyse und Auswertung - 19.03.2012 (3)
  2. "Windows aus Sicherheitsgründen blockiert - Bezahlen und herunterladen" Virus
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (3)
  3. Blackscreen "Ihr Windowssystem wurde aus Sicherheitsgründen.... Bezahlen und runterladen.
    Log-Analyse und Auswertung - 10.03.2012 (26)
  4. "Bezahlen und runterladen" 50 Euro, Windows blockiert
    Log-Analyse und Auswertung - 06.03.2012 (5)
  5. Fehlermeldung "Windows wurde gesperrt. runterladen und bezahlen" - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 24.02.2012 (17)
  6. Windows 7: "bezahlen und runterladen"-virus _ aus sicherheitsgründen wird...blockiert.etc
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (1)
  7. Windows blockiert - "Windows wurde gesperrt. ..... runterladen und bezahlen"
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (6)
  8. Bezahlen und runterladen! Ihr Windowssystem wurde aus Sicherheitsgründen blockiert!
    Plagegeister aller Art und deren Bekämpfung - 12.02.2012 (26)
  9. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem Blockiert, "Bezahlen nd Downloaden"
    Log-Analyse und Auswertung - 23.01.2012 (3)
  10. "Bezahlen oder runterladen" Virus
    Log-Analyse und Auswertung - 23.01.2012 (3)
  11. Schwarzer Bildschirm bei Windows 7 Starter Edition und Aufforderung "bezahlen und runterladen"
    Plagegeister aller Art und deren Bekämpfung - 17.01.2012 (4)
  12. "Ihr windowssystem wurde blockiert" - "Runterladen und Bezahlen" - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.01.2012 (15)
  13. "Windows aus Sicherheitsgründen blockiert - Bezahlen und herunterladen" Der 50Euro Virus/Trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.01.2012 (9)
  14. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert ... "bezahlen und runterladen"
    Log-Analyse und Auswertung - 05.01.2012 (9)
  15. und noch einer: "windowssystem... blockiert... bezahlen... runterladen"
    Log-Analyse und Auswertung - 26.12.2011 (30)
  16. "Windows wird aus Sicherheitsgründen blockiert"Virus blockiert System
    Log-Analyse und Auswertung - 22.12.2011 (4)
  17. "Aus Sicherheitsgründen wurde ihr System blockiert... bezahlen und downloaden..."
    Log-Analyse und Auswertung - 21.12.2011 (3)

Zum Thema Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" - Hallo Liebe Freunde, Ich bin neu hier und wollte um eure Hilfe bitten. Ich hab schon einige Threads zu meinem Problem gefunden, aber man soll sein eigenes erstellen. Naja ich - Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"...
Archiv
Du betrachtest: Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.