Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.07.2012, 10:05   #1
Labasu
 
Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung - Standard

Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung



Guten Tag!

Habe mir diesen heute schon öfters beschriebenen Trojaner eingefangen!

Beschreibung: Wenn ich eine Verbindung mit dem Internet aufbaue bekomme ich die Meldung: " Betriebssystem gesperrt wegen Krimineller Aktivität 100€ Zahlung zum wiederherstellen"
Ich kann bei dieser Meldung nichts mehr machen ausser Codes für PSC eingeben!

Bis jz habe ich da ich gesehen hab das es ein Fehler von ActiveX Windows Live war deren ganze Programme deinstalliert das half nichts!

Ich habe mir eure Regeln gut durchgelesen und hoffe ich mach das hier richtig Q_Q

OTL logfile created on: 23.07.2012 10:53:21 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Labasu\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

15,98 Gb Total Physical Memory | 13,75 Gb Available Physical Memory | 86,06% Memory free
31,95 Gb Paging File | 29,74 Gb Available in Paging File | 93,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1446,15 Gb Free Space | 79,81% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 31,08 Gb Free Space | 62,17% Space Free | Partition Type: NTFS
Drive F: | 1,88 Gb Total Space | 1,84 Gb Free Space | 97,98% Space Free | Partition Type: FAT

Computer Name: LABASU-PC | User Name: Labasu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.23 10:50:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Labasu\Desktop\OTL.exe
PRC - [2012.07.23 07:07:44 | 000,061,440 | ---- | M] () -- C:\Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe
PRC - [2012.07.09 19:29:34 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012.07.09 19:29:34 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Labasu\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.05.08 16:40:54 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 16:40:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 16:40:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.01.26 01:37:15 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 19:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.04.15 03:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.11.12 16:11:46 | 000,145,224 | ---- | M] (H+H Software GmbH) -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
PRC - [2009.11.12 16:11:40 | 000,383,304 | ---- | M] (H+H Software GmbH) -- C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
PRC - [2009.09.18 18:02:30 | 001,708,032 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe
PRC - [2009.08.21 10:27:24 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009.07.07 21:10:14 | 000,151,552 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe


========== Modules (No Company Name) ==========

MOD - [2012.07.23 07:07:44 | 000,061,440 | ---- | M] () -- C:\Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe
MOD - [2012.07.09 19:29:35 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012.07.09 19:29:34 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012.06.15 04:55:14 | 000,434,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8a6ad5961be0d5083c33ed030fb088c7\IAStorUtil.ni.dll
MOD - [2012.06.15 04:46:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.15 04:46:53 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.11 04:39:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 04:28:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 03:48:00 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 03:47:46 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 03:47:43 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.01.26 01:37:15 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
MOD - [2011.05.16 16:03:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.07 19:50:04 | 000,258,048 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll
MOD - [2009.06.01 15:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\ANIOApi.dll
MOD - [2009.06.01 15:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll
MOD - [2008.08.18 15:11:24 | 001,237,504 | ---- | M] () -- C:\Program Files (x86)\Virtual CD v10\System\vorbis.dll
MOD - [2008.08.18 15:08:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\Virtual CD v10\System\ogg.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.11.23 15:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011.11.21 16:10:10 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.07.15 21:30:33 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) @C:\Program Files (x86)
SRV - [2012.07.12 14:22:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.10 19:48:07 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012.07.09 19:29:34 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012.06.16 17:28:37 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 16:40:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 16:40:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.01.26 01:37:15 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2011.11.21 16:12:56 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.11.21 16:10:04 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.11.02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.11.12 16:11:46 | 000,145,224 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2009.07.07 21:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.08 16:40:55 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 16:40:55 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.24 03:01:28 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.03.24 03:01:27 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.01 17:20:45 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011.11.23 15:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011.11.10 18:32:02 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.28 18:20:08 | 000,209,408 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.07.28 18:20:06 | 000,092,672 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.06.10 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 14:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.25 15:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010.06.09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010.06.09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.04.22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009.11.09 10:55:36 | 000,220,696 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vdrv1000.sys -- (vdrv1000)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.08.05 22:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 10:24:30 | 000,024,088 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HH10Help.sys -- (HH10Help.sys)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.06 19:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2008.06.17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)
DRV - [2012.07.12 15:33:54 | 000,018,048 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.10.14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=nv1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{24C6541F-61B5-47A2-94F5-3177456FBB24}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{7D606411-4F39-4789-9A4C-BB011D91FDBF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393
IE - HKCU\..\SearchScopes\{85AF8E74-3A83-4C2C-963F-F3F5A584C5A8}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={DF015412-EBBC-469C-891E-52AFE4F608A7}&mid=c13c1e90bd9a47d0bf7219d59acaf9dc-c2dd0ca674a236917ef541232f14441249212182&lang=en&ds=ft011&pr=sa&d=2012-04-21 09:57:25&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{D9E6169C-4E85-4E7F-8343-39A4C86F040A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYAT&apn_uid=2F464C0F-B54D-4154-8487-750EAC33A190&apn_sauid=9823CB10-458E-420B-8187-A85AECF28AA6
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "https://www.google.at/"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011.12.01 18:14:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011.12.01 18:14:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011.12.01 18:14:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 19:29:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 17:28:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 17:28:37 | 000,000,000 | ---D | M]

[2011.12.01 18:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Labasu\AppData\Roaming\mozilla\Extensions
[2012.07.13 00:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Labasu\AppData\Roaming\mozilla\Firefox\Profiles\hqt996ux.default\extensions
[2012.04.08 12:46:28 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Labasu\AppData\Roaming\mozilla\Firefox\Profiles\hqt996ux.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012.07.03 07:17:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Labasu\AppData\Roaming\mozilla\Firefox\Profiles\hqt996ux.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.03 07:11:00 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Users\Labasu\AppData\Roaming\mozilla\Firefox\Profiles\hqt996ux.default\extensions\zigboom@ymail.com
[2012.04.20 23:42:36 | 000,002,408 | ---- | M] () -- C:\Users\Labasu\AppData\Roaming\Mozilla\Firefox\Profiles\hqt996ux.default\searchplugins\askcom.xml
[2012.03.12 20:44:30 | 000,001,797 | ---- | M] () -- C:\Users\Labasu\AppData\Roaming\Mozilla\Firefox\Profiles\hqt996ux.default\searchplugins\funmoods.xml
[2012.07.10 00:27:14 | 000,001,056 | ---- | M] () -- C:\Users\Labasu\AppData\Roaming\Mozilla\Firefox\Profiles\hqt996ux.default\searchplugins\icqplugin.xml
[2012.04.25 10:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.05 20:40:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.13 00:22:19 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\LABASU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HQT996UX.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.06.16 17:28:37 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.08 00:47:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.09 19:29:34 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.01.08 00:47:52 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.08 00:47:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.08 00:47:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.08 00:47:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.08 00:47:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.google.com
CHR - Extension: No name found = C:\Users\Labasu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [] C:\Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Labasu\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{072655FE-E572-402F-B11F-470E7CEF20C9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.23 10:52:53 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Labasu\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.23 10:52:53 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Labasu\Desktop\OTL.exe
[2012.07.23 09:26:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.17 12:16:14 | 000,000,000 | ---D | C] -- C:\Users\Labasu\Desktop\FairyTale
[2012.07.15 21:25:48 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.07.15 21:25:44 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.07.15 21:25:44 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.07.15 21:25:44 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.07.15 21:25:44 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.07.15 21:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities
[2012.07.15 21:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2010
[2012.07.15 21:25:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2012.07.14 20:56:32 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
[2012.07.14 02:52:02 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Local\Spotify
[2012.07.14 02:51:09 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\Spotify
[2012.07.13 20:53:37 | 000,000,000 | ---D | C] -- C:\Users\Labasu\Documents\gegl-0.0
[2012.07.13 02:23:38 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\pokerth
[2012.07.13 02:02:55 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\UAs
[2012.07.13 00:42:34 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\xmldm
[2012.07.13 00:42:33 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\kock
[2012.07.11 20:26:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.07.06 21:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\dvdfab
[2012.07.06 21:27:21 | 000,000,000 | ---D | C] -- C:\Users\Labasu\Documents\DVDFab
[2012.07.06 21:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2012.07.06 21:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 8 Qt
[2012.07.06 21:24:07 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.06 21:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2012.07.06 16:18:36 | 000,220,696 | ---- | C] (H+H Software GmbH) -- C:\Windows\SysNative\drivers\vdrv1000.sys
[2012.07.06 16:18:36 | 000,024,088 | ---- | C] (H+H Software GmbH) -- C:\Windows\SysNative\drivers\HH10Help.sys
[2012.07.06 16:18:34 | 000,000,000 | --SD | C] -- C:\Users\Labasu\AppData\Roaming\Virtual CD v10
[2012.07.06 16:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual CD v10
[2012.07.06 16:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual CD v10
[2012.07.06 16:17:55 | 000,040,464 | ---- | C] (H+H Software GmbH) -- C:\Windows\SysNative\drivers\vcd10bus.sys
[2012.07.06 15:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.07.06 15:53:53 | 000,000,000 | -H-D | C] -- C:\Users\Labasu\Documents\Freemake_do_not_remove_this_folder
[2012.07.06 15:43:57 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\TuneUp Software
[2012.07.06 15:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.07.06 15:43:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.06 15:42:08 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\OpenCandy
[2012.07.06 15:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2012.07.06 15:25:28 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\AVS4YOU
[2012.07.06 15:24:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012.07.06 15:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012.07.03 23:50:22 | 000,000,000 | ---D | C] -- C:\Users\Labasu\dwhelper
[2012.07.02 18:28:38 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Local\Macromedia
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.23 10:52:00 | 000,000,000 | ---- | M] () -- C:\Users\Labasu\defogger_reenable
[2012.07.23 10:50:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Labasu\Desktop\OTL.exe
[2012.07.23 10:50:03 | 001,318,344 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.23 10:50:03 | 000,581,614 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.23 10:50:03 | 000,551,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.23 10:50:03 | 000,108,788 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.23 10:50:03 | 000,088,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.23 10:46:54 | 000,050,477 | ---- | M] () -- C:\Users\Labasu\Desktop\Defogger.exe
[2012.07.23 10:38:36 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Labasu\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.23 10:26:22 | 000,000,454 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Labasu.job
[2012.07.23 10:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.23 10:15:31 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.23 10:15:31 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.23 10:08:09 | 000,001,151 | ---- | M] () -- C:\Users\Labasu\Desktop\Wechseldatenträger (F) 1,83 GB.lnk
[2012.07.23 10:07:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.23 10:07:28 | 4276,228,094 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.23 09:57:27 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{072655FE-E572-402F-B11F-470E7CEF20C9}
[2012.07.23 09:57:27 | 000,003,284 | ---- | M] () -- C:\Users\Labasu\AppData\Roaming\ANIWZCS{072655FE-E572-402F-B11F-470E7CEF20C9}
[2012.07.23 09:45:56 | 000,000,646 | ---- | M] () -- C:\Users\Labasu\Labasu - Verknüpfung.lnk
[2012.07.23 09:20:49 | 000,002,416 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.07.22 16:58:57 | 000,102,593 | ---- | M] () -- C:\Users\Labasu\Desktop\FxCam_1342794874513.jpg
[2012.07.22 16:57:31 | 002,886,076 | ---- | M] () -- C:\Users\Labasu\Desktop\20120722_035102.jpg
[2012.07.22 05:08:17 | 000,833,331 | ---- | M] () -- C:\Users\Labasu\Desktop\Unbenannt.jpg
[2012.07.22 05:08:17 | 000,045,037 | ---- | M] () -- C:\Users\Labasu\.recently-used.xbel
[2012.07.19 16:33:22 | 000,021,172 | -HS- | M] () -- C:\Users\Labasu\Desktop\Folder.jpg
[2012.07.19 16:33:22 | 000,005,916 | -HS- | M] () -- C:\Users\Labasu\Desktop\AlbumArtSmall.jpg
[2012.07.15 21:30:32 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.15 21:30:32 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2012.07.14 02:52:02 | 000,001,776 | ---- | M] () -- C:\Users\Labasu\Desktop\Spotify.lnk
[2012.07.13 02:03:04 | 000,000,083 | ---- | M] () -- C:\Users\Labasu\AppData\Roaming\urhtps.dat
[2012.07.13 02:01:24 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2012.07.13 02:00:14 | 000,284,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 15:33:54 | 000,018,048 | ---- | M] () -- C:\Windows\SysWow64\drivers\lirsgt.sys
[2012.07.06 21:27:41 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.07.06 21:27:19 | 000,001,020 | ---- | M] () -- C:\Users\Labasu\Desktop\DVDFab 8 Qt.lnk
[2012.07.06 21:24:07 | 000,001,889 | ---- | M] () -- C:\Users\Labasu\Desktop\CCleaner.lnk
[2012.07.06 16:18:34 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CD v10.lnk
[2012.07.06 15:59:43 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.07.06 13:42:54 | 000,000,540 | ---- | M] () -- C:\Users\Labasu\AppData\Roaming\AutoGK.ini
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.23 10:52:53 | 000,050,477 | ---- | C] () -- C:\Users\Labasu\Desktop\Defogger.exe
[2012.07.23 10:52:00 | 000,000,000 | ---- | C] () -- C:\Users\Labasu\defogger_reenable
[2012.07.23 10:08:09 | 000,001,151 | ---- | C] () -- C:\Users\Labasu\Desktop\Wechseldatenträger (F) 1,83 GB.lnk
[2012.07.23 09:45:56 | 000,000,646 | ---- | C] () -- C:\Users\Labasu\Labasu - Verknüpfung.lnk
[2012.07.22 16:58:41 | 000,102,593 | ---- | C] () -- C:\Users\Labasu\Desktop\FxCam_1342794874513.jpg
[2012.07.22 16:56:43 | 002,886,076 | ---- | C] () -- C:\Users\Labasu\Desktop\20120722_035102.jpg
[2012.07.22 05:08:17 | 000,833,331 | ---- | C] () -- C:\Users\Labasu\Desktop\Unbenannt.jpg
[2012.07.22 05:08:17 | 000,045,037 | ---- | C] () -- C:\Users\Labasu\.recently-used.xbel
[2012.07.19 16:14:54 | 000,021,172 | -HS- | C] () -- C:\Users\Labasu\Desktop\Folder.jpg
[2012.07.19 16:14:54 | 000,005,916 | -HS- | C] () -- C:\Users\Labasu\Desktop\AlbumArtSmall.jpg
[2012.07.15 21:25:38 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.15 21:25:38 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2012.07.15 21:25:36 | 000,002,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities.lnk
[2012.07.14 02:52:02 | 000,001,776 | ---- | C] () -- C:\Users\Labasu\Desktop\Spotify.lnk
[2012.07.14 02:52:02 | 000,001,762 | ---- | C] () -- C:\Users\Labasu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012.07.13 01:55:36 | 000,000,083 | ---- | C] () -- C:\Users\Labasu\AppData\Roaming\urhtps.dat
[2012.07.13 01:00:38 | 000,438,272 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2012.07.12 15:30:33 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\lirsgt.sys
[2012.07.06 21:27:41 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.07.06 21:27:19 | 000,001,020 | ---- | C] () -- C:\Users\Labasu\Desktop\DVDFab 8 Qt.lnk
[2012.07.06 21:24:07 | 000,001,889 | ---- | C] () -- C:\Users\Labasu\Desktop\CCleaner.lnk
[2012.07.06 16:18:34 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CD v10.lnk
[2012.07.06 15:59:43 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.07.06 13:42:54 | 000,000,540 | ---- | C] () -- C:\Users\Labasu\AppData\Roaming\AutoGK.ini
[2012.06.06 00:14:07 | 000,001,595 | ---- | C] () -- C:\Users\Labasu\.ucon64rc
[2012.02.19 13:52:07 | 000,000,060 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012.02.17 07:05:25 | 001,435,292 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.25 03:17:01 | 000,002,416 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.12.01 19:27:23 | 000,003,284 | ---- | C] () -- C:\Users\Labasu\AppData\Roaming\ANIWZCS{072655FE-E572-402F-B11F-470E7CEF20C9}
[2011.12.01 17:56:45 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ANIWConnService.exe
[2011.12.01 17:55:32 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\wlanapp.dll
[2011.12.01 17:55:32 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\aIPH.dll
[2011.12.01 17:55:32 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AQCKGen.dll
[2011.12.01 17:55:32 | 000,045,115 | ---- | C] () -- C:\Windows\SysWow64\ANICtl.dll
[2011.12.01 17:55:09 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\ANIOApi.dll
[2011.12.01 17:53:26 | 000,733,184 | ---- | C] () -- C:\Windows\SysWow64\ANIOWPS.dll
[2011.12.01 17:53:26 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2011.12.01 17:53:26 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\ANIWPS.exe
[2011.12.01 17:52:35 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\rt73.bin

========== LOP Check ==========

[2011.12.01 19:01:26 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\Acreon
[2012.07.22 05:08:17 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\gtk-2.0
[2012.07.13 02:03:01 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\ICQ
[2012.07.13 00:42:33 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\kock
[2012.05.09 10:41:40 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\MotioninJoy
[2012.07.06 15:42:08 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\OpenCandy
[2012.07.13 02:23:38 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\pokerth
[2012.07.23 08:32:14 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\SoftGrid Client
[2012.07.23 09:57:05 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\Spotify
[2012.02.17 07:06:26 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\TP
[2012.01.15 01:52:29 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\TS3Client
[2011.12.01 21:04:25 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\ts3overlay
[2012.07.15 21:25:30 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\TuneUp Software
[2012.07.13 02:02:59 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\UAs
[2012.07.23 09:36:08 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\uTorrent
[2012.07.06 16:19:40 | 000,000,000 | --SD | M] -- C:\Users\Labasu\AppData\Roaming\Virtual CD v10
[2012.02.08 18:54:24 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\VoipBuster
[2012.07.13 02:02:59 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\xmldm
[2012.05.29 14:05:45 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >




OTL Extras logfile created on: 23.07.2012 10:53:21 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Labasu\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

15,98 Gb Total Physical Memory | 13,75 Gb Available Physical Memory | 86,06% Memory free
31,95 Gb Paging File | 29,74 Gb Available in Paging File | 93,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1446,15 Gb Free Space | 79,81% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 31,08 Gb Free Space | 62,17% Space Free | Partition Type: NTFS
Drive F: | 1,88 Gb Total Space | 1,84 Gb Free Space | 97,98% Space Free | Partition Type: FAT

Computer Name: LABASU-PC | User Name: Labasu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D71038-71F2-4530-9310-8D65CC6EAB4E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{07418B52-F82B-4048-8FC6-8A58D344A2A6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{1E7B18A8-441D-4640-80FA-F2F9E57B10B7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{31D1E8B2-9A02-4FB1-9288-81F694F737CA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3B514802-D02D-4375-9D0A-7312139FC3DA}" = protocol=17 | dir=in | app=c:\users\labasu\appdata\local\akamai\netsession_win.exe |
"{5858B59B-2D5C-4A81-8481-A25F7B2AC140}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{5D3B5FFC-9239-4C82-B068-501272A3724E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{8A73CD91-AFF6-474C-8E86-CDA23179F579}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{AB1A5ED4-87C3-4BCB-82F2-4C285B936E6E}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{BC3B71B4-A783-4BBD-B9E1-B08615E7F4D3}" = protocol=6 | dir=in | app=c:\users\labasu\appdata\local\akamai\netsession_win.exe |
"{D9DDC0B3-021E-4553-ABF4-B168AE2D7BF8}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{463F16C7-02E4-4884-A119-25DE487623C1}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{A453B499-2B46-4E7B-8D38-2313069768A6}C:\users\labasu\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\labasu\appdata\roaming\spotify\spotify.exe |
"TCP Query User{B5DC89D9-8D8A-4722-8C33-3F0835BC603B}C:\users\labasu\appdata\local\radiosure\radiosure.exe" = protocol=6 | dir=in | app=c:\users\labasu\appdata\local\radiosure\radiosure.exe |
"UDP Query User{11E4F484-BA8D-45A8-ACD5-722A755F9B43}C:\users\labasu\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\labasu\appdata\roaming\spotify\spotify.exe |
"UDP Query User{7B12C2CE-3FCE-4ECA-AE48-08F3EB073148}C:\users\labasu\appdata\local\radiosure\radiosure.exe" = protocol=17 | dir=in | app=c:\users\labasu\appdata\local\radiosure\radiosure.exe |
"UDP Query User{93A86D3A-F8F5-4963-8803-4CC0D4E6CE8A}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0005
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"Sandboxie" = Sandboxie 3.62 (64-bit)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F753314-628E-4C13-B8AE-BFA7FD514CBE}" = D-Link Wireless G DWL-G122_DWA-110
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DB52C99-EC51-4173-93C5-298769170CB0}" = Audition
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner (remove only)
"DVDFab 8 Qt_is1" = DVDFab 8.1.9.0 (06/07/2012) Qt
"Fraps" = Fraps (remove only)
"Guard.Mail.ru" = Guard.ICQ
"ICQToolbar" = ICQ Toolbar
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 2.0.2
"WinGimp-2.0_is1" = GIMP 2.6.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"RadioSure" = RadioSure
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23.07.2012 03:25:37 | Computer Name = Labasu-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren
werden.

Error - 23.07.2012 03:25:48 | Computer Name = Labasu-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 750 Startzeit: 01cd68a3d965a851 Endzeit: 6 Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID:
9a8fe5ce-d497-11e1-abf5-c89cdc2e102f

Error - 23.07.2012 03:33:05 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019
Description =

Error - 23.07.2012 03:33:14 | Computer Name = Labasu-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 23.07.2012 03:33:18 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019
Description =

Error - 23.07.2012 03:34:26 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019
Description =

Error - 23.07.2012 03:47:18 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019
Description =

Error - 23.07.2012 03:49:24 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019
Description =

Error - 23.07.2012 04:05:11 | Computer Name = Labasu-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 23.07.2012 04:18:18 | Computer Name = Labasu-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:

[ System Events ]
Error - 23.07.2012 03:22:26 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 23.07.2012 03:25:15 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.

Error - 23.07.2012 03:42:02 | Computer Name = Labasu-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 23.07.2012 03:42:02 | Computer Name = Labasu-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 23.07.2012 03:54:58 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 23.07.2012 03:54:59 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 23.07.2012 03:57:19 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.

Error - 23.07.2012 04:08:07 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 23.07.2012 04:08:07 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 23.07.2012 04:10:27 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.


< End of report >

Alt 23.07.2012, 10:13   #2
t'john
/// Helfer-Team
 
Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung - Standard

Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung






Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL

MOD - [2012.07.23 07:07:44 | 000,061,440 | ---- | M] () -- C:\Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe 
MOD - [2012.07.09 19:29:34 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe 
MOD - [2009.07.07 19:50:04 | 000,258,048 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll 
SRV - [2012.07.15 21:30:33 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) @C:\Program Files (x86) 
SRV - [2012.07.10 19:48:07 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) 
SRV - [2012.07.09 19:29:34 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0) 
SRV - [2012.01.26 01:37:15 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru) 
SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) 
SRV - [2009.07.07 21:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService) 
DRV - [2012.07.12 15:33:54 | 000,018,048 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\lirsgt.sys -- (lirsgt) 
IE - HKLM\..\URLSearchHook: - No CLSID value found 
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie 
IE - HKCU\..\URLSearchHook: - No CLSID value found 
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) 
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found 
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} 
IE - HKCU\..\SearchScopes\{24C6541F-61B5-47A2-94F5-3177456FBB24}: "URL" = http://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms} 
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\..\SearchScopes\{7D606411-4F39-4789-9A4C-BB011D91FDBF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7MDNF_enDE393 
IE - HKCU\..\SearchScopes\{85AF8E74-3A83-4C2C-963F-F3F5A584C5A8}: "URL" = http://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} 
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={DF015412-EBBC-469C-891E-52AFE4F608A7}&mid=c13c1e90bd9a47d0bf7219d59acaf9dc-c2dd0ca674a236917ef541232f14441249212182&lang=en&ds=ft011&pr=sa&d=2012-04-21 09:57:25&v=11.0.0.9&sap=dsp&q={searchTerms} 
IE - HKCU\..\SearchScopes\{D9E6169C-4E85-4E7F-8343-39A4C86F040A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYA T&apn_uid=2F464C0F-B54D-4154-8487-750EAC33A190&apn_sauid=9823CB10-458E-420B-8187-A85AECF28AA6 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "Ask.com" 
FF - prefs.js..browser.search.order.1: "Ask.com" 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.search.update: false 
FF - prefs.js..browser.startup.homepage: "https://www.google.at/" 
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=" 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 19:29:37 | 000,000,000 | ---D | M] 
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () 
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe () 
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () 
O4 - HKCU..\Run: [] C:\Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe () 
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Labasu\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found 
O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found 
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found 
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) 
O32 - HKLM CDRom: AutoRun - 1 

[2012.07.15 21:25:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 
 
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] 


[2012.07.15 21:25:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 
[2012.07.13 02:02:55 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\UAs 
[2012.07.13 02:02:59 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\xmldm 
[2012.07.13 00:42:33 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\kock 
[2012.07.06 15:42:08 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\OpenCandy 

 
:Files
C:\Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 23.07.2012, 10:21   #3
Labasu
 
Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung - Standard

Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung



Danke für die schnelle Hilfe irgendwie Glaub ich das es sich trotzdem nicht gut anhört Q_Q





Error: Unable to interpret <OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.07.2012 10:53:21 - Run 1> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Labasu\Desktop> in the current context!
Error: Unable to interpret <64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 9.0.8112.16421)> in the current context!
Error: Unable to interpret <Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <15,98 Gb Total Physical Memory | 13,75 Gb Available Physical Memory | 86,06% Memory free> in the current context!
Error: Unable to interpret <31,95 Gb Paging File | 29,74 Gb Available in Paging File | 93,07% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)> in the current context!
Error: Unable to interpret <Drive C: | 1811,92 Gb Total Space | 1446,15 Gb Free Space | 79,81% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive D: | 50,00 Gb Total Space | 31,08 Gb Free Space | 62,17% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive F: | 1,88 Gb Total Space | 1,84 Gb Free Space | 97,98% Space Free | Partition Type: FAT> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: LABASU-PC | User Name: Labasu | Logged in as Administrator.> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans> in the current context!
Error: Unable to interpret <Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Extra Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== File Associations ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]> in the current context!
Error: Unable to interpret <.html[@ = ChromeHTML] -- Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]> in the current context!
Error: Unable to interpret <.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <.html [@ = ChromeHTML] -- Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]> in the current context!
Error: Unable to interpret <.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Shell Spawning ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]> in the current context!
Error: Unable to interpret <batfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <cmdfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <helpfile [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <htmlfile [edit] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <htmlfile [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <htmlfile [opennew] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"> in the current context!
Error: Unable to interpret <http [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <https [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)> in the current context!
Error: Unable to interpret <InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)> in the current context!
Error: Unable to interpret <InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)> in the current context!
Error: Unable to interpret <piffile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <regfile [merge] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <scrfile [config] -- "%1"> in the current context!
Error: Unable to interpret <scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l> in the current context!
Error: Unable to interpret <scrfile [open] -- "%1" /S> in the current context!
Error: Unable to interpret <txtfile [edit] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1> in the current context!
Error: Unable to interpret <Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()> in the current context!
Error: Unable to interpret <Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()> in the current context!
Error: Unable to interpret <Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Folder [explore] -- Reg Error: Value error.> in the current context!
Error: Unable to interpret <Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Applications\iexplore.exe [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]> in the current context!
Error: Unable to interpret <batfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <cmdfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)> in the current context!
Error: Unable to interpret <exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <helpfile [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <htmlfile [edit] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <htmlfile [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <htmlfile [opennew] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"> in the current context!
Error: Unable to interpret <http [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <https [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)> in the current context!
Error: Unable to interpret <piffile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <regfile [merge] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <scrfile [config] -- "%1"> in the current context!
Error: Unable to interpret <scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l> in the current context!
Error: Unable to interpret <scrfile [open] -- "%1" /S> in the current context!
Error: Unable to interpret <txtfile [edit] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1> in the current context!
Error: Unable to interpret <Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()> in the current context!
Error: Unable to interpret <Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()> in the current context!
Error: Unable to interpret <Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Folder [explore] -- Reg Error: Value error.> in the current context!
Error: Unable to interpret <Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Applications\iexplore.exe [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Security Center Settings ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]> in the current context!
Error: Unable to interpret <"cval" = 1> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]> in the current context!
Error: Unable to interpret <"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]> in the current context!
Error: Unable to interpret <"AntiVirusOverride" = 0> in the current context!
Error: Unable to interpret <"AntiSpywareOverride" = 0> in the current context!
Error: Unable to interpret <"FirewallOverride" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]> in the current context!
Error: Unable to interpret <"DisableMonitoring" = 1> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Firewall Settings ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]> in the current context!
Error: Unable to interpret <"EnableFirewall" = 1> in the current context!
Error: Unable to interpret <"DisableNotifications" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]> in the current context!
Error: Unable to interpret <"EnableFirewall" = 1> in the current context!
Error: Unable to interpret <"DisableNotifications" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]> in the current context!
Error: Unable to interpret <"EnableFirewall" = 1> in the current context!
Error: Unable to interpret <"DisableNotifications" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Authorized Applications List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Vista Active Open Ports Exception List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Vista Active Application Exception List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]> in the current context!
Error: Unable to interpret <"{00D71038-71F2-4530-9310-8D65CC6EAB4E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | > in the current context!
Error: Unable to interpret <"{07418B52-F82B-4048-8FC6-8A58D344A2A6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | > in the current context!
Error: Unable to interpret <"{1E7B18A8-441D-4640-80FA-F2F9E57B10B7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | > in the current context!
Error: Unable to interpret <"{31D1E8B2-9A02-4FB1-9288-81F694F737CA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | > in the current context!
Error: Unable to interpret <"{3B514802-D02D-4375-9D0A-7312139FC3DA}" = protocol=17 | dir=in | app=c:\users\labasu\appdata\local\akamai\netsession_win.exe | > in the current context!
Error: Unable to interpret <"{5858B59B-2D5C-4A81-8481-A25F7B2AC140}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | > in the current context!
Error: Unable to interpret <"{5D3B5FFC-9239-4C82-B068-501272A3724E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | > in the current context!
Error: Unable to interpret <"{8A73CD91-AFF6-474C-8E86-CDA23179F579}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | > in the current context!
Error: Unable to interpret <"{AB1A5ED4-87C3-4BCB-82F2-4C285B936E6E}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | > in the current context!
Error: Unable to interpret <"{BC3B71B4-A783-4BBD-B9E1-B08615E7F4D3}" = protocol=6 | dir=in | app=c:\users\labasu\appdata\local\akamai\netsession_win.exe | > in the current context!
Error: Unable to interpret <"{D9DDC0B3-021E-4553-ABF4-B168AE2D7BF8}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | > in the current context!
Error: Unable to interpret <"TCP Query User{463F16C7-02E4-4884-A119-25DE487623C1}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | > in the current context!
Error: Unable to interpret <"TCP Query User{A453B499-2B46-4E7B-8D38-2313069768A6}C:\users\labasu\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\labasu\appdata\roaming\spotify\spotify.exe | > in the current context!
Error: Unable to interpret <"TCP Query User{B5DC89D9-8D8A-4722-8C33-3F0835BC603B}C:\users\labasu\appdata\local\radiosure\radiosure.exe" = protocol=6 | dir=in | app=c:\users\labasu\appdata\local\radiosure\radiosure.exe | > in the current context!
Error: Unable to interpret <"UDP Query User{11E4F484-BA8D-45A8-ACD5-722A755F9B43}C:\users\labasu\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\labasu\appdata\roaming\spotify\spotify.exe | > in the current context!
Error: Unable to interpret <"UDP Query User{7B12C2CE-3FCE-4ECA-AE48-08F3EB073148}C:\users\labasu\appdata\local\radiosure\radiosure.exe" = protocol=17 | dir=in | app=c:\users\labasu\appdata\local\radiosure\radiosure.exe | > in the current context!
Error: Unable to interpret <"UDP Query User{93A86D3A-F8F5-4963-8803-4CC0D4E6CE8A}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== HKEY_LOCAL_MACHINE Uninstall List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!
Error: Unable to interpret <"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)> in the current context!
Error: Unable to interpret <"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0005> in the current context!
Error: Unable to interpret <"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161> in the current context!
Error: Unable to interpret <"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17> in the current context!
Error: Unable to interpret <"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010> in the current context!
Error: Unable to interpret <"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting> in the current context!
Error: Unable to interpret <"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)> in the current context!
Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26> in the current context!
Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26> in the current context!
Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621> in the current context!
Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28> in the current context!
Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0> in the current context!
Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application> in the current context!
Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components> in the current context!
Error: Unable to interpret <"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64> in the current context!
Error: Unable to interpret <"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319> in the current context!
Error: Unable to interpret <"Sandboxie" = Sandboxie 3.62 (64-bit)> in the current context!
Error: Unable to interpret <"TeamSpeak 3 Client" = TeamSpeak 3 Client> in the current context!
Error: Unable to interpret <"WinRAR archiver" = WinRAR archiver> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!
Error: Unable to interpret <"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener> in the current context!
Error: Unable to interpret <"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10> in the current context!
Error: Unable to interpret <"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31> in the current context!
Error: Unable to interpret <"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology> in the current context!
Error: Unable to interpret <"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater> in the current context!
Error: Unable to interpret <"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service> in the current context!
Error: Unable to interpret <"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver> in the current context!
Error: Unable to interpret <"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411> in the current context!
Error: Unable to interpret <"{5F753314-628E-4C13-B8AE-BFA7FD514CBE}" = D-Link Wireless G DWL-G122_DWA-110> in the current context!
Error: Unable to interpret <"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM> in the current context!
Error: Unable to interpret <"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components> in the current context!
Error: Unable to interpret <"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011> in the current context!
Error: Unable to interpret <"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable> in the current context!
Error: Unable to interpret <"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable> in the current context!
Error: Unable to interpret <"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7> in the current context!
Error: Unable to interpret <"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)> in the current context!
Error: Unable to interpret <"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX> in the current context!
Error: Unable to interpret <"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight> in the current context!
Error: Unable to interpret <"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch> in the current context!
Error: Unable to interpret <"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010> in the current context!
Error: Unable to interpret <"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer> in the current context!
Error: Unable to interpret <"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6> in the current context!
Error: Unable to interpret <"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17> in the current context!
Error: Unable to interpret <"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161> in the current context!
Error: Unable to interpret <"{9DB52C99-EC51-4173-93C5-298769170CB0}" = Audition> in the current context!
Error: Unable to interpret <"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X> in the current context!
Error: Unable to interpret <"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI> in the current context!
Error: Unable to interpret <"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR> in the current context!
Error: Unable to interpret <"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call> in the current context!
Error: Unable to interpret <"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities> in the current context!
Error: Unable to interpret <"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9> in the current context!
Error: Unable to interpret <"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219> in the current context!
Error: Unable to interpret <"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver> in the current context!
Error: Unable to interpret <"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center> in the current context!
Error: Unable to interpret <"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022> in the current context!
Error: Unable to interpret <"Adobe AIR" = Adobe AIR> in the current context!
Error: Unable to interpret <"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX> in the current context!
Error: Unable to interpret <"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin> in the current context!
Error: Unable to interpret <"Adobe Shockwave Player" = Adobe Shockwave Player 11.6> in the current context!
Error: Unable to interpret <"Akamai" = Akamai NetSession Interface> in the current context!
Error: Unable to interpret <"AVG Secure Search" = AVG Security Toolbar> in the current context!
Error: Unable to interpret <"Avira AntiVir Desktop" = Avira Free Antivirus> in the current context!
Error: Unable to interpret <"CCleaner" = CCleaner (remove only)> in the current context!
Error: Unable to interpret <"DVDFab 8 Qt_is1" = DVDFab 8.1.9.0 (06/07/2012) Qt> in the current context!
Error: Unable to interpret <"Fraps" = Fraps (remove only)> in the current context!
Error: Unable to interpret <"Guard.Mail.ru" = Guard.ICQ> in the current context!
Error: Unable to interpret <"ICQToolbar" = ICQ Toolbar> in the current context!
Error: Unable to interpret <"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver> in the current context!
Error: Unable to interpret <"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011> in the current context!
Error: Unable to interpret <"McAfee Security Scan" = McAfee Security Scan Plus> in the current context!
Error: Unable to interpret <"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)> in the current context!
Error: Unable to interpret <"MozillaMaintenanceService" = Mozilla Maintenance Service> in the current context!
Error: Unable to interpret <"NSS" = Norton Security Scan> in the current context!
Error: Unable to interpret <"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010> in the current context!
Error: Unable to interpret <"TuneUp Utilities" = TuneUp Utilities> in the current context!
Error: Unable to interpret <"VLC media player" = VLC media player 2.0.2> in the current context!
Error: Unable to interpret <"WinGimp-2.0_is1" = GIMP 2.6.7> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== HKEY_CURRENT_USER Uninstall List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!
Error: Unable to interpret <"Akamai" = Akamai NetSession Interface> in the current context!
Error: Unable to interpret <"RadioSure" = RadioSure> in the current context!
Error: Unable to interpret <"Spotify" = Spotify> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Last 20 Event Log Errors ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[ Application Events ]> in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:25:37 | Computer Name = Labasu-PC | Source = Microsoft-Windows-RestartManager | ID = 10006> in the current context!
Error: Unable to interpret <Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren> in the current context!
Error: Unable to interpret < werden.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:25:48 | Computer Name = Labasu-PC | Source = Application Hang | ID = 1002> in the current context!
Error: Unable to interpret <Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter> in the current context!
Error: Unable to interpret < Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf > in the current context!
Error: Unable to interpret <in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem> in the current context!
Error: Unable to interpret < zu suchen.    Prozess-ID: 750    Startzeit: 01cd68a3d965a851    Endzeit: 6    Anwendungspfad: C:\Windows\Explorer.EXE> in the current context!
Error: Unable to interpret <Berichts-ID:> in the current context!
Error: Unable to interpret < 9a8fe5ce-d497-11e1-abf5-c89cdc2e102f  > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:33:05 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:33:14 | Computer Name = Labasu-PC | Source = CVHSVC | ID = 100> in the current context!
Error: Unable to interpret <Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):> in the current context!
Error: Unable to interpret < DownloadLatest Failed: > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:33:18 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:34:26 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:47:18 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:49:24 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 04:05:11 | Computer Name = Labasu-PC | Source = CVHSVC | ID = 100> in the current context!
Error: Unable to interpret <Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):> in the current context!
Error: Unable to interpret < DownloadLatest Failed: > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 04:18:18 | Computer Name = Labasu-PC | Source = CVHSVC | ID = 100> in the current context!
Error: Unable to interpret <Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):> in the current context!
Error: Unable to interpret < DownloadLatest Failed: > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[ System Events ]> in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:22:26 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000> in the current context!
Error: Unable to interpret <Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:> in the current context!
Error: Unable to interpret <   %%577> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:25:15 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7034> in the current context!
Error: Unable to interpret <Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet.> in the current context!
Error: Unable to interpret < Dies ist bereits 1 Mal passiert.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:42:02 | Computer Name = Labasu-PC | Source = VDS Basic Provider | ID = 33554433> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:42:02 | Computer Name = Labasu-PC | Source = VDS Basic Provider | ID = 33554433> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:54:58 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000> in the current context!
Error: Unable to interpret <Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:> in the current context!
Error: Unable to interpret <   %%577> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:54:59 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000> in the current context!
Error: Unable to interpret <Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:> in the current context!
Error: Unable to interpret <   %%577> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:57:19 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7034> in the current context!
Error: Unable to interpret <Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet.> in the current context!
Error: Unable to interpret < Dies ist bereits 1 Mal passiert.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 04:08:07 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000> in the current context!
Error: Unable to interpret <Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:> in the current context!
Error: Unable to interpret <   %%577> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 04:08:07 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000> in the current context!
Error: Unable to interpret <Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:> in the current context!
Error: Unable to interpret <   %%577> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 04:10:27 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7034> in the current context!
Error: Unable to interpret <Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet.> in the current context!
Error: Unable to interpret < Dies ist bereits 1 Mal passiert.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << End of report >
         
--- --- ---
> in the current context!

OTL by OldTimer - Version 3.2.54.0 log created on 07232012_111808
__________________

Alt 23.07.2012, 10:24   #4
t'john
/// Helfer-Team
 
Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung - Standard

Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung



Du sollst den FIX eingeben und nicht das Log!!!

Nochmal!

Anleitung beachten!
__________________
Mfg, t'john
Das TB unterstützen

Alt 23.07.2012, 10:33   #5
Labasu
 
Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung - Standard

Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung



Tut mir Leid Falscher Zwischenspeicher mit PC´s arbeiten macht einen krank Q_Q


All processes killed
========== OTL ==========
Error: No service named TuneUp.Defrag) @C:\Program Files (x86 was found to stop!
Service\Driver key TuneUp.Defrag) @C:\Program Files (x86 not found.
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe moved successfully.
Service Akamai stopped successfully!
Service Akamai deleted successfully!
c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll moved successfully.
Service vToolbarUpdater11.2.0 stopped successfully!
Service vToolbarUpdater11.2.0 deleted successfully!
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe moved successfully.
Service Guard.Mail.ru stopped successfully!
Service Guard.Mail.ru deleted successfully!
C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe moved successfully.
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe moved successfully.
Service ANIWConnService stopped successfully!
Service ANIWConnService deleted successfully!
C:\Windows\SysWOW64\ANIWConnService.exe moved successfully.
Service lirsgt stopped successfully!
Service lirsgt deleted successfully!
C:\Windows\SysWOW64\drivers\lirsgt.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24C6541F-61B5-47A2-94F5-3177456FBB24}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24C6541F-61B5-47A2-94F5-3177456FBB24}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7D606411-4F39-4789-9A4C-BB011D91FDBF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D606411-4F39-4789-9A4C-BB011D91FDBF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{85AF8E74-3A83-4C2C-963F-F3F5A584C5A8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85AF8E74-3A83-4C2C-963F-F3F5A584C5A8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D9E6169C-4E85-4E7F-8343-39A4C86F040A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9E6169C-4E85-4E7F-8343-39A4C86F040A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&type=937811&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.update
Prefs.js: "https://www.google.at/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Guard.Mail.ru.gui deleted successfully.
File C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HF_G_Jul deleted successfully.
C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
C:\Program Files (x86)\AVG Secure Search\vprot.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\Labasu\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon\ deleted successfully.
File move failed. C:\Windows\SysNative\klogon.dll scheduled to be moved on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} folder moved successfully.
C:\Windows\SysWow64\sho1748.tmp deleted successfully.
C:\Windows\SysWow64\sho1D2F.tmp deleted successfully.
C:\Windows\SysWow64\sho3727.tmp deleted successfully.
C:\Windows\SysWow64\sho4E10.tmp deleted successfully.
C:\Windows\SysWow64\sho58D4.tmp deleted successfully.
C:\Windows\SysWow64\shoBB7C.tmp deleted successfully.
C:\Windows\SysWow64\shoE2A0.tmp deleted successfully.
Folder C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}\ not found.
C:\Users\Labasu\AppData\Roaming\UAs folder moved successfully.
C:\Users\Labasu\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Labasu\AppData\Roaming\kock folder moved successfully.
C:\Users\Labasu\AppData\Roaming\OpenCandy\9525991AA34C4C4E9BDB334A76CF21F8 folder moved successfully.
C:\Users\Labasu\AppData\Roaming\OpenCandy folder moved successfully.
========== FILES ==========
File\Folder C:\Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Labasu\Desktop\cmd.bat deleted successfully.
C:\Users\Labasu\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Labasu
->Temp folder emptied: 31626960 bytes
->Temporary Internet Files folder emptied: 2244742 bytes
->Java cache emptied: 748693 bytes
->FireFox cache emptied: 55767964 bytes
->Google Chrome cache emptied: 100773969 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1222398 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 474 bytes

Total Files Cleaned = 184,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Labasu
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07232012_112905

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\klogon.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2010.10.05 21:27:52 | 000,233,656 | ---- | M] (Kaspersky Lab ZAO) C:\Windows\SysNative\klogon.dll : Unable to obtain MD5

Registry entries deleted on Reboot...


Alt 23.07.2012, 10:39   #6
t'john
/// Helfer-Team
 
Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung - Standard

Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung

Alt 23.07.2012, 11:21   #7
Labasu
 
Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung - Standard

Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung



So bis jz läuft alles!!!

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Labasu :: LABASU-PC [Administrator]

Schutz: Aktiviert

23.07.2012 11:44:30
mbam-log-2012-07-23 (12-16-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 325211
Laufzeit: 31 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Labasu\Downloads\SoftonicDownloader_fuer_1a-bildsauger.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\07232012_112905\C_Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe (Trojan.Agent.3D) -> Keine Aktion durchgeführt.

(Ende)




# AdwCleaner v1.703 - Logfile created 07/23/2012 at 12:19:44
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Labasu - LABASU-PC
# Running from : C:\Users\Labasu\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Labasu\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Labasu\AppData\Local\Conduit
Folder Found : C:\Users\Labasu\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Labasu\AppData\LocalLow\Conduit
Folder Found : C:\Users\Labasu\AppData\Roaming\Mozilla\Firefox\Profiles\hqt996ux.default\ConduitCommon
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
File Found : C:\Users\Labasu\AppData\Roaming\Mozilla\Firefox\Profiles\hqt996ux.default\searchplugins\Askcom.xml
File Found : C:\Users\Labasu\AppData\Roaming\Mozilla\Firefox\Profiles\hqt996ux.default\searchplugins\funmoods.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\SweetIM
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKCU\Software\IGearSettings
[x64] Key Found : HKCU\Software\SweetIm
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Labasu\AppData\Roaming\Mozilla\Firefox\Profiles\hqt996ux.default\prefs.js

Found : user_pref("CT2851647..clientLogIsEnabled", false);
Found : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2851647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2851647.CTID", "CT2851647");
Found : user_pref("CT2851647.CurrentServerDate", "7-6-2012");
Found : user_pref("CT2851647.DSInstall", false);
Found : user_pref("CT2851647.DialogsAlignMode", "LTR");
Found : user_pref("CT2851647.DialogsGetterLastCheckTime", "Wed Jun 06 2012 22:45:03 GMT+0200");
Found : user_pref("CT2851647.DownloadReferralCookieData", "");
Found : user_pref("CT2851647.EMailNotifierPollDate", "Thu Jun 07 2012 07:17:04 GMT+0200");
Found : user_pref("CT2851647.FeedLastCount2532783744689806690", 495);
Found : user_pref("CT2851647.FeedPollDate2429156812186649977", "Thu Jun 07 2012 07:17:05 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813040823546", "Thu Jun 07 2012 07:17:04 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813130095866", "Thu Jun 07 2012 07:17:04 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813224203613", "Thu Jun 07 2012 07:17:04 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813230837251", "Thu Jun 07 2012 07:17:05 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813454291735", "Thu Jun 07 2012 07:17:04 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813729834876", "Thu Jun 07 2012 07:17:04 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813860870021", "Thu Jun 07 2012 07:17:05 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156814264681793", "Thu Jun 07 2012 07:17:05 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156814863075366", "Thu Jun 07 2012 07:17:04 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156815257761081", "Thu Jun 07 2012 07:17:04 GMT+0200");
Found : user_pref("CT2851647.FeedTTL2429156813040823546", 15);
Found : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Found : user_pref("CT2851647.FeedTTL2429156813454291735", 5);
Found : user_pref("CT2851647.FeedTTL2429156814264681793", 5);
Found : user_pref("CT2851647.FirstServerDate", "28-5-2012");
Found : user_pref("CT2851647.FirstTime", true);
Found : user_pref("CT2851647.FirstTimeFF3", true);
Found : user_pref("CT2851647.FixPageNotFoundErrors", true);
Found : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2851647.HPInstall", false);
Found : user_pref("CT2851647.HasUserGlobalKeys", true);
Found : user_pref("CT2851647.HomePageProtectorEnabled", false);
Found : user_pref("CT2851647.HomepageBeforeUnload", "hxxp://isearch.avg.com?cid=%7B49e835a2-974d-4eb1-a949-9[...]
Found : user_pref("CT2851647.Initialize", true);
Found : user_pref("CT2851647.InitializeCommonPrefs", true);
Found : user_pref("CT2851647.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2851647.InstallationId", "fft2060.tmp.exe");
Found : user_pref("CT2851647.InstallationType", "XPE");
Found : user_pref("CT2851647.InstalledDate", "Mon May 28 2012 14:47:32 GMT+0200");
Found : user_pref("CT2851647.IsAlertDBUpdated", true);
Found : user_pref("CT2851647.IsGrouping", false);
Found : user_pref("CT2851647.IsInitSetupIni", true);
Found : user_pref("CT2851647.IsMulticommunity", false);
Found : user_pref("CT2851647.IsOpenThankYouPage", true);
Found : user_pref("CT2851647.IsOpenUninstallPage", false);
Found : user_pref("CT2851647.LanguagePackLastCheckTime", "Wed Jun 06 2012 23:11:42 GMT+0200");
Found : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2851647.LastLogin_3.12.0.8", "Mon May 28 2012 19:07:11 GMT+0200");
Found : user_pref("CT2851647.LastLogin_3.12.2.3", "Wed May 30 2012 15:56:13 GMT+0200");
Found : user_pref("CT2851647.LastLogin_3.13.0.6", "Thu Jun 07 2012 05:45:25 GMT+0200");
Found : user_pref("CT2851647.LatestVersion", "3.13.0.6");
Found : user_pref("CT2851647.Locale", "de");
Found : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Found : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Found : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2851647.OriginalFirstVersion", "3.12.0.8");
Found : user_pref("CT2851647.SearchCaption", "uTorrentBar_DE Customized Web Search");
Found : user_pref("CT2851647.SearchEngineBeforeUnload", "Google");
Found : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Found : user_pref("CT2851647.SearchInNewTabEnabled", true);
Found : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Wed Jun 06 2012 23:11:41 GMT+0200");
Found : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2851647.SearchProtectorEnabled", false);
Found : user_pref("CT2851647.SearchProtectorToolbarDisabled", true);
Found : user_pref("CT2851647.SendProtectorDataViaLogin", true);
Found : user_pref("CT2851647.ServiceMapLastCheckTime", "Wed Jun 06 2012 23:11:42 GMT+0200");
Found : user_pref("CT2851647.SettingsLastCheckTime", "Thu Jun 07 2012 05:41:09 GMT+0200");
Found : user_pref("CT2851647.SettingsLastUpdate", "1337169810");
Found : user_pref("CT2851647.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
Found : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Mon May 28 2012 14:47:31 GMT+0200");
Found : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1331806000");
Found : user_pref("CT2851647.ToolbarDisabled", true);
Found : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Found : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2851647.UserID", "UN13208600499804413");
Found : user_pref("CT2851647.ValidationData_Toolbar", 2);
Found : user_pref("CT2851647.WeatherNetwork", "");
Found : user_pref("CT2851647.WeatherPollDate", "Thu Jun 07 2012 07:17:05 GMT+0200");
Found : user_pref("CT2851647.WeatherUnit", "C");
Found : user_pref("CT2851647.alertChannelId", "1243681");
Found : user_pref("CT2851647.autoDisableScopes", -1);
Found : user_pref("CT2851647.backendstorage.cb_user_id_000", "43423831383931343739303830345F46697265666F78")[...]
Found : user_pref("CT2851647.backendstorage.cbcountry_000", "4154");
Found : user_pref("CT2851647.backendstorage.cbfirsttime", "4D6F6E204D617920323820323031322031343A34373A33382[...]
Found : user_pref("CT2851647.backendstorage.facebook_mode", "32");
Found : user_pref("CT2851647.backendstorage.facebook_user_locale", "6465");
Found : user_pref("CT2851647.backendstorage.pairingkey", "43364431414237364332453135394133334634443336303343[...]
Found : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Found : user_pref("CT2851647.backendstorage.url_history0001", "687474703A2F2F64656A6176752E666F72756D6965726[...]
Found : user_pref("CT2851647.backendstorage.uttorrents", "7B226275696C64223A32373232302C226C6162656C223A5B5D[...]
Found : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Mon May 28 2012 14:47:33 GMT+0200");
Found : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2851647.initDone", true);
Found : user_pref("CT2851647.isAppTrackingManagerOn", true);
Found : user_pref("CT2851647.myStuffEnabled", true);
Found : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2851647.navigateToUrlOnSearch", false);
Found : user_pref("CT2851647.revertSettingsEnabled", true);
Found : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Found : user_pref("CT2851647.testingCtid", "");
Found : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Wed Jun 06 2012 23:11:42 GMT+0200");
Found : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Mon May 28 2012 14:47:35 GMT+0200");
Found : user_pref("CT2851647.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"3eb[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Labasu\\AppData\\Roaming\\Mozilla\\[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v3.13/gadget.html", [...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://youtube.conduitapps.com/v115/gadget.php?appMo[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid=%7B49e[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Found : user_pref("CommunityToolbar.globalUserId", "100d7f8d-98c0-4d56-9865-f1c22c7f4b4e");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851647");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jun 04 2012 14:47:3[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jun 06 2012 23:11:42 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "46a51786-967d-45cc-ad88-cef9cd3c3be6");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://isearch.avg.com?cid=%7B49e835a2-974d-4eb1-a94[...]
Found : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.0.0.9");
Found : user_pref("extensions.funmoods.SimilarSitesStorage-pid2", "a21074ed1337878a");
Found : user_pref("extensions.funmoods.admin", false);
Found : user_pref("extensions.funmoods.aflt", "nv1");
Found : user_pref("extensions.funmoods.cntry", "AT");
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hdrMd5", "474292A34C49459BBF5E82B657FA1328");
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.id", "204c3cc000000000000000265a8322ae");
Found : user_pref("extensions.funmoods.instlDay", "15411");
Found : user_pref("extensions.funmoods.instlRef", "");
Found : user_pref("extensions.funmoods.isDcmntCmplt", true);
Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.11.1619:44:31");
Found : user_pref("extensions.funmoods.newTab", true);
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1");
Found : user_pref("extensions.funmoods.noFFXTlbr", false);
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.sg", "none");
Found : user_pref("extensions.funmoods.smplGrp", "none");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=nv1&q=");
Found : user_pref("extensions.funmoods.vrsn", "1.5.11.16");
Found : user_pref("extensions.funmoods.vrsnTs", "1.5.11.1619:44:31");
Found : user_pref("extensions.funmoods.vrsni", "1.5.11.16");
Found : user_pref("extensions.funmoods_i.aflt", "nv1");
Found : user_pref("extensions.funmoods_i.dfltLng", "");
Found : user_pref("extensions.funmoods_i.dfltSrch", true);
Found : user_pref("extensions.funmoods_i.dnsErr", true);
Found : user_pref("extensions.funmoods_i.excTlbr", false);
Found : user_pref("extensions.funmoods_i.hmpg", true);
Found : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1");
Found : user_pref("extensions.funmoods_i.id", "204c3cc000000000000000265a8322ae");
Found : user_pref("extensions.funmoods_i.instlDay", "15411");
Found : user_pref("extensions.funmoods_i.instlRef", "");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1");
Found : user_pref("extensions.funmoods_i.prdct", "funmoods");
Found : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods_i.tlbrId", "base");
Found : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=nv1&q=")[...]
Found : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1619:44:31");
Found : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Labasu\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "search_url" : "hxxp://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms}",

*************************

AdwCleaner[R1].txt - [23849 octets] - [23/07/2012 12:19:44]

########## EOF - C:\AdwCleaner[R1].txt - [23978 octets] ##########





Danke schonmal Für die Hilfe was ist noch zu tun?

Alt 23.07.2012, 17:50   #8
t'john
/// Helfer-Team
 
Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung - Standard

Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung



FUNDE LOESCHEN LASSEN!


Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 07.08.2012, 15:44   #9
t'john
/// Helfer-Team
 
Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung - Standard

Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung
akamai, antivir, avg secure search, avg security toolbar, avira, bho, cid, error, failed, fehler, firefox, flash player, home, iexplore.exe, install.exe, kaspersky, logfile, microsoft office starter 2010, mozilla, nvidia update, plug-in, realtek, registry, scan, searchscopes, secure search, security, software, tastatur, teamspeak, trojaner, usb, usb 3.0, vtoolbarupdater, windows, zahlung



Ähnliche Themen: Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung


  1. iOS: Vorwurf Nutzung illegaler Seiten mit PaySafeCard bezahlen
    Smartphone, Tablet & Handy Security - 30.06.2015 (2)
  2. Frage zu illegaler Software
    Alles rund um Windows - 11.10.2014 (30)
  3. Neuinstallation (illegaler) WinVistaHome Version mit orginal Key
    Alles rund um Windows - 04.04.2013 (13)
  4. 100 Euro wegen angeblicher illegaler Sachen bezahlen
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (14)
  5. Bezahlen bei UCash wegen illegaler Dateien!
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (3)
  6. Aufforderung einer Zahlung von 50euro aufgrund des Polizeivirus(Trojaner)
    Log-Analyse und Auswertung - 16.04.2012 (2)
  7. 50€ Trojaner Systemsperrung
    Log-Analyse und Auswertung - 19.03.2012 (3)
  8. Bericht: Illegaler Handel mit Rezeptdaten
    Nachrichten - 13.02.2012 (0)
  9. 100-Euro-wegen-illegaler-Windows-Version
    Plagegeister aller Art und deren Bekämpfung - 11.02.2012 (8)
  10. Windows XP Systemsperrung mit Zahlungsaufforderung
    Plagegeister aller Art und deren Bekämpfung - 22.12.2011 (18)
  11. Windows XP Systemsperrung mit ZahlungsaufforderungIch
    Log-Analyse und Auswertung - 21.12.2011 (3)
  12. Initiative gegen Online-Vertrieb illegaler Medikamente
    Nachrichten - 18.12.2010 (0)
  13. Seltsame Aktivitäten
    Log-Analyse und Auswertung - 24.03.2009 (1)
  14. aktivitäten bei abwesenheit
    Überwachung, Datenschutz und Spam - 02.10.2008 (1)
  15. Verdächtige PC-Aktivitäten??
    Log-Analyse und Auswertung - 10.10.2005 (2)

Zum Thema Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung - Guten Tag! Habe mir diesen heute schon öfters beschriebenen Trojaner eingefangen! Beschreibung: Wenn ich eine Verbindung mit dem Internet aufbaue bekomme ich die Meldung: " Betriebssystem gesperrt wegen Krimineller Aktivität - Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung...
Archiv
Du betrachtest: Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.