Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.09.2012, 23:18   #1
Jackson3006
 
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert



Hallo,

mein Laptop hat sich mit dem o.g. Schädling infiziert. Leider bekomme ich immer ihn nur kurz weg, sobald man wieder im Internet ist kommt er automatisch wieder. Ist aber sicher hier bekannt.

Ich habe gelesen das man mit OLT einen Scan durchführen und das Log hier posten soll:

Code:
ATTFilter
OTL Extras logfile created on: 9/12/2012 10:50:54 PM - Run 1
OTL by OldTimer - Version 3.2.61.3     Folder = D:\Antivirus\OLT
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.75 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 71.90% Memory free
5.49 Gb Paging File | 4.61 Gb Available in Paging File | 83.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.80 Gb Total Space | 235.51 Gb Free Space | 83.87% Space Free | Partition Type: NTFS
Drive D: | 3.77 Gb Total Space | 0.15 Gb Free Space | 4.09% Space Free | Partition Type: FAT
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.71% Space Free | Partition Type: FAT32
 
Computer Name: MECKI-HP | User Name: Mecki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-748211811-4270470618-2428824574-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{085A087C-8559-AC21-F988-9B885923B58B}" = CCC Help Japanese
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{17BDCAD2-39E2-A44B-CDCA-6854FA71421E}" = Catalyst Control Center Localization All
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1D7DBD8E-4E22-B307-81F4-D55080B16FC7}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37D6F9FA-A5F2-3040-AF7B-78BE92957D89}" = CCC Help Thai
"{38CA1644-39F5-44EB-F200-DFC6C5E9C5A8}" = CCC Help Chinese Standard
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D833CF3-A3AE-2863-584B-3AD3A0D70981}" = CCC Help Russian
"{52AD35F5-FDA6-6E74-27E4-5EC2BD8A8B29}" = CCC Help Korean
"{52B24A16-729C-BDB9-D921-01556B19283D}" = CCC Help Greek
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{565AEE5D-35E5-0A21-02E2-3DC8CEA652FB}" = Catalyst Control Center Graphics Light
"{57115A63-203E-8864-8951-4D5864D23956}" = CCC Help Norwegian
"{572964E9-BE64-1F57-B672-4D2B7595FAA1}" = Catalyst Control Center Graphics Full Existing
"{5AE47629-FA38-4747-4CEA-1DD2983FA8BF}" = CCC Help German
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5E984B44-B441-5361-B00B-91441EE7B5B4}" = CCC Help English
"{602C75D1-0C09-D216-D83D-F3126AC24A27}" = CCC Help French
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B20C1C7-2766-DDB8-A02E-D6F9C7341864}" = CCC Help Finnish
"{7CA39252-B140-4F7D-951E-AA7F18523CFF}" = WEKA Musterbetriebsanweisungen 6.8
"{7EFEE754-EA7D-A79B-8DDA-65CADCAF1AB4}" = Catalyst Control Center InstallProxy
"{7FFAA34E-0AA6-BF03-D37C-7AC5C380CF2F}" = CCC Help Chinese Traditional
"{805F8590-510E-74AD-FC88-ADE4224B8854}" = CCC Help Polish
"{816F5E94-B7FE-43EF-B4E6-F22D40A4AFCC}" = HP User Guides 0133
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{853403A9-70A9-2C60-9E74-67BDC650E820}" = Catalyst Control Center Core Implementation
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87CA636B-85B8-4611-A81D-F97E71024AFD}" = HP Common Access Service Library
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A75B387-6A34-7FBE-3512-89809AF89524}" = CCC Help Hungarian
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F0EDF80-31C2-FA10-DEE8-BD435A5F7D61}" = ATI Catalyst Install Manager
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4FC4A7-E9E1-1EF1-104B-ECFB738A1824}" = CCC Help Italian
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9EE30AB4-1D07-7C32-106D-7AE7CEEFD1EC}" = CCC Help Spanish
"{A45AF5E2-3648-EA45-2A62-C3EA975D57D9}" = Catalyst Control Center Graphics Full New
"{A657B744-4F40-6973-D177-5FD028712702}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BA728FCC-0B8C-6F7F-B29C-583829D1E8BB}" = CCC Help Dutch
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CAE0E306-1B73-4FAD-B0BB-18B449DB2332}" = Borland Database Engine Installer
"{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}" = HP Setup
"{D796ABCD-73D4-F18D-CF80-9BA1BE403933}" = CCC Help Swedish
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E48D0275-B2E0-C879-4B86-506757A16DC7}" = CCC Help Turkish
"{E9B0164A-27EA-4C31-5526-867C6882B60D}" = CCC Help Czech
"{EA891D60-C20D-03C4-88CB-E4597A1753AA}" = CCC Help Portuguese
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = CPQ Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3818CCA-B7E4-2B53-F86E-2D4F195F66F3}" = CCC Help Danish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFBDA363-A033-4F32-8DE0-AEF0F105410E}" = HP ESU for Microsoft Windows 7
"{FFDD2A4F-D0E8-420A-9C18-9A92FC415F20}" = WEKA Betreuungszeitenrechner 1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"PDF Complete" = PDF Complete Special Edition
"PDF-XChange 3_is1" = PDF-XChange 3.0
"PriceGong" = PriceGong 2.6.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WEKA Betreuungszeitenrechner 1.1" = WEKA Betreuungszeitenrechner 1.1
"WEKA DGUV VORSCHRIFT 2" = WEKA DGUV Vorschrift 2
"WEKA Musterbetriebsanweisungen 6.8" = WEKA Musterbetriebsanweisungen 6.8
"WEKA UNTERWEISUNGSDATENBANK F_R DIE SICHERHEITSFAC JUNI 2011" = WEKA Unterweisungsdatenbank für die Sicherheitsfac Juni 2011
"WEKA-Muster-Betriebsanweisungen" = WEKA-Muster-Betriebsanweisungen
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-748211811-4270470618-2428824574-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/30/2011 7:41:11 AM | Computer Name = Mecki-HP | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7600.16667 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: ee8    Startzeit: 01ccaf54e0cb14ec    Endzeit: 30    Anwendungspfad: 
C:\Program Files\Windows Media Player\wmplayer.exe    Berichts-ID: 2cb2d761-1b48-11e1-8380-0027134a5707

 
Error - 12/21/2011 11:02:16 AM | Computer Name = Mecki-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
 Zeitstempel: 0x4eb4a5ea  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7ab44  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002fa7b  ID des fehlerhaften
 Prozesses: 0xcec  Startzeit der fehlerhaften Anwendung: 0x01ccbfee9738b69b  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: c4e1396e-2be4-11e1-affa-0027134a5707
 
Error - 12/22/2011 9:05:49 AM | Computer Name = Mecki-HP | Source = Application Hang | ID = 1002
Description = Programm SndVol.exe, Version 6.1.7600.16385 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: c3c    Startzeit: 01ccc0a9e5878c3c    Endzeit: 43    Anwendungspfad: C:\windows\system32\SndVol.exe

Berichts-ID:
 a8ae9289-2c9d-11e1-9794-0027134a5707  
 
Error - 12/22/2011 9:06:58 AM | Computer Name = Mecki-HP | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16912 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 11c4    Startzeit: 01ccc0a4f96aa21a    Endzeit: 102    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: d0ee3d24-2c9d-11e1-9794-0027134a5707

 
Error - 12/25/2011 3:18:28 AM | Computer Name = Mecki-HP | Source = Avira AntiVir | ID = 4118
Description = 
 
Error - 12/30/2011 12:49:18 AM | Computer Name = Mecki-HP | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16912 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 17b0    Startzeit: 01ccc6adc746c313    Endzeit: 30    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 9d41b0c0-32a1-11e1-b47d-0027134a5707

 
Error - 1/4/2012 7:25:25 AM | Computer Name = Mecki-HP | Source = ESENT | ID = 215
Description = WinMail (3900) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
[ Hewlett-Packard Events ]
Error - 9/4/2012 9:26:10 AM | Computer Name = Mecki-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 2812  Ram Utilization:   TargetSite: Void UpdateAndDetect()  
 
Error - 9/4/2012 9:26:28 AM | Computer Name = Mecki-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 2812  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 9/4/2012 9:27:32 AM | Computer Name = Mecki-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 2812  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 9/10/2012 3:05:45 AM | Computer Name = Mecki-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 2812  Ram Utilization:   TargetSite: Void UpdateAndDetect()  
 
Error - 9/11/2012 8:03:17 AM | Computer Name = Mecki-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 2812  Ram Utilization:   TargetSite: Void UpdateAndDetect()  
 
Error - 9/12/2012 2:35:51 PM | Computer Name = Mecki-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files\Hewlett-Packard\HP Support
 Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 2812  Ram Utilization:
 20  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean,
 Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 9/12/2012 2:35:52 PM | Computer Name = Mecki-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()  Source: mscorlib    Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files\Hewlett-Packard\HP Support
 Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 2812  Ram Utilization:
 20  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean,
 Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 9/12/2012 3:48:03 PM | Computer Name = Mecki-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files\Hewlett-Packard\HP Support
 Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 2812  Ram Utilization:
 20  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean,
 Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 9/12/2012 3:48:03 PM | Computer Name = Mecki-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()  Source: mscorlib    Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files\Hewlett-Packard\HP Support
 Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 2812  Ram Utilization:
 20  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean,
 Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 9/12/2012 4:29:06 PM | Computer Name = Mecki-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files\Hewlett-Packard\HP Support
 Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 2812  Ram Utilization:
 20  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean,
 Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
[ System Events ]
Error - 9/12/2012 4:41:44 PM | Computer Name = Mecki-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 9/12/2012 4:41:44 PM | Computer Name = Mecki-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 9/12/2012 4:43:02 PM | Computer Name = Mecki-HP | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 9/12/2012 4:43:02 PM | Computer Name = Mecki-HP | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 9/12/2012 4:43:07 PM | Computer Name = Mecki-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 9/12/2012 4:43:28 PM | Computer Name = Mecki-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "McAfee Application Installer Cleanup (0034091343481525)" wurde
 unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error - 9/12/2012 4:43:28 PM | Computer Name = Mecki-HP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   aystq  kngi
 
Error - 9/12/2012 4:43:34 PM | Computer Name = Mecki-HP | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 10  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 9/12/2012 4:43:35 PM | Computer Name = Mecki-HP | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 9/12/2012 4:43:35 PM | Computer Name = Mecki-HP | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 9/12/2012 10:50:54 PM - Run 1
OTL by OldTimer - Version 3.2.61.3     Folder = D:\Antivirus\OLT
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.75 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 71.90% Memory free
5.49 Gb Paging File | 4.61 Gb Available in Paging File | 83.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.80 Gb Total Space | 235.51 Gb Free Space | 83.87% Space Free | Partition Type: NTFS
Drive D: | 3.77 Gb Total Space | 0.15 Gb Free Space | 4.09% Space Free | Partition Type: FAT
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.71% Space Free | Partition Type: FAT32
 
Computer Name: MECKI-HP | User Name: Mecki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Antivirus\OLT\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Mecki\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\STacSV.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\aestsrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - \\?\C:\windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\PdfTracker\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Mecki\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ()
MOD - C:\Program Files\PdfTracker\pdfSaver\fm30xmf.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\STacSV.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\aestsrv.exe (Andrea Electronics Corporation)
SRV - (0034091343481525mcinstcleanup) -- C:\Users\Mecki\AppData\Local\Temp\003409~1.EXE (McAfee, Inc.)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (kngi) -- System32\drivers\fmnvuov.sys File not found
DRV - (aystq) -- System32\drivers\cfofumkr.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeAVFK) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MfeBOPK) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MfeRKDK) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{77409DB1-BC1B-4652-8DC9-83C158577578}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\..\SearchScopes,DefaultScope = {77409DB1-BC1B-4652-8DC9-83C158577578}
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE453
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\..\SearchScopes\{77409DB1-BC1B-4652-8DC9-83C158577578}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\..\SearchScopes\{EAC86613-3366-472A-9BC7-8F7A1C5E7E76}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=50e6e1f5-1d28-409c-af45-8916e5c26e24&apn_sauid=83F16D09-E391-44C6-A96C-424ACAE4D9B5
IE - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:1.7.5
FF - prefs.js..extensions.enabledAddons: {9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}:1.0
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.6
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.4.100013
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=50e6e1f5-1d28-409c-af45-8916e5c26e24&apn_ptnrs=^ABT&apn_sauid=83F16D09-E391-44C6-A96C-424ACAE4D9B5&apn_dtid=^YYYYYY^YY^DE&&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 17:01:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Mecki\AppData\Roaming\01001.067 [2012/07/09 17:04:48 | 000,000,000 | ---D | M]
 
[2011/05/10 17:01:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\Extensions
[2012/07/30 16:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\Firefox\Profiles\vr29bvcg.default\extensions
[2012/07/17 12:56:20 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Mecki\AppData\Roaming\mozilla\Firefox\Profiles\vr29bvcg.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012/07/28 15:23:38 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Mecki\AppData\Roaming\mozilla\Firefox\Profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com
[2012/07/17 12:56:09 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Mecki\AppData\Roaming\mozilla\Firefox\Profiles\vr29bvcg.default\extensions\plugin@yontoo.com
[2012/08/04 11:44:06 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Mecki\AppData\Roaming\mozilla\Firefox\Profiles\vr29bvcg.default\extensions\toolbar@ask.com
[2012/04/20 21:42:53 | 000,565,918 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\toolbar@gmx.net.xpi
[2012/07/28 16:03:10 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2012/08/14 09:55:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire
[2012/08/14 09:55:15 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire
[2012/08/04 11:44:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec523796d5a77d77e_expire
[2012/08/04 11:44:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire
[2012/08/14 09:55:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire
[2012/08/14 09:55:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012/08/14 09:55:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire
[2012/08/14 09:55:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire
[2012/08/14 09:55:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9803c283e94e743374151c4bbe60a5df_expire
[2012/08/14 09:55:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire
[2012/08/14 09:55:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire
[2012/08/04 11:44:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d2458fd784f4eb7cff549c598cd14651_expire
[2012/08/14 09:55:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire
[2012/08/14 09:55:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012/08/14 09:55:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012/08/14 09:55:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012/08/14 09:55:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012/08/14 09:55:11 | 000,002,413 | ---- | M] () -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\searchplugins\askcom.xml
[2012/07/17 12:48:26 | 000,002,792 | ---- | M] () -- C:\Users\Mecki\AppData\Roaming\mozilla\firefox\profiles\vr29bvcg.default\searchplugins\Plusnetwork.xml
[2012/04/04 14:43:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/04/04 14:43:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/05/10 17:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions
[2011/05/10 17:01:13 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files\mozilla firefox\distribution\extensions\toolbar@gmx.net
[2012/07/09 17:04:48 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\MECKI\APPDATA\ROAMING\01001.067
[2011/03/18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/18 11:02:13 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=50e6e1f5-1d28-409c-af45-8916e5c26e24&apn_ptnrs=%5EABT&apn_sauid=83F16D09-E391-44C6-A96C-424ACAE4D9B5&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR - homepage: hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Mecki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Avira Toolbar = C:\Users\Mecki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.24169_0\
CHR - Extension: PriceGong = C:\Users\Mecki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.6_0\
CHR - Extension: Yontoo = C:\Users\Mecki\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.6\PriceGongIE.dll (PriceGong)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-748211811-4270470618-2428824574-1002\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [pdfSaver3]  File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-748211811-4270470618-2428824574-1002..\Run: [pdfSaver3] C:\Program Files\PdfTracker\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
O4 - HKU\S-1-5-21-748211811-4270470618-2428824574-1002..\Run: [SearchIndexer] C:\Users\Mecki\AppData\Local\Microsoft\Windows\3889\SearchIndexer.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Mecki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Mecki\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE572A88-ABB5-4727-A9C6-C5414E065A94}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F539003D-377E-40A4-892D-931AA44CCB7D}: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/12 22:43:17 | 000,000,000 | ---D | C] -- C:\Users\Mecki\AppData\Roaming\hellomoto
[2012/09/12 13:27:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\RNDISMP.sys
[2012/09/12 13:27:20 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2012/09/12 13:27:20 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 13:27:19 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2012/09/10 18:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/16 13:32:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/08/16 13:32:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/08/16 13:32:38 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/08/16 13:32:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/08/16 13:32:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/08/16 13:32:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/08/16 13:32:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/08/16 12:40:55 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll
[2012/08/16 12:40:50 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/08/16 12:40:48 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll
[1 C:\Users\Mecki\AppData\Roaming\*.tmp files -> C:\Users\Mecki\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\windows\System32\
[2012/09/12 22:53:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/12 22:50:33 | 000,019,536 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/12 22:50:33 | 000,019,536 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/12 22:50:21 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/09/12 22:50:21 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/12 22:50:21 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/09/12 22:50:21 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/12 22:43:07 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/12 22:43:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/12 22:42:53 | 2212,126,720 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/12 22:21:11 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/12 20:43:00 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/10 18:09:14 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/05 08:21:04 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/28 12:40:02 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/08/28 12:40:02 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/08/22 19:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2012/08/22 19:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2012/08/16 17:16:24 | 000,456,200 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[1 C:\Users\Mecki\AppData\Roaming\*.tmp files -> C:\Users\Mecki\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\windows\System32\
[2012/07/27 13:50:58 | 004,503,728 | ---- | C] () -- C:\ProgramData\zak_lo0i7g.pad
[2012/07/06 13:37:57 | 000,000,051 | ---- | C] () -- C:\Users\Mecki\AppData\Roaming\blckdom.res
[2012/03/03 11:42:43 | 000,000,345 | ---- | C] () -- C:\windows\SHISETUP.SYS
[2012/01/11 12:21:47 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{8d0df1b8-f6ef-c167-261f-af182487fdbf}\@
[2012/01/11 12:21:47 | 000,002,048 | -HS- | C] () -- C:\Users\Mecki\AppData\Local\{8d0df1b8-f6ef-c167-261f-af182487fdbf}\@
[2011/04/12 16:37:49 | 000,001,849 | ---- | C] () -- C:\Users\Mecki\AppData\Roaming\GhostObjGAFix.xml
[2011/03/14 18:37:27 | 000,000,028 | ---- | C] () -- C:\Users\Mecki\MUSTERBA.INI
[2011/01/19 14:56:03 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/01/19 14:56:03 | 000,000,034 | ---- | C] () -- C:\windows\System32\BD2030.DAT
[2010/12/18 16:55:34 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010/12/18 16:55:31 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010/12/18 16:55:31 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010/12/18 16:55:31 | 000,027,184 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2010/12/18 16:55:31 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/12/18 16:55:30 | 000,203,312 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[2010/12/18 16:53:14 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
 
========== LOP Check ==========
 
[2012/07/06 13:38:08 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\01001.064
[2012/07/07 17:01:25 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\01001.065
[2012/07/08 13:53:36 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\01001.066
[2012/07/09 17:04:48 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\01001.067
[2012/09/12 22:53:20 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\BrowserCompanion
[2012/09/12 22:43:17 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\hellomoto
[2012/07/06 13:37:20 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\kock
[2012/07/09 06:58:50 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\UAs
[2012/07/09 06:59:05 | 000,000,000 | ---D | M] -- C:\Users\Mecki\AppData\Roaming\xmldm
[2012/09/12 15:00:23 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011/01/19 18:29:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009/07/27 10:31:13 | 000,000,000 | -HSD | M] -- C:\boot
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/01/06 00:53:07 | 000,000,000 | ---D | M] -- C:\EFI
[2010/01/06 02:03:34 | 000,000,000 | -H-D | M] -- C:\hp
[2012/04/08 11:35:33 | 000,000,000 | ---D | M] -- C:\HP_RECOVERY_mountHPSF
[2010/12/31 14:52:12 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/09/10 09:16:42 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/07/28 16:05:37 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012/06/19 17:20:56 | 000,000,000 | ---D | M] -- C:\swsetup
[2012/09/12 22:53:03 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/12/18 17:00:39 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2010/12/18 16:48:18 | 000,000,000 | R--D | M] -- C:\Users
[2012/09/12 22:41:09 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/10/06 08:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009/10/06 07:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012/02/07 18:35:31 | 000,000,028 | ---- | M] () -- C:\Users\Mecki\MUSTERBA.INI
[2012/09/12 23:07:45 | 002,621,440 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat
[2012/09/12 23:07:45 | 000,262,144 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat.LOG1
[2010/12/18 16:48:19 | 000,000,000 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat.LOG2
[2012/07/03 13:09:15 | 000,065,536 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat{0f8fba69-c4f3-11e1-b583-0027134a5707}.TM.blf
[2012/07/03 13:09:15 | 000,524,288 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat{0f8fba69-c4f3-11e1-b583-0027134a5707}.TMContainer00000000000000000001.regtrans-ms
[2012/07/03 13:09:15 | 000,524,288 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat{0f8fba69-c4f3-11e1-b583-0027134a5707}.TMContainer00000000000000000002.regtrans-ms
[2012/04/02 20:56:24 | 000,065,536 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat{30bfeede-7ce7-11e1-869e-c417fe3a7562}.TM.blf
[2012/04/02 20:56:24 | 000,524,288 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat{30bfeede-7ce7-11e1-869e-c417fe3a7562}.TMContainer00000000000000000001.regtrans-ms
[2012/04/02 20:56:24 | 000,524,288 | -HS- | M] () -- C:\Users\Mecki\ntuser.dat{30bfeede-7ce7-11e1-869e-c417fe3a7562}.TMContainer00000000000000000002.regtrans-ms
[2010/12/19 15:16:38 | 000,065,536 | -HS- | M] () -- C:\Users\Mecki\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/12/19 15:16:38 | 000,524,288 | -HS- | M] () -- C:\Users\Mecki\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/12/19 15:16:38 | 000,524,288 | -HS- | M] () -- C:\Users\Mecki\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/07/27 09:37:06 | 000,000,020 | -HS- | M] () -- C:\Users\Mecki\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         
Ich hoffe ihr könnt mir helfen...

Gruß
Jackson

*** push ***

Alt 14.09.2012, 22:42   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert



Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________

Antwort

Themen zu Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
antivirus, autorun, avira, avira searchfree toolbar, bho, blockiert, computer, desktop, error, excel, firefox, flash player, gmx.net, google, home, iexplore.exe, infiziert., install.exe, internet, launch, logfile, mozilla, ntdll.dll, office 2007, programm, registry, required, rundll, scan, schädling, security, software, sttray.exe, taskhost.exe, windows, yontoo



Ähnliche Themen: Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert


  1. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (28)
  2. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (4)
  3. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (3)
  4. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (21)
  5. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (4)
  6. ' Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert'
    Plagegeister aller Art und deren Bekämpfung - 25.08.2012 (6)
  7. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert#300:P
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (6)
  8. der computer ist für die verletzung der gesetze der bundesrepublik deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (47)
  9. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Log-Analyse und Auswertung - 14.08.2012 (5)
  10. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Log-Analyse und Auswertung - 08.08.2012 (16)
  11. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Log-Analyse und Auswertung - 08.08.2012 (3)
  12. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (2)
  13. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert 3
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (6)
  14. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert.
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (4)
  15. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Log-Analyse und Auswertung - 06.08.2012 (1)
  16. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (13)
  17. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (3)

Zum Thema Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Hallo, mein Laptop hat sich mit dem o.g. Schädling infiziert. Leider bekomme ich immer ihn nur kurz weg, sobald man wieder im Internet ist kommt er automatisch wieder. Ist aber - Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert...
Archiv
Du betrachtest: Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.