|
Plagegeister aller Art und deren Bekämpfung: Windows gesperrt ..aufforderung 50 € bezahlenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.02.2012, 12:00 | #1 |
| Windows gesperrt ..aufforderung 50 € bezahlen Hallo , Als ich heut mein gestartet habe Laptop kam ein Fenster mit Deutschland Fahne oben und einer aufforderung 50 € zubezahlen um Windows zu entsperren . Ich bitte um schnelle und eine "Dummi-Sichere" Hilfe da ich in sowas relativ ungeschult bin . Danke im voraus . MfG |
08.02.2012, 12:02 | #2 |
/// Malware-holic | Windows gesperrt ..aufforderung 50 € bezahlen hi,
__________________neustarten, f8 drücken, abgesicherter modus mit netzwerk wählen. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
08.02.2012, 12:39 | #3 |
| Windows gesperrt ..aufforderung 50 € bezahlen OTL Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 08.02.2012 12:03:32 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Standard\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 86,21% Memory free 5,99 Gb Paging File | 5,62 Gb Available in Paging File | 93,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 178,97 Gb Free Space | 38,43% Space Free | Partition Type: NTFS Drive D: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PBEASYNOTETJ65 | User Name: Standard | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1BC7D0BA-B16E-43E5-BBC9-5F2AD3E2F70D}_is1" = MoonMt2 (2011) PvP Funserver Version 1.5.2 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{454784CB-457E-4f43-8C7F-32A751BD1FA3}" = Dealio Toolbar v4.9 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}" = ICQ Sparberater "{5C2B3F57-A149-4BFC-92DB-5AF59A707750}" = MorphVOX Pro "{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™ "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B28C48B-0769-40B1-9731-6914DE54D8AE}" = Crysis 2 "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction "{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists "{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8426BA89-CB8C-4D6C-AF14-3BFDE6C8F425}" = XSplit "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Deutsch "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1" = Artweaver 1.0 "{A1194237-547A-461d-BD44-B97B1574A7DA}" = SweetIM Toolbar for Internet Explorer 4.1 "{A1DB7CFC-1B10-4C49-8ECB-0D8A3A45D3CA}" = LogMeIn Hamachi "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B41EFE93-0329-4547-8C6C-B13A9A76F917}" = ÓÀÔ¶µÄ»ÙÃ𹫾ô "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™ "{BAF9C020-BE4C-4136-8095-697158179464}_is1" = Sirius MT2 Version 9.2 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5872D3F-EEAD-4D77-9C8C-2CBD61152E53}_is1" = FinalMT2 Client 1.0 "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}" = MorphVOX Junior "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FD66AF34-C18A-4cea-8421-2F3B39E9B07E}" = YouTube Downloader Toolbar v4.9 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AirRivals_is1" = AirRivals "Alive Video Converter_is1" = Alive Video Converter (version 3.2.0.8) "Any Video Converter_is1" = Any Video Converter 3.2.0 "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode) "Audacity_is1" = Audacity 1.2.6 "Audiosurf_is1" = Audiosurf Beta "CABAL Online Europe DE_is1" = CABAL Online Europe DE "Cheat Engine 5.3_is1" = Cheat Engine 5.3 "DAEMON Tools Lite" = DAEMON Tools Lite "EW : Cossacks" = Cossacks - European Wars "ffdshow" = ffdshow "FinalMediaPlayer_is1" = Final Media Player 2011 "Fraps" = Fraps (remove only) "Free Video Converter_is1" = Free Video Converter V 2.92 "Free YouTube Download_is1" = Free YouTube Download version 3.0.815 "Freemake Video Converter_is1" = Freemake Video Converter Version 2.1.1 "Google Chrome" = Google Chrome "Graffiti Studio 2.0_is1" = Graffiti Studio 2.0 "HyperCam 2" = HyperCam 2 "Hyperionics DB Toolbar" = Hyperionics DB Toolbar "ICQToolbar" = ICQ Toolbar "InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "LogMeIn Hamachi" = LogMeIn Hamachi "McAfee Security Scan" = McAfee Security Scan Plus "Metin2_is1" = Metin2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de) "NSS" = Norton Security Scan "NVIDIA Drivers" = NVIDIA Drivers "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "OpenAL" = OpenAL "Opera 11.52.1100" = Opera 11.52 "Origin" = Origin "PriceGong" = PriceGong 2.1.0 "PunkBusterSvc" = PunkBuster Services "StarCraft II" = StarCraft II "SynTPDeinstKey" = Synaptics Pointing Device Driver "Trusted Software Assistant_is1" = File Type Assistant "Valkyrie Mt2" = Valkyrie Mt2 1.0 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR "Xfire" = Xfire (remove only) "XfireXO Toolbar" = XfireXO Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free (Standard) "Game Organizer" = EasyBits GO "TeamSpeak 3 Client" = TeamSpeak 3 Client "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 20.08.2011 05:07:33 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0062-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 404: Die angeforderte URL ist auf diesem Server nicht vorhanden. Error - 20.08.2011 07:55:32 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100 Description = Nur zur Information. Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml Error - 20.08.2011 07:55:32 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100 Description = Nur zur Information. Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml Type: 45::InvalidMetadataFile. Error - 20.08.2011 15:00:26 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100 Description = Nur zur Information. Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml Error - 20.08.2011 15:00:26 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100 Description = Nur zur Information. Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml Type: 45::InvalidMetadataFile. Error - 21.08.2011 07:08:14 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100 Description = Nur zur Information. Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml Error - 21.08.2011 07:08:14 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100 Description = Nur zur Information. Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml Type: 45::InvalidMetadataFile. Error - 21.08.2011 09:42:47 | Computer Name = PBEasynoteTJ65 | Source = VSS | ID = 8194 Description = Error - 21.08.2011 14:14:40 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100 Description = Nur zur Information. Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml Error - 21.08.2011 14:14:40 | Computer Name = PBEasynoteTJ65 | Source = CVHSVC | ID = 100 Description = Nur zur Information. Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml Type: 45::InvalidMetadataFile. [ System Events ] Error - 08.02.2012 06:49:19 | Computer Name = PBEasynoteTJ65 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.02.2012 06:49:19 | Computer Name = PBEasynoteTJ65 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.02.2012 06:49:19 | Computer Name = PBEasynoteTJ65 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.02.2012 06:49:21 | Computer Name = PBEasynoteTJ65 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.02.2012 06:49:21 | Computer Name = PBEasynoteTJ65 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.02.2012 06:49:21 | Computer Name = PBEasynoteTJ65 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.02.2012 06:49:23 | Computer Name = PBEasynoteTJ65 | Source = DCOM | ID = 10005 Description = Error - 08.02.2012 06:49:24 | Computer Name = PBEasynoteTJ65 | Source = DCOM | ID = 10005 Description = Error - 08.02.2012 06:49:25 | Computer Name = PBEasynoteTJ65 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.02.2012 06:49:46 | Computer Name = PBEasynoteTJ65 | Source = DCOM | ID = 10005 Description = < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.02.2012 12:03:32 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Standard\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 86,21% Memory free 5,99 Gb Paging File | 5,62 Gb Available in Paging File | 93,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 178,97 Gb Free Space | 38,43% Space Free | Partition Type: NTFS Drive D: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PBEASYNOTETJ65 | User Name: Standard | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.08 11:33:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe PRC - [2012.02.02 13:22:40 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2012.02.02 13:22:40 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.12.13 17:35:24 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2011.10.28 14:36:53 | 001,506,824 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2011.10.28 14:36:11 | 000,457,536 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2011.10.28 02:40:14 | 001,554,184 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2011.08.10 13:20:28 | 001,613,424 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc) SRV - [2011.05.15 20:25:00 | 004,264,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2011.03.04 19:56:12 | 000,381,448 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.09.14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.09.14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.09.02 21:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.11.09 08:35:17 | 000,041,336 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre) DRV - [2011.11.09 08:34:27 | 000,079,992 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2011.11.09 08:34:27 | 000,040,440 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\GDBehave.sys -- (GDBehave) DRV - [2011.11.09 08:34:14 | 000,054,648 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd) DRV - [2011.09.07 17:28:42 | 000,030,256 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\GRD.sys -- (GRD) DRV - [2011.09.07 12:26:17 | 000,049,016 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt) DRV - [2011.09.07 10:54:03 | 000,029,400 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GdNetMon32.sys -- (GdNetMon) DRV - [2011.08.17 15:56:03 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.08.17 15:56:02 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011.07.17 19:17:50 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010.12.02 09:36:42 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.09.14 04:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2010.09.14 04:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2010.09.14 04:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2010.09.14 04:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2009.12.01 15:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2009.06.22 14:50:00 | 009,753,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.05.01 06:43:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2005.01.04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{C81F2EA2-1039-428C-886A-5B6882B2FE03} IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfi0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 E8 C4 3F 18 BE CB 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.9\dealioToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfi0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Programme\Hyperionics DB Toolbar\tbhelper.dll () IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.bigseekpro.com/hypercam/{C81F2EA2-1039-428C-886A-5B6882B2FE03}" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0 FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Yahoo" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Standard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011.03.27 16:14:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.23 05:51:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.23 05:51:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2011.03.09 16:11:05 | 000,000,000 | ---D | M] [2011.01.27 18:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\Mozilla\Extensions [2012.02.04 08:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions [2012.02.04 08:49:01 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2011.09.18 16:35:01 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2012.01.26 15:27:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.09.18 19:03:58 | 000,000,000 | ---D | M] (Hyperionics DB Toolbar) -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} [2012.01.05 06:42:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.08.28 14:04:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.08.22 15:42:15 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2011.10.21 19:39:37 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\battlefieldplay4free@ea.com [2011.09.23 06:08:11 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\toolbar@ask.com [2011.03.29 12:36:23 | 000,000,570 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\bing.xml [2011.09.14 23:34:22 | 000,000,917 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\conduit.xml [2012.01.25 16:40:58 | 000,000,950 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\icqplugin-1.xml [2011.08.22 15:42:26 | 000,000,950 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\icqplugin-2.xml [2011.11.09 11:39:45 | 000,000,950 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\icqplugin-3.xml [2011.11.30 07:18:18 | 000,000,950 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\icqplugin-4.xml [2011.12.21 08:13:43 | 000,000,950 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\icqplugin-5.xml [2012.01.05 15:07:39 | 000,000,950 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\icqplugin-6.xml [2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\icqplugin.xml [2011.09.18 19:32:11 | 000,002,374 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\search.xml [2011.08.22 15:41:37 | 000,003,915 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\SweetIM Search.xml [2011.08.22 15:42:08 | 000,003,915 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\searchplugins\sweetim.xml [2011.12.24 20:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.19 09:18:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.09.07 10:54:08 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2011.09.07 10:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2011.02.04 19:16:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.12.25 09:25:44 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM [2011.12.22 12:18:32 | 000,000,000 | ---D | M] (Dealio Toolbar) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF [2011.03.27 16:14:59 | 000,000,000 | ---D | M] (FreemakeConverter) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX [2011.10.19 09:18:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.09.07 10:54:08 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{906305F7-AAFC-45E9-8BBD-941950A84DAD} [2011.02.04 19:16:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.03.09 16:11:05 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF [2011.12.25 09:25:45 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF [2011.05.23 05:51:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.04 19:16:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.05.23 05:51:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.23 05:51:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.05.23 05:51:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.23 05:51:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.23 05:51:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.23 05:51:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Yahoo! (Enabled) CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Standard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google-Suche = C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Skype Click to Call = C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: ICQ Sparberater = C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.671_0\ CHR - Extension: Google Mail = C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.9\dealioToolbarIE.dll (Spigot, Inc.) O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.1.0\PriceGongIE.dll (PriceGong) O2 - BHO: (ICQ Sparberater) - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfi0.dll (Conduit Ltd.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\Hyperionics DB Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.9\dealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Hyperionics DB Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfi0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\4vorfjtv.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.91.dll File not found O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Hyperionics DB Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Programme\XfireXO\prxtbXfi0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Search-Results) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ffdwnd] C:\Users\Standard\AppData\Local\Mozilla\Firefox\firefox.exe () O4 - HKCU..\Run: [NCsoft Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - Startup: C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Users\Standard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4163D7FB-B051-473F-A6E4-B57963244180}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0C31ED9-BE41-494C-8A12-AA6C11228167}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\program files\g data\internetsecurity\avkkid\avkcks.exe) -c:\Programme\G Data\InternetSecurity\AVKKid\AvkCKS.exe () O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.11.06 23:20:46 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ] O32 - AutoRun File - [2006.11.06 22:59:47 | 000,569,344 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2006.11.06 23:18:16 | 000,000,180 | R--- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2006.10.29 03:39:19 | 000,880,640 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ] O33 - MountPoints2\{3f547d56-b051-11e0-bbd7-001f16c11090}\Shell - "" = AutoRun O33 - MountPoints2\{3f547d56-b051-11e0-bbd7-001f16c11090}\Shell\AutoRun\command - "" = E:\INSTALL.EXE O33 - MountPoints2\{d6bd4437-2a02-11e0-914a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d6bd4437-2a02-11e0-914a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2006.11.06 22:59:47 | 000,569,344 | R--- | M] (Electronic Arts Inc.) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.02.08 11:33:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe [2012.02.08 11:19:10 | 000,000,000 | ---D | C] -- C:\_OTL [2012.02.08 10:47:01 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.02.08 10:18:44 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{29265440-AAFC-4A03-ACDB-9E804DB472F4} [2012.02.08 10:18:18 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{561C7267-F833-4846-8FD2-2575887A6658} [2012.02.07 09:45:11 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{862DD7C1-5676-4E58-BFE7-7185CF6B3044} [2012.02.07 09:44:57 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{F3679029-1133-4AAD-B868-0FA7F407F20D} [2012.02.07 09:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.02.07 09:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2012.02.06 11:13:09 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{A1369566-A7D2-4084-879E-12D653CEDA77} [2012.02.05 14:17:17 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\Injashi2 [2012.02.05 11:11:14 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\Testserver [2012.02.05 10:03:37 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{6E076C07-C1E1-4973-8B7B-BCF85517848F} [2012.02.05 10:03:17 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{92413046-E77C-4A37-B691-E8026ED40865} [2012.02.04 17:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee [2012.02.04 16:35:17 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Screaming Bee [2012.02.04 16:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee [2012.02.04 16:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\Screaming Bee [2012.02.04 08:49:05 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{AEAABBC7-5EB2-4A05-996E-2505B3AC2078} [2012.02.03 13:50:21 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\Client [2012.02.03 09:17:40 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{DD4CF3B8-80A1-4E56-AC34-A4F08583F3E6} [2012.02.03 08:46:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2012.02.03 08:44:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2012.02.03 08:40:46 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{6C8B34C8-1566-4223-BA29-6B0ACC622652} [2012.02.02 17:32:45 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2012.02.02 17:13:04 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{70896114-84FF-4586-9CF5-D065A7C3B053} [2012.02.02 14:16:07 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{88D14BD3-F17D-45D1-875C-3078A064C088} [2012.02.01 17:23:42 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{23037B75-B2B1-405B-9352-43F9F10A29EA} [2012.01.31 16:01:32 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{7C4D0917-68F5-4B34-B286-2B9D0D84CBC0} [2012.01.30 17:52:00 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cossacks - European Wars [2012.01.30 17:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cossacks - European Wars [2012.01.30 17:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Cossacks [2012.01.30 16:32:12 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Petroglyph [2012.01.30 16:31:14 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012.01.30 16:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts [2012.01.30 16:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts [2012.01.30 14:17:07 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{CC09A5F6-1F24-49DC-87E9-B2DC5E93A32E} [2012.01.29 17:00:42 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{64FADF5D-BD2A-4987-87DF-7B360E2BAC3D} [2012.01.28 15:04:17 | 004,264,632 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des [2012.01.28 15:03:49 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys [2012.01.28 15:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared [2012.01.28 15:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CABAL Online (Europe) [2012.01.28 14:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Games-Masters.com [2012.01.27 20:59:23 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Skyrim [2012.01.27 20:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\The Elder Scrolls V Skyrim [2012.01.27 17:28:21 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{8622F5F8-EC7F-440D-8957-4806EA3EB37C} [2012.01.27 14:15:41 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{20A345ED-BAC6-492F-A95D-1701DFB7F595} [2012.01.27 14:15:27 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{CA80BE59-F14E-419A-9D4E-C526C5CFBA67} [2012.01.27 07:08:42 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{A45DC1D9-C958-46AF-AF32-BB1313963054} [2012.01.26 15:21:59 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{A6FEB3F4-3D05-4B3E-98D0-41E3B1ACD3E5} [2012.01.26 15:21:43 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{DB606BDB-8C39-4443-AF06-7B948B3E1167} [2012.01.25 07:11:34 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{B32536E1-8EBB-4D0B-A2A0-F0365A31EA14} [2012.01.25 07:11:20 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{0F9D1A17-CA27-4C8E-8F76-1A97605067B5} [2012.01.24 12:16:52 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{3258A6EA-EF9F-4E7D-95F4-2E903C195F52} [2012.01.24 12:16:28 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{97445029-929D-48D5-A637-1A8DDCFB9B1F} [2012.01.22 09:18:23 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{4D89571C-A5C1-4C0A-BCAC-C64991D20DC3} [2012.01.20 17:49:48 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{A924CFE6-40AF-40C0-A57A-0FD174FC88F8} [2012.01.20 17:49:24 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{8C1069F5-9D56-4B85-8690-AE8179860B5B} [2012.01.19 16:56:05 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\One Piece ab Folge 001-195 [2012.01.19 15:36:49 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{A3797879-6841-4E83-98B5-1620C622EC09} [2012.01.19 15:35:54 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{171D8A61-0CAF-4C29-859E-C97AA116F75C} [2012.01.18 15:42:10 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{20E93709-D541-48BD-B400-C7458C89EA13} [2012.01.18 15:41:32 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{23922ACA-25E2-477A-8D54-702ADDDA8CE8} [2012.01.17 15:50:37 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{75E9A87D-52D2-42A1-B75B-7E59BBBB1A16} [2012.01.17 15:50:10 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{C1C40C23-202B-4B2B-A8B3-936273ACCDE8} [2012.01.16 15:50:19 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{A1A4D78B-EDFB-4335-83EA-39527E8CCD9B} [2012.01.15 09:36:53 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{061C246C-D2EA-4A25-B29D-3B7F6316864A} [2012.01.15 09:36:23 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{46D60189-8793-4EE5-B584-612C89B932A9} [2012.01.13 06:33:56 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{FC235461-3665-4BFE-8DE4-6D1FBD469CA9} [2012.01.13 06:33:36 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{BAFCC9DF-61C8-4F34-9315-C6E29DB22D47} [2012.01.12 15:33:27 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{D3599BBF-4C7A-4580-BC26-6FA528A74C1F} [2012.01.11 08:26:58 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{9FCCDA14-B26C-4506-BD03-96C0E9D5062B} [2012.01.11 08:26:34 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{9995DE43-D4CE-4D49-93B0-5129EBBBC96A} [2012.01.10 11:42:54 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.01.10 11:07:18 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{F916AC61-8032-4C95-864F-4CBA7586DADC} [2012.01.10 11:05:25 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{6E4903C6-DA03-4745-88A2-6DF1CBDC64D7} [2012.01.09 15:04:42 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\{FF177188-3417-47A6-B9D0-4A5B638D0FD9} ========== Files - Modified Within 30 Days ========== [2012.02.08 11:48:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.08 11:48:12 | 2411,864,064 | -HS- | M] () -- C:\hiberfil.sys [2012.02.08 11:44:51 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.08 11:44:51 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.08 11:43:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.08 11:37:27 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.08 11:37:22 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job [2012.02.08 11:33:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe [2012.02.08 10:48:23 | 000,003,368 | ---- | M] () -- C:\bootsqm.dat [2012.02.07 17:46:48 | 000,541,439 | ---- | M] () -- C:\Windows\System32\sig.bin [2012.02.07 17:46:48 | 000,036,597 | ---- | M] () -- C:\Windows\System32\nmp.map [2012.02.04 11:53:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.02.04 11:53:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012.02.04 08:53:33 | 000,697,322 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.04 08:53:33 | 000,652,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.04 08:53:33 | 000,148,328 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.04 08:53:33 | 000,121,274 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.04 08:46:07 | 000,295,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.04 01:42:34 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Standard.job [2012.01.30 17:49:25 | 000,053,248 | ---- | M] () -- C:\Windows\System32\unrar.dll [2012.01.30 16:31:14 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012.01.28 15:00:45 | 000,001,231 | ---- | M] () -- C:\Users\Standard\Desktop\CABAL Online (Europe).lnk [2012.01.20 16:38:18 | 000,004,065 | ---- | M] () -- C:\Users\Standard\.recently-used.xbel ========== Files Created - No Company Name ========== [2012.02.08 10:48:23 | 000,003,368 | ---- | C] () -- C:\bootsqm.dat [2012.02.04 11:53:28 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2012.02.04 11:53:28 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2012.01.30 17:49:25 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012.01.28 15:03:49 | 000,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd [2012.01.28 15:00:45 | 000,001,231 | ---- | C] () -- C:\Users\Standard\Desktop\CABAL Online (Europe).lnk [2012.01.20 16:38:18 | 000,004,065 | ---- | C] () -- C:\Users\Standard\.recently-used.xbel [2012.01.10 11:32:57 | 000,002,480 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2011.11.22 16:05:08 | 000,370,541 | ---- | C] () -- C:\Windows\System32\fmtp.bin [2011.11.05 02:22:00 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2011.09.29 16:19:07 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2011.09.08 14:11:58 | 000,541,439 | ---- | C] () -- C:\Windows\System32\sig.bin [2011.08.26 23:22:30 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2011.08.17 15:56:03 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.08.17 15:56:02 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.08.15 17:47:34 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.08.15 17:47:33 | 000,138,056 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\PnkBstrK.sys [2011.08.15 17:47:02 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.08.15 17:46:59 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.08.08 09:33:34 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2011.08.08 09:33:33 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2011.08.08 09:33:33 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2011.08.08 09:30:25 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.07.29 10:35:43 | 000,101,480 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.05.05 16:10:32 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.05.05 16:10:31 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.02.06 10:41:05 | 000,005,024 | ---- | C] () -- C:\Windows\System32\FilterData.dat [2011.02.06 09:05:24 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.07.14 09:47:43 | 000,697,322 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,148,328 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,295,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,652,600 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,121,274 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.12.21 11:36:46 | 000,009,728 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll ========== LOP Check ========== [2011.12.03 01:59:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\.minecraft [2011.03.27 16:22:29 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\AnvSoft [2011.08.30 19:07:46 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Artweaver [2012.02.06 22:56:32 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Audacity [2011.07.17 19:30:59 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DAEMON Tools Lite [2011.08.28 14:04:32 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DVDVideoSoft [2011.08.28 14:04:24 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DVDVideoSoftIEHelpers [2011.03.10 08:09:35 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\FinalMediaPlayer [2011.07.09 14:26:08 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\FireShot [2011.04.01 14:35:45 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\FreeVideoConverter [2011.05.28 06:49:20 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\go [2012.01.20 16:38:18 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\gtk-2.0 [2011.09.08 14:09:04 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\ICQ [2011.07.02 13:45:57 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\LolClient [2012.02.02 17:37:05 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2011.10.08 12:03:47 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2011.08.24 19:42:53 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\OpenOffice.org [2011.10.31 18:39:31 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Opera [2011.09.29 20:48:13 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Origin [2012.01.30 16:32:12 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Petroglyph [2011.04.26 16:57:05 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Publish Providers [2012.02.04 17:03:05 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Screaming Bee [2011.10.22 22:16:34 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\SoftGrid Client [2011.04.26 16:57:19 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Sony [2011.05.04 17:23:34 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\TeamViewer [2011.05.05 14:31:14 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\TP [2011.06.12 21:43:01 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\TS3Client [2011.12.06 16:24:04 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Ubisoft [2011.05.14 15:07:16 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Unity [2011.05.29 07:51:30 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Windows Live Writer [2012.02.08 11:37:22 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job [2012.01.25 07:09:27 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.01.27 11:55:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.12.24 16:08:46 | 000,000,000 | ---D | M] -- C:\Acer [2011.01.27 12:07:43 | 000,000,000 | ---D | M] -- C:\b17082b7b4beda9773de [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.01.27 11:55:05 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.03.17 18:15:33 | 000,000,000 | ---D | M] -- C:\Fanatsy-Server [2012.02.08 10:47:01 | 000,000,000 | -HSD | M] -- C:\found.000 [2011.12.11 20:31:54 | 000,000,000 | ---D | M] -- C:\Fraps [2011.01.27 12:51:31 | 000,000,000 | ---D | M] -- C:\Intel [2011.05.05 14:44:14 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.02.07 09:43:12 | 000,000,000 | R--D | M] -- C:\Program Files [2012.02.04 17:01:07 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.01.27 11:55:05 | 000,000,000 | -HSD | M] -- C:\Programme [2011.01.27 11:55:06 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.07.02 12:25:21 | 000,000,000 | ---D | M] -- C:\Riot Games [2011.08.08 09:30:25 | 000,000,000 | ---D | M] -- C:\Sierra [2012.02.08 10:23:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.01.27 11:55:18 | 000,000,000 | ---D | M] -- C:\Users [2012.02.08 11:12:45 | 000,000,000 | ---D | M] -- C:\Windows [2012.02.08 11:19:10 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2009.02.12 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\X64\IaStor.sys [2009.02.12 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\X86\IaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.03.02 22:44:35 | 000,000,121 | ---- | M] () -- C:\Users\Standard\.gtk-bookmarks [2012.01.20 16:38:18 | 000,004,065 | ---- | M] () -- C:\Users\Standard\.recently-used.xbel [2011.06.02 09:35:39 | 000,462,363 | ---- | M] () -- C:\Users\Standard\0601_211611.jpg [2011.06.02 09:35:41 | 000,454,458 | ---- | M] () -- C:\Users\Standard\0601_211616.jpg [2011.10.01 11:09:45 | 000,376,582 | ---- | M] () -- C:\Users\Standard\0930_193947.jpg [2011.10.01 11:09:45 | 000,358,980 | ---- | M] () -- C:\Users\Standard\1001_001207.jpg [2011.10.23 13:33:08 | 000,396,892 | ---- | M] () -- C:\Users\Standard\1023_143141.jpg [2011.10.23 13:33:09 | 000,397,043 | ---- | M] () -- C:\Users\Standard\1023_143146.jpg [2011.10.23 13:33:10 | 000,398,439 | ---- | M] () -- C:\Users\Standard\1023_143157.jpg [2012.02.08 12:27:12 | 003,145,728 | -HS- | M] () -- C:\Users\Standard\NTUSER.DAT [2012.02.08 12:27:12 | 000,262,144 | -HS- | M] () -- C:\Users\Standard\ntuser.dat.LOG1 [2011.06.04 11:58:30 | 000,262,144 | -HS- | M] () -- C:\Users\Standard\ntuser.dat.LOG2 [2011.01.27 11:58:44 | 000,065,536 | -HS- | M] () -- C:\Users\Standard\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2011.01.27 11:58:44 | 000,524,288 | -HS- | M] () -- C:\Users\Standard\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2011.01.27 11:58:44 | 000,524,288 | -HS- | M] () -- C:\Users\Standard\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2011.01.27 11:55:21 | 000,000,020 | -HS- | M] () -- C:\Users\Standard\ntuser.ini [2011.10.23 13:33:23 | 000,081,920 | -HS- | M] () -- C:\Users\Standard\Thumbs.db < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Files - Unicode (All) ========== [2011.11.28 22:06:59 | 000,191,087 | ---- | M] ()(C:\Users\Standard\Documents\?? ICH ??.gif) -- C:\Users\Standard\Documents\♥♥ ICH ♥♥.gif [2011.11.28 22:06:48 | 000,191,087 | ---- | C] ()(C:\Users\Standard\Documents\?? ICH ??.gif) -- C:\Users\Standard\Documents\♥♥ ICH ♥♥.gif < End of report > Hier der Inhalt von OTL.txt und Exta.txt |
08.02.2012, 13:23 | #4 |
/// Malware-holic | Windows gesperrt ..aufforderung 50 € bezahlen hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL O4 - HKCU..\Run: [ffdwnd] C:\Users\Standard\AppData\Local\Mozilla\Firefox\firefox.exe () :Files C:\Users\Standard\AppData\Local\Mozilla\Firefox\firefox.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Drücke bitte die + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
08.02.2012, 13:37 | #5 |
| Windows gesperrt ..aufforderung 50 € bezahlen Tausend dank für die Hilfe !! (: Es geht alles wieder Problemlos. Und der Upload war erfolgreich. Mfg und nochmals viele dank! |
08.02.2012, 13:43 | #6 |
/// Malware-holic | Windows gesperrt ..aufforderung 50 € bezahlen danke für den upload. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ --> Windows gesperrt ..aufforderung 50 € bezahlen |
Themen zu Windows gesperrt ..aufforderung 50 € bezahlen |
aufforderung, bezahlen, deutschland, erklärung, fenster, gesperrt, laptop, relativ, schnelle, sperre, sperren, windows, windows gesperrt |