| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mirWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.02.2012, 19:38
| #1 |
| |  Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mir Hallo, auch bei mir das problem. Windows lies sich nicht nach einigen eigenen Versuchen das Problem zu lösen nicht mehr booten und hat einen Systemrückstellpunkt genommen. Es funktiniert das Internet. Ich hab einen scan mit OTL gemacht: Code:
ATTFilter OTL Extras logfile created on: 12.02.2012 19:05:14 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Schnuffi\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 47.84% Memory free
4.00 Gb Paging File | 2.87 Gb Available in Paging File | 71.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 269.41 Gb Total Space | 1.96 Gb Free Space | 0.73% Space Free | Partition Type: NTFS
Drive D: | 28.67 Gb Total Space | 17.45 Gb Free Space | 60.86% Space Free | Partition Type: FAT32
Drive E: | 4.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: TOBI-BIANCA-PC | User Name: Schnuffi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{209DF55F-5E5C-48A3-BC3D-A7CB1224458C}" = HP Print Diagnostic Utility
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}" = Mercenaries 2: World in Flames(tm)
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}" = CrissCross 8.10
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{6E5BC38E-F22B-4197-00A2-CD8E58EF139D}" = FUSSBALL MANAGER 2005
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7300EA4C-3489-4ABB-AF80-CFAF0C02F03C}" = phase6_19_download
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95468B00-C081-4B27-AC96-0A2A31359E60}" = Adobe Flash Player 10 ActiveX
"{96D33319-C14C-3070-A464-CE8416E46487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A43B8D30-B46F-11D5-A54F-0090278A1BB8}" = Office XP Web Services Toolkit [CD]
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C9736F27-3CFC-4AF9-B2A7-5B1A54B1A84F}" = SFV Checker
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0
"{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton™ Security Scan
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.1.7a
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"7-Zip" = 7-Zip 4.42
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"ALDI Foto Manager Free Sued D" = ALDI Foto Manager Free Sued 3.4.0.466 (D)
"AllemeineAdressen" = Alle meine Adressen 1.20
"Any Video Converter_is1" = Any Video Converter 3.0.7
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"ClickOff_is1" = ClickOff version 1.82
"CloneSpy" = CloneSpy 2.41
"DivX Setup.divx.com" = DivX-Setup
"EAX Unified" = EAX Unified
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0
"Latinum in fenestris" = Latinum in fenestris
"LetsTrade" = LetsTrade Komponenten
"LG PC Suite IV" = LG PC Suite IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued 6.0.2.0 (D)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PicGrab_is1" = PicGrab 2.7.8
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Riva FLV Player_is1" = Riva FLV Player
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"Saitek Dual Analog Rumble Pad" = Saitek Dual Analog Rumble Pad
"SchulwegPlaner" = SchulwegPlaner
"Skype_is1" = eBay.de - Skype 3.0
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"ST6UNST #1" = Daten-Konvertierer
"SystemRequirementsLab" = System Requirements Lab
"The Times - Exclusive Tomb Raider Level" = The Times - Exclusive Tomb Raider Level
"TweakNow RegCleaner Standard_is1" = TweakNow RegCleaner Standard
"ULTIMATER" = Microsoft Office Ultimate 2007
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"YouRipper230" = YouRipper
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Sansa Updater" = Sansa Updater
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Ich hoffe jemand kann mir helfen. |
|
12.02.2012, 19:39
| #2 |
| /// Malware-holic   | Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mir hi, otl.txt fehlt noch :-)
__________________
__________________ |
|
12.02.2012, 19:47
| #3 |
| | Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mir Sorry:
__________________Code:
ATTFilter OTL logfile created on: 12.02.2012 19:05:14 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Schnuffi\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 47.84% Memory free 4.00 Gb Paging File | 2.87 Gb Available in Paging File | 71.79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 269.41 Gb Total Space | 1.96 Gb Free Space | 0.73% Space Free | Partition Type: NTFS Drive D: | 28.67 Gb Total Space | 17.45 Gb Free Space | 60.86% Space Free | Partition Type: FAT32 Drive E: | 4.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: TOBI-BIANCA-PC | User Name: Schnuffi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.12 19:02:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Schnuffi\Desktop\OTL.exe PRC - [2011.10.28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011.10.28 19:35:26 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011.07.16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.07.08 22:10:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.30 14:29:15 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.08 15:42:05 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe PRC - [2010.11.19 10:20:18 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.09.15 09:33:32 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007.02.23 11:17:50 | 001,509,888 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe PRC - [2007.02.08 19:14:26 | 000,127,059 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe PRC - [2006.12.23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006.12.23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2007.05.22 09:59:22 | 000,128,512 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2006.05.14 05:23:40 | 000,138,752 | ---- | M] () -- C:\Programme\7-Zip\7-zip.dll ========== Win32 Services (SafeList) ========== SRV - [2011.10.28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.07.08 22:10:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.30 14:29:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.09.15 09:33:32 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2007.02.27 06:19:13 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2007.02.23 11:17:50 | 001,509,888 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2007.02.08 19:14:26 | 000,299,093 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS) SRV - [2007.02.08 19:14:26 | 000,127,059 | ---- | M] () [Auto | Running] -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS)) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2011.10.28 19:35:28 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2011.10.28 19:35:26 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2011.07.08 22:10:43 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.08 22:10:43 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.09.15 09:33:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.27 03:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm) DRV - [2010.04.27 03:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) DRV - [2010.04.27 03:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) DRV - [2010.04.27 03:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl) DRV - [2010.01.12 05:03:33 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.11.12 05:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.09.29 07:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort) DRV - [2009.09.29 07:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM) DRV - [2009.09.29 07:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.13 23:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2009.07.13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2009.07.13 23:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.13 02:22:01 | 000,271,360 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.03.13 02:21:56 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2007.01.08 18:43:40 | 001,136,600 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.10.18 17:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\xfilt.sys -- (xfilt) DRV - [2006.10.17 20:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\videX32.sys -- (videX32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.14 21:58:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.14 21:58:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.12 18:41:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.29 16:35:52 | 000,000,000 | ---D | M] [2010.03.01 01:51:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schnuffi\AppData\Roaming\mozilla\Extensions [2012.02.05 19:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schnuffi\AppData\Roaming\mozilla\Firefox\Profiles\6d5ta91q.default\extensions [2012.01.08 12:48:43 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Schnuffi\AppData\Roaming\mozilla\Firefox\Profiles\6d5ta91q.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.05.01 23:26:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Schnuffi\AppData\Roaming\mozilla\Firefox\Profiles\6d5ta91q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.01 01:51:26 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Schnuffi\AppData\Roaming\mozilla\Firefox\Profiles\6d5ta91q.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2011.11.19 16:19:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Schnuffi\AppData\Roaming\mozilla\Firefox\Profiles\6d5ta91q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.12.14 21:51:07 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Schnuffi\AppData\Roaming\mozilla\Firefox\Profiles\6d5ta91q.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.03.01 01:51:24 | 000,000,000 | ---D | M] ("TurnTool Viewer") -- C:\Users\Schnuffi\AppData\Roaming\mozilla\Firefox\Profiles\6d5ta91q.default\extensions\turntoolviewer@turntool.com [2011.11.13 09:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.02 12:56:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.03.29 16:35:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.11.07 17:26:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.07 17:26:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.07 17:26:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.07 17:26:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.07 17:26:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.07 17:26:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: DivX HiQ = C:\Users\Schnuffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Schnuffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\ O1 HOSTS File: ([2011.10.31 22:38:24 | 000,438,536 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 15085 more lines... O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Programme\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [KiesTrayAgent] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4465DD0-050B-4310-B1B1-F1BD48C106DC}: NameServer = 62.109.123.196 213.191.74.18 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A839DD66-1EBE-4FBE-B82D-6E1E6E753820}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Users\Schnuffi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Schnuffi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.02.25 16:24:44 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{45da2ac8-db01-11db-a79d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{45da2ac8-db01-11db-a79d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe -- [2004.10.21 19:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation) O33 - MountPoints2\{8b0aa8ff-61bb-11e0-993c-f76ba6fbafd5}\Shell - "" = AutoRun O33 - MountPoints2\{8b0aa8ff-61bb-11e0-993c-f76ba6fbafd5}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Bärli^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ClickOff.lnk - C:\Programme\ClickOff\Clickoff.exe - () MsConfig - StartUpReg: Ad-Watch - hkey= - key= - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: BullGuard - hkey= - key= - File not found MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - File not found MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe () MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: SansaDispatch - hkey= - key= - C:\Users\Schnuffi\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: TVBroadcast - hkey= - key= - C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) MsConfig - StartUpReg: TVEService - hkey= - key= - C:\Program Files\Home Cinema\TV Enhance\TVEService.exe (CyberLink Corp.) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.12 19:02:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Schnuffi\Desktop\OTL.exe [2012.02.12 18:27:39 | 000,000,000 | ---D | C] -- C:\Users\Schnuffi\AppData\Local\ElevatedDiagnostics [2012.02.07 22:09:29 | 000,000,000 | ---D | C] -- C:\Users\Schnuffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite [2012.02.07 22:08:16 | 000,000,000 | ---D | C] -- C:\Users\Schnuffi\AppData\Roaming\WindSolutions [2012.01.14 12:07:58 | 000,000,000 | ---D | C] -- C:\Users\Schnuffi\Documents\Iris Dokumente [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [15 C:\Users\Schnuffi\Documents\*.tmp files -> C:\Users\Schnuffi\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.12 19:02:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Schnuffi\Desktop\OTL.exe [2012.02.12 18:51:59 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.12 18:51:59 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.12 18:44:13 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.12 18:44:03 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.02.12 18:42:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.12 18:42:38 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2012.02.09 22:36:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.09 12:59:45 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.09 12:59:45 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.09 12:59:44 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.09 12:59:44 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.07 22:09:29 | 000,001,385 | ---- | M] () -- C:\Users\Schnuffi\Desktop\CopyTrans Control Center.lnk [2012.02.06 22:54:03 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2012.02.06 22:54:03 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2012.02.04 12:21:06 | 000,107,346 | ---- | M] () -- C:\Users\Schnuffi\Desktop\Baustelle.jpg [2012.02.03 15:00:00 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan.job [2012.01.29 18:52:13 | 000,094,061 | ---- | M] () -- C:\Users\Schnuffi\Desktop\patientenumfrage_07.pdf [2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.01.26 08:32:55 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [15 C:\Users\Schnuffi\Documents\*.tmp files -> C:\Users\Schnuffi\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.07 22:09:29 | 000,001,385 | ---- | C] () -- C:\Users\Schnuffi\Desktop\CopyTrans Control Center.lnk [2012.02.07 17:54:57 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.02.04 12:21:03 | 000,107,346 | ---- | C] () -- C:\Users\Schnuffi\Desktop\Baustelle.jpg [2012.01.29 18:52:13 | 000,094,061 | ---- | C] () -- C:\Users\Schnuffi\Desktop\patientenumfrage_07.pdf [2011.11.03 22:41:20 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.11.03 22:41:20 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.04.08 17:20:20 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.03.24 19:39:56 | 000,438,272 | ---- | C] () -- C:\Windows\System32\PaintX.dll [2011.03.08 13:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.03.08 13:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.03.08 13:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.03.08 13:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.03.08 13:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.11.02 21:32:24 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.11.02 21:32:24 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.10.05 00:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys [2010.04.02 00:22:32 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2010.04.02 00:22:32 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010.03.01 02:07:04 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2010.02.17 01:45:00 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.02.17 01:44:59 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.02.17 01:44:57 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2010.02.17 01:44:57 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.02.17 01:44:57 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.02.17 01:44:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.12.22 10:01:06 | 000,005,120 | ---- | C] () -- C:\Windows\System32\IcdSptSvps.dll [2009.12.22 10:01:05 | 000,118,784 | ---- | C] () -- C:\Windows\System32\mp3dec.dll [2009.12.22 10:01:05 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dsp_trc.dll [2009.10.23 16:57:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.14 09:47:43 | 000,643,628 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,126,188 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,539,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,606,992 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,103,370 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.03.13 02:22:01 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.03.13 02:21:56 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.04.29 22:03:50 | 000,048,592 | ---- | C] () -- C:\Users\Schnuffi\AppData\Roaming\NMM-MetaData.db [2008.04.07 11:56:55 | 000,691,545 | ---- | C] () -- C:\Windows\unins000.exe [2008.04.07 11:56:54 | 000,002,546 | ---- | C] () -- C:\Windows\unins000.dat [2007.11.20 23:01:19 | 000,000,088 | ---- | C] () -- C:\Users\Schnuffi\AppData\Roaming\Default.PLS [2007.10.15 15:15:36 | 000,000,071 | ---- | C] () -- C:\Windows\System32\Reglat.ini [2007.05.17 12:55:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2007.05.17 12:55:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2007.03.30 22:57:24 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.03.30 22:18:05 | 000,000,173 | ---- | C] () -- C:\Windows\KPCMS.INI [2007.03.30 22:17:55 | 000,040,129 | ---- | C] () -- C:\Windows\iccsigs.dat [2007.03.30 22:17:50 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL [2007.03.29 19:27:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.03.25 21:34:31 | 000,000,000 | ---- | C] () -- C:\Users\Schnuffi\AppData\Roaming\wklnhst.dat [2007.02.26 17:14:35 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2007.02.26 17:14:35 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2007.02.10 16:17:37 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.02.09 15:43:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.02.09 14:59:01 | 000,000,199 | ---- | C] () -- C:\Windows\WISO.INI [2007.02.09 14:32:51 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2007.02.09 14:12:31 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2006.09.20 07:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini [1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.03.01 00:50:56 | 000,000,000 | -H-D | M] -- C:\$INPLACE.~TR [2010.11.20 00:34:00 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.03.01 02:09:45 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~Q [2009.01.04 16:38:21 | 000,000,000 | ---D | M] -- C:\AllDupBackup [2010.03.01 01:14:14 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.03.25 20:11:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.09.23 00:12:11 | 000,000,000 | ---D | M] -- C:\Downloads [2007.03.30 22:17:44 | 000,000,000 | ---D | M] -- C:\KPCMS [2007.02.10 15:01:11 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.02.17 00:54:37 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.10.31 22:58:27 | 000,000,000 | R--D | M] -- C:\Program Files [2011.11.01 10:38:25 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007.03.25 20:11:47 | 000,000,000 | -HSD | M] -- C:\Programme [2010.03.01 09:36:33 | 000,000,000 | -HSD | M] -- C:\Recovery [2007.02.16 14:38:05 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2012.02.12 19:08:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.03.28 18:53:08 | 000,000,000 | ---D | M] -- C:\Temp [2010.08.02 05:32:48 | 000,000,000 | R--D | M] -- C:\Users [2012.02.12 18:41:25 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2007.09.18 18:38:06 | 001,563,553 | ---- | M] () -- C:\Users\Schnuffi\BOS12Ch0708Rä_Chemi_Skript.PDF [2009.03.08 12:47:26 | 001,189,376 | -HS- | M] () -- C:\Users\Schnuffi\ehthumbs_vista.db [2008.01.29 18:55:32 | 002,086,400 | ---- | M] () -- C:\Users\Schnuffi\English Bild.doc [2010.12.23 16:40:04 | 000,001,673 | ---- | M] () -- C:\Users\Schnuffi\GeoGebra Forum.lnk [2010.12.23 16:40:04 | 000,001,786 | ---- | M] () -- C:\Users\Schnuffi\GeoGebra.lnk [2010.12.23 16:40:04 | 000,001,691 | ---- | M] () -- C:\Users\Schnuffi\GeoGebraWiki (German).lnk [2010.12.23 16:40:04 | 000,001,705 | ---- | M] () -- C:\Users\Schnuffi\GeoGebraWiki (International).lnk [2008.01.24 20:59:33 | 000,373,957 | ---- | M] () -- C:\Users\Schnuffi\img034.jpg [2008.01.24 21:00:14 | 000,480,053 | ---- | M] () -- C:\Users\Schnuffi\img035.jpg [2008.01.24 21:00:23 | 001,134,232 | ---- | M] () -- C:\Users\Schnuffi\img036.jpg [2008.01.24 21:00:32 | 000,561,107 | ---- | M] () -- C:\Users\Schnuffi\img037.jpg [2008.01.24 21:00:39 | 001,045,067 | ---- | M] () -- C:\Users\Schnuffi\img038.jpg [2008.01.24 21:00:48 | 000,495,948 | ---- | M] () -- C:\Users\Schnuffi\img039.jpg [2008.01.24 21:00:55 | 000,332,383 | ---- | M] () -- C:\Users\Schnuffi\img040.jpg [2008.01.24 21:01:00 | 000,386,606 | ---- | M] () -- C:\Users\Schnuffi\img041.jpg [2008.01.28 19:39:46 | 000,545,017 | ---- | M] () -- C:\Users\Schnuffi\L1 seite1.jpg [2008.01.28 19:39:53 | 000,554,412 | ---- | M] () -- C:\Users\Schnuffi\L2seite2.jpg [2012.02.12 19:20:05 | 008,650,752 | -HS- | M] () -- C:\Users\Schnuffi\ntuser.dat [2012.02.12 19:20:05 | 000,262,144 | -HS- | M] () -- C:\Users\Schnuffi\ntuser.dat.LOG1 [2010.03.01 01:22:35 | 000,000,000 | -HS- | M] () -- C:\Users\Schnuffi\ntuser.dat.LOG2 [2010.03.01 01:22:37 | 000,065,536 | -HS- | M] () -- C:\Users\Schnuffi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.03.01 01:22:37 | 000,524,288 | -HS- | M] () -- C:\Users\Schnuffi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.03.01 01:22:37 | 000,524,288 | -HS- | M] () -- C:\Users\Schnuffi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2012.02.12 18:43:11 | 000,065,536 | -HS- | M] () -- C:\Users\Schnuffi\ntuser.dat{f09d9330-55a0-11e1-937f-a7ebcf3716c7}.TM.blf [2012.02.12 18:43:11 | 000,524,288 | -HS- | M] () -- C:\Users\Schnuffi\ntuser.dat{f09d9330-55a0-11e1-937f-a7ebcf3716c7}.TMContainer00000000000000000001.regtrans-ms [2012.02.12 18:43:12 | 000,524,288 | -HS- | M] () -- C:\Users\Schnuffi\ntuser.dat{f09d9330-55a0-11e1-937f-a7ebcf3716c7}.TMContainer00000000000000000002.regtrans-ms [2010.05.01 11:29:32 | 000,000,020 | -HS- | M] () -- C:\Users\Schnuffi\ntuser.ini [2007.05.21 08:19:26 | 010,626,048 | ---- | M] () -- C:\Users\Schnuffi\Physik-Referat - Der Verbrennungsmotor_v2.ppt [2008.01.29 22:13:54 | 002,246,279 | ---- | M] () -- C:\Users\Schnuffi\Scannen0002.jpg [2008.01.29 22:14:08 | 001,666,326 | ---- | M] () -- C:\Users\Schnuffi\Scannen0003.jpg [2008.01.29 22:14:13 | 000,312,282 | ---- | M] () -- C:\Users\Schnuffi\Scannen0004.jpg [2008.05.02 19:59:45 | 007,202,504 | ---- | M] () -- C:\Users\Schnuffi\Technologie.pdf [2008.01.28 19:38:04 | 000,526,426 | ---- | M] () -- C:\Users\Schnuffi\Test1 Seite30.jpg [2008.01.28 19:38:25 | 000,540,945 | ---- | M] () -- C:\Users\Schnuffi\Test1 Seite31.jpg [2008.01.28 19:39:00 | 000,562,417 | ---- | M] () -- C:\Users\Schnuffi\Test1 Seite32.jpg [2008.01.28 19:38:42 | 000,567,337 | ---- | M] () -- C:\Users\Schnuffi\Test1 Seite33.jpg [2008.01.28 19:38:53 | 000,602,510 | ---- | M] () -- C:\Users\Schnuffi\Test2 Seite53.jpg [2008.01.28 19:39:13 | 000,707,904 | ---- | M] () -- C:\Users\Schnuffi\Test2 Seite54.jpg [2008.01.28 19:39:29 | 000,578,760 | ---- | M] () -- C:\Users\Schnuffi\Test2 Seite55.jpg [2008.01.28 19:39:37 | 000,525,344 | ---- | M] () -- C:\Users\Schnuffi\Test2 Seite56.jpg [2011.08.21 10:38:11 | 000,313,856 | -HS- | M] () -- C:\Users\Schnuffi\Thumbs.db [2010.12.23 16:40:04 | 000,001,665 | ---- | M] () -- C:\Users\Schnuffi\www.geogebra.org.lnk [2007.05.27 23:23:37 | 000,001,074 | RH-- | M] () -- C:\Users\Schnuffi\XrxWm.ini [2007.05.27 23:23:36 | 000,000,522 | RH-- | M] () -- C:\Users\Schnuffi\xw45cpdy.dyc < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > |
|
12.02.2012, 19:53
| #4 |
| /// Malware-holic | Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mir öffne malwarebytes, logdateien, poste alle berichte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.02.2012, 20:10
| #5 |
| | Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mirCode:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8051
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12.02.2012 17:48:44
mbam-log-2012-02-12 (17-48-44).txt
Scan type: Quick scan
Objects scanned: 204405
Time elapsed: 15 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Schnuffi\downloads\pantsoff.exe (PUP.PSWFinder) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.12.05 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Schnuffi :: TOBI-BIANCA-PC [administrator] 12.02.2012 19:53:26 mbam-log-2012-02-12 (19-53-26).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 220912 Time elapsed: 12 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\Schnuffi\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Quarantined and deleted successfully. Files Detected: 1 C:\Users\Schnuffi\Downloads\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Quarantined and deleted successfully. (end) |
|
12.02.2012, 20:43
| #6 |
| /// Malware-holic | Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mir hi, neustarten, f8 drücken abgesicherter modus mit netzwerk wählen, im betroffenen konto anmelden, dort geht das internet. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ --> Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mir |
|
13.02.2012, 00:09
| #7 |
| | Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mirCode:
ATTFilter ComboFix 12-02-12.01 - Schnuffi 12.02.2012 23:34:39.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2046.1083 [GMT 1:00]
ausgeführt von:: c:\users\Schnuffi\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\Public\20070809
c:\users\Public\20070809\Balies.jpg
c:\users\Public\20070809\Bei tobi tantd u onkel 3.3gp
c:\users\Public\20070809\Bei tobi tante u onkel 2.3gp
c:\users\Public\20070809\Bei tobi tante u onkel.3gp
c:\users\Public\20070809\Bei tobis mum 1.3gp
c:\users\Public\20070809\Bei tobis mum 2.3gp
c:\users\Public\20070809\Bei tobis mum 3.3gp
c:\users\Public\20070809\Bei tobis mum 4.3gp
c:\users\Public\20070809\Bild000.jpg
c:\users\Public\20070809\Bild001.jpg
c:\users\Public\20070809\Bild002.jpg
c:\users\Public\20070809\Bild003.jpg
c:\users\Public\20070809\Bild004.jpg
c:\users\Public\20070809\Bild005.jpg
c:\users\Public\20070809\Bild006.jpg
c:\users\Public\20070809\Bild007.jpg
c:\users\Public\20070809\Bild008.jpg
c:\users\Public\20070809\Bild009.jpg
c:\users\Public\20070809\Bild010.jpg
c:\users\Public\20070809\Bild011.jpg
c:\users\Public\20070809\Bild012.jpg
c:\users\Public\20070809\Bild013.jpg
c:\users\Public\20070809\Bild014.jpg
c:\users\Public\20070809\Bild015.jpg
c:\users\Public\20070809\Bild016.jpg
c:\users\Public\20070809\Bild017.jpg
c:\users\Public\20070809\Bild018.jpg
c:\users\Public\20070809\Bild019.jpg
c:\users\Public\20070809\Bild020.jpg
c:\users\Public\20070809\Bild021.jpg
c:\users\Public\20070809\Bild022.jpg
c:\users\Public\20070809\Bild023.jpg
c:\users\Public\20070809\Bild024.jpg
c:\users\Public\20070809\Bild025.jpg
c:\users\Public\20070809\Bild026.jpg
c:\users\Public\20070809\Bild027.jpg
c:\users\Public\20070809\Bild028.jpg
c:\users\Public\20070809\Bild029.jpg
c:\users\Public\20070809\Bild030.jpg
c:\users\Public\20070809\Bild031.jpg
c:\users\Public\20070809\Bild032.jpg
c:\users\Public\20070809\Bild033.jpg
c:\users\Public\20070809\Bild034.jpg
c:\users\Public\20070809\Bild035(1).jpg
c:\users\Public\20070809\Bild035.jpg
c:\users\Public\20070809\Bild036.jpg
c:\users\Public\20070809\Bild037.jpg
c:\users\Public\20070809\Bild038.jpg
c:\users\Public\20070809\Bild039.jpg
c:\users\Public\20070809\Bild040.jpg
c:\users\Public\20070809\Bild041.jpg
c:\users\Public\20070809\Bild042.jpg
c:\users\Public\20070809\Bild043.jpg
c:\users\Public\20070809\Bild044.jpg
c:\users\Public\20070809\Bild045.jpg
c:\users\Public\20070809\Bild046.jpg
c:\users\Public\20070809\Bild047.jpg
c:\users\Public\20070809\Bild048.jpg
c:\users\Public\20070809\Bild049.jpg
c:\users\Public\20070809\Bild050.jpg
c:\users\Public\20070809\Bild051.jpg
c:\users\Public\20070809\Bild052.jpg
c:\users\Public\20070809\Bild053.jpg
c:\users\Public\20070809\Bild054.jpg
c:\users\Public\20070809\Bild055.jpg
c:\users\Public\20070809\Bild056.jpg
c:\users\Public\20070809\Bild057.jpg
c:\users\Public\20070809\Bild058.jpg
c:\users\Public\20070809\Bild059.jpg
c:\users\Public\20070809\Bild060.jpg
c:\users\Public\20070809\Bild061.jpg
c:\users\Public\20070809\Bild062.jpg
c:\users\Public\20070809\Bild063.jpg
c:\users\Public\20070809\Bild064.jpg
c:\users\Public\20070809\Bild065.jpg
c:\users\Public\20070809\Bild066.jpg
c:\users\Public\20070809\Bild067.jpg
c:\users\Public\20070809\Bild068.jpg
c:\users\Public\20070809\Bild069.jpg
c:\users\Public\20070809\Bild070.jpg
c:\users\Public\20070809\Bild071.jpg
c:\users\Public\20070809\Bild072.jpg
c:\users\Public\20070809\Bild073.jpg
c:\users\Public\20070809\Bild074.jpg
c:\users\Public\20070809\Bild075.jpg
c:\users\Public\20070809\Bild076.jpg
c:\users\Public\20070809\Bild077.jpg
c:\users\Public\20070809\Bild078.jpg
c:\users\Public\20070809\Bild079.jpg
c:\users\Public\20070809\Bild080.jpg
c:\users\Public\20070809\Bild081.jpg
c:\users\Public\20070809\Bild082.jpg
c:\users\Public\20070809\Bild083.jpg
c:\users\Public\20070809\Bild084.jpg
c:\users\Public\20070809\Bild085.jpg
c:\users\Public\20070809\Bild086.jpg
c:\users\Public\20070809\Bild087.jpg
c:\users\Public\20070809\Bild088.jpg
c:\users\Public\20070809\Bild089.jpg
c:\users\Public\20070809\Bild090.jpg
c:\users\Public\20070809\Bild091.jpg
c:\users\Public\20070809\Bild092.jpg
c:\users\Public\20070809\Bild093.jpg
c:\users\Public\20070809\Bild094.jpg
c:\users\Public\20070809\Bild095.jpg
c:\users\Public\20070809\Bild096.jpg
c:\users\Public\20070809\Bild097.jpg
c:\users\Public\20070809\Bild098.jpg
c:\users\Public\20070809\Bild099.jpg
c:\users\Public\20070809\Bild100.jpg
c:\users\Public\20070809\Bild101.jpg
c:\users\Public\20070809\Bild102.jpg
c:\users\Public\20070809\Bild103.jpg
c:\users\Public\20070809\Bild104.jpg
c:\users\Public\20070809\Bild105.jpg
c:\users\Public\20070809\Bild106.jpg
c:\users\Public\20070809\Bild107.jpg
c:\users\Public\20070809\Bild108.jpg
c:\users\Public\20070809\Bild109.jpg
c:\users\Public\20070809\Bild110.jpg
c:\users\Public\20070809\Bild111.jpg
c:\users\Public\20070809\Bild112.jpg
c:\users\Public\20070809\Bild113.jpg
c:\users\Public\20070809\Bild114.jpg
c:\users\Public\20070809\Bild115.jpg
c:\users\Public\20070809\Bild116.jpg
c:\users\Public\20070809\Bild117.jpg
c:\users\Public\20070809\Bild118.jpg
c:\users\Public\20070809\Bild119.jpg
c:\users\Public\20070809\Bild120.jpg
c:\users\Public\20070809\Bild121.jpg
c:\users\Public\20070809\Bild122.jpg
c:\users\Public\20070809\Bild123.jpg
c:\users\Public\20070809\Bild124.jpg
c:\users\Public\20070809\Bild125.jpg
c:\users\Public\20070809\Bild126.jpg
c:\users\Public\20070809\Bild127.jpg
c:\users\Public\20070809\Bild128.jpg
c:\users\Public\20070809\Bild129.jpg
c:\users\Public\20070809\Bild130.jpg
c:\users\Public\20070809\Bild131.jpg
c:\users\Public\20070809\Bild132.jpg
c:\users\Public\20070809\Bild133.jpg
c:\users\Public\20070809\Bild134.jpg
c:\users\Public\20070809\Bild135.jpg
c:\users\Public\20070809\Bild136.jpg
c:\users\Public\20070809\Bild137.jpg
c:\users\Public\20070809\Bild138.jpg
c:\users\Public\20070809\Bild139.jpg
c:\users\Public\20070809\Bild140.jpg
c:\users\Public\20070809\Bild141.jpg
c:\users\Public\20070809\Bild142.jpg
c:\users\Public\20070809\Bild143.jpg
c:\users\Public\20070809\Bild144.jpg
c:\users\Public\20070809\Bild145.jpg
c:\users\Public\20070809\Bild146.jpg
c:\users\Public\20070809\Bärli schlafend.jpg
c:\users\Public\20070809\Deu-tun in köln.jpg
c:\users\Public\20070809\Foto(006)(1).jpg
c:\users\Public\20070809\Foto(006).jpg
c:\users\Public\20070809\Foto(033).jpg
c:\users\Public\20070809\Foto(040).jpg
c:\users\Public\20070809\Foto(163).jpg
c:\users\Public\20070809\Foto(165).jpg
c:\users\Public\20070809\Foto(192).jpg
c:\users\Public\20070809\Foto(238).jpg
c:\users\Public\20070809\Foto(243).jpg
c:\users\Public\20070809\Foto(251).jpg
c:\users\Public\20070809\Foto(266).jpg
c:\users\Public\20070809\Foto(268).jpg
c:\users\Public\20070809\Foto(288).jpg
c:\users\Public\20070809\Foto(303).jpg
c:\users\Public\20070809\Foto(305).jpg
c:\users\Public\20070809\Foto(306).jpg
c:\users\Public\20070809\Foto(308).jpg
c:\users\Public\20070809\Foto(312).jpg
c:\users\Public\20070809\Foto(313).jpg
c:\users\Public\20070809\Foto(314).jpg
c:\users\Public\20070809\Foto(320).jpg
c:\users\Public\20070809\Foto(321).jpg
c:\users\Public\20070809\Frame1.png
c:\users\Public\20070809\Frame2.png
c:\users\Public\20070809\Frame3.png
c:\users\Public\20070809\Fuchs2.jpg
c:\users\Public\20070809\Ich beim kabatrinken.3gp
c:\users\Public\20070809\Innsbruck.jpg
c:\users\Public\20070809\Ludwig u herbert.jpg
c:\users\Public\20070809\Mami.jpg
c:\users\Public\20070809\Rudi.jpg
c:\users\Public\20070809\Video(011).3gp
c:\users\Public\20070809\Video(011)000.3gp
c:\users\Public\20070809\Video002.3gp
c:\users\Public\20070809\Video003.3gp
c:\users\Public\20070809\Video004.3gp
c:\users\Public\20070809\Video005.3gp
c:\users\Public\20070809\Video019.3gp
c:\users\Public\20070809\Video022.3gp
c:\users\Public\20070809\Zoi mit bärli.jpg
c:\users\Schnuffi\4.0
c:\users\Schnuffi\Documents\~WRL0031.tmp
c:\users\Schnuffi\Documents\~WRL0049.tmp
c:\users\Schnuffi\Documents\~WRL0250.tmp
c:\users\Schnuffi\Documents\~WRL0294.tmp
c:\users\Schnuffi\Documents\~WRL0798.tmp
c:\users\Schnuffi\Documents\~WRL1562.tmp
c:\users\Schnuffi\Documents\~WRL1573.tmp
c:\users\Schnuffi\Documents\~WRL1989.tmp
c:\users\Schnuffi\Documents\~WRL2178.tmp
c:\users\Schnuffi\Documents\~WRL2532.tmp
c:\users\Schnuffi\Documents\~WRL2865.tmp
c:\users\Schnuffi\Documents\~WRL3189.tmp
c:\users\Schnuffi\Documents\~WRL3439.tmp
c:\users\Schnuffi\Documents\~WRL3589.tmp
c:\users\Schnuffi\Documents\~WRL3907.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\system32
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-12 bis 2012-02-12 ))))))))))))))))))))))))))))))
.
.
2012-02-12 22:44 . 2012-02-12 22:45 -------- d-----w- c:\users\Schnuffi\AppData\Local\temp
2012-02-12 22:44 . 2012-02-12 22:44 -------- d-----w- c:\users\Tobi\AppData\Local\temp
2012-02-12 22:44 . 2012-02-12 22:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-12 22:44 . 2012-02-12 22:44 -------- d-----w- c:\users\Bärli\AppData\Local\temp
2012-02-12 22:39 . 2012-02-12 22:39 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{691A653E-BBB5-4CEF-8AEF-D717F5732B25}\offreg.dll
2012-02-12 17:53 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{691A653E-BBB5-4CEF-8AEF-D717F5732B25}\mpengine.dll
2012-02-12 17:27 . 2012-02-12 17:27 -------- d-----w- c:\users\Schnuffi\AppData\Local\ElevatedDiagnostics
2012-02-07 21:08 . 2012-02-07 21:10 -------- d-----w- c:\users\Schnuffi\AppData\Roaming\WindSolutions
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2009-10-04 00:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 14:24 . 2011-10-31 16:35 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:23 . 2011-12-14 11:02 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:06 . 2012-01-11 16:40 67072 ----a-w- c:\windows\system32\packager.dll
2011-11-17 05:48 . 2012-01-13 07:30 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 05:48 . 2012-01-13 07:30 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-17 05:42 . 2012-01-13 07:30 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2011-11-17 05:41 . 2012-01-11 16:40 1288984 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:39 . 2012-01-13 07:30 314368 ----a-w- c:\windows\system32\webio.dll
2011-11-17 05:39 . 2012-01-13 07:30 99840 ----a-w- c:\windows\system32\sspicli.dll
2011-11-17 05:39 . 2012-01-13 07:30 15360 ----a-w- c:\windows\system32\sspisrv.dll
2011-11-17 05:39 . 2012-01-13 07:30 224768 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 05:39 . 2012-01-13 07:30 22016 ----a-w- c:\windows\system32\secur32.dll
2011-11-17 05:38 . 2012-01-13 07:30 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-17 05:36 . 2012-01-13 07:30 22528 ----a-w- c:\windows\system32\lsass.exe
2012-02-02 11:56 . 2011-03-24 09:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-02-28 22:11 191488 ------w- c:\program files\Yontoo Layers\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-19 281768]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Bärli^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ClickOff.lnk]
backup=c:\windows\pss\ClickOff.lnk.Startup
backupExtension=.Startup
path=c:\users\Bärli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClickOff.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2011-10-28 18:35 1187072 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-08 19:17 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-02-27 05:19 220160 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-03-17 21:07 896912 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-03-17 21:07 19872 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-03-17 21:07 3373456 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\program files\Home Cinema\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ----a-w- c:\program files\Home Cinema\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2006-12-01 12:37 4186112 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2011-04-17 00:18 79872 ----a-w- c:\users\Schnuffi\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVBroadcast]
2007-02-23 13:44 779776 ----a-w- c:\program files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
2007-02-08 18:13 155648 ----a-w- c:\program files\Home Cinema\TV Enhance\TVEService.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-14 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-02-08 299093]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 1136600]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-14 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-10-28 15232]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2010-04-27 100352]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-10-28 64512]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-09-15 217088]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\Bonavista\Services\PVR\PVRService.exe [2007-02-23 1509888]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [2007-02-08 127059]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-09-15 36640]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
S3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-28 18:35]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-14 20:55]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-14 20:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{A4465DD0-050B-4310-B1B1-F1BD48C106DC}: NameServer = 62.109.123.7 213.191.92.86
TCP: Interfaces\{A839DD66-1EBE-4FBE-B82D-6E1E6E753820}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Schnuffi\AppData\Roaming\Mozilla\Firefox\Profiles\6d5ta91q.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-KiesTrayAgent - (no file)
MSConfigStartUp-BullGuard - c:\program files\BullGuard Software\BullGuard\bullguard.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
AddRemove-Adobe Photoshop 5.5 - c:\windows\ISUN0407.EXE
AddRemove-Latinum in fenestris - c:\windows\unin0407.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-12 23:49:07
ComboFix-quarantined-files.txt 2012-02-12 22:49
.
Vor Suchlauf: 2,390,745,088 Bytes frei
Nach Suchlauf: 2,209,312,768 Bytes frei
.
- - End Of File - - 1FDCFE2AC898957178F0F17018D2796D
|
|
13.02.2012, 11:40
| #8 |
| /// Malware-holic | Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mir malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.02.2012, 22:36
| #9 |
| | Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mirCode:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.13.04 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Schnuffi :: TOBI-BIANCA-PC [administrator] 13.02.2012 19:22:25 mbam-log-2012-02-13 (19-22-25).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 517707 Time elapsed: 3 hour(s), 10 minute(s), 43 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
|
14.02.2012, 12:13
| #10 |
| /// Malware-holic | Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mir Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. wenn fertig, melden bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.02.2012, 00:48
| #11 |
| | Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mir Hat lang gedauert. Ist erledigt. |
|
15.02.2012, 11:13
| #12 |
| /// Malware-holic | Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mir jo, wenn man keine updates instaliert bzw automatisch instalieren lässt, fällt halt ne menge an. mit der jetzigen konfiguration wirds immer schnell gehen mit dem updaten. lade den CCleaner standard: CCleaner Download - CCleaner 3.15.1643 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.02.2012, 23:50
| #13 |
| | Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mir Hier ist die Liste. Erwähnenswert ist noch das der Rechner seit der benutzung von combofix extrem träge und langsam ist. Woran könnte das liegen? Code:
ATTFilter 7-Zip 4.42 28.02.2010 notwendig Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 28.02.2010 unbekannt Ad-Aware Lavasoft Limited 30.10.2011 34.1MB 9.5.0 unbekannt Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 07.04.2011 2.68MB 10.1.85.3 unbekannt Adobe Flash Player 10 Plugin Adobe Systems Incorporated 09.07.2011 6.00MB 10.3.181.26 unbekannt Adobe Reader 9.3.1 - Deutsch Adobe Systems Incorporated 10.04.2010 245MB 9.3.1 notwendig Adobe Shockwave Player 11.5 Adobe Systems, Inc. 19.07.2010 11.5.7.609 unbekannt AFPL Ghostscript 8.54 28.02.2010 unbekannt AFPL Ghostscript Fonts 28.02.2010 unbekannt Age of Empires III Microsoft Game Studios 19.11.2009 2,111MB 1.00.0000 notwendig Age of Empires III - The Asian Dynasties Microsoft Game Studios 24.11.2009 831MB 1.00.0000 notwendig ALDI Foto Manager Free Sued 3.4.0.466 (D) MAGIX AG 25.02.2007 3.4.0.466 notwendig Alle meine Adressen 1.20 26.06.2011 unbekannt Any Video Converter 3.0.7 Any-Video-Converter.com 21.09.2010 64.4MB unbekannt Audiograbber 1.83 SE Audiograbber 08.07.2011 1.83 SE unbekannt Audiograbber MP3-Plugin AG 07.07.2011 1.0unbekannt Avira AntiVir Personal - Free Antivirus Avira GmbH 12.02.2012 61.8MB 10.2.0.707 notwendig Bonjour Apple Inc. 15.03.2009 0.49MB 1.0.106 unbekannt CCleaner Piriform 30.10.2011 3.12 notwendig CIB pdf brewer 2.1.7a CIB software GmbH 16.05.2007 2.1.7a unbekannt ClickOff version 1.82 28.02.2010 unbekannt CloneSpy 2.41 CloneSpy 28.02.2010 unbekannt Corel Graphics Suite 11 Corel Corporation 29.03.2007 265MB 11 notwendig Daten-Konvertierer 28.06.2011 notwendig Digital Voice Editor 3 Sony Corporation 21.12.2009 3.2.00.12190 unbekannt DivX Converter DivX, Inc. 13.12.2010 6.6.0 unbekannt DivX-Setup DivX, LLC 13.12.2010 2.2.0.24 unbekannt EAX Unified 28.02.2010 unbekannt eBay.de - Skype 3.0 Skype Technologies S.A. 28.02.2010 unnötig 3.0 unbekannt Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) MAGIX AG 25.02.2007 2.0.0.1 unbekannt Free YouTube Download version 2.10.33.324 DVDVideoSoft Limited. 17.04.2011 26.9MB unbekannt FreePDF XP (Remove only) 28.02.2010 notwendig FUSSBALL MANAGER 2005 28.02.2010 unnötig Google Chrome Google Inc. 13.12.2010 16.0.912.77 unbekannt Google Desktop Google 28.02.2010 -unnötig Google Earth Google 23.11.2011 92.7MB 6.1.0.5001 notwendig Grand Theft Auto San Andreas Rockstar Games 03.03.2011 1.00.00001 notwendig Grand Theft Auto Vice City 28.02.2010 1.00.000 notwendig HiJackThis Trend Micro 30.10.2011 0.36MB 1.0.0 unbekannt HP Print Diagnostic Utility Hewlett_Packard 26.12.2009 0.71MB 1.51.0000 unbekannt Java(TM) 6 Update 22 Oracle 28.03.2011 95.0MB 6.0.220 unbekannt Java(TM) SE Runtime Environment 6 Update 1 Sun Microsystems, Inc. 23.05.2007 159.9MB 1.6.0.10 unbekannt JDownloader AppWork UG (haftungsbeschränkt) 13.12.2010 notwendig K-Lite Mega Codec Pack 5.7.0 16.02.2010 5.7.0 notwendig KompoZer 0.8b3 KompoZer 23.05.2011 21.8MB unbekannt LetsTrade Komponenten 28.02.2010 unbekannt LG Bluetooth Drivers LG Electronics 07.04.2011 0.69MB 1.1 unbekannt LG PC Suite IV LG Electronics 07.04.2011 4.3.5.20110131 notwendig LG United Mobile Drivers LG Electronics 07.04.2011 5.94MB 2.2 unbekannt LG USB Modem Drivers LG Electronics 07.04.2011 1.06MB 4.9.4 unbekannt MakeDisc 28.02.2010 3.0.1408 unbekannt Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 12.02.2012 17.3MB 1.60.1.1000 notwendig MediaShow 3.0 28.02.2010 unbekannt MEDION Fotos auf CD Sued 6.0.2.0 (D) MAGIX AG 25.02.2007 6.0.2.0 unbekannt Mein Geld Professional Buhl Data Service GmbH 08.02.2007 137.3MB 8.00.0007 unbekannt Mercenaries 2: World in Flames(tm) Electronic Arts 08.09.2010 5,984MB 2.0.1.0 unbekannt Microsoft Age of Empires II 28.02.2010 notwendig Microsoft Age of Empires II: The Conquerors Expansion 28.02.2010 notwendig Microsoft Office 2007 Primary Interop Assemblies Microsoft Corporation 13.12.2011 20.5MB 12.0.4518.1014 unbekannt Microsoft Office File Validation Add-In Microsoft Corporation 13.02.2012 7.92MB 14.0.5130.5003 unbekannt Microsoft Office Ultimate 2007 Microsoft Corporation 13.02.2012 12.0.6612.1000 notwendig Microsoft Silverlight Microsoft Corporation 11.10.2011 226MB 4.0.60831.0 notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 29.07.2009 0.25MB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 0.29MB 8.0.61001 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 29.07.2009 0.19MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 13.04.2011 0.58MB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 28.03.2009 0.57MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 14.11.2010 0.58MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 0.59MB 9.0.30729.6161 unbekannt Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft Corporation 13.02.2012 10.0.31119 unbekannt Microsoft Works Microsoft Corporation 09.12.2009 291MB 08.05.0822 unbekannt Microsoft Zoo Tycoon 28.02.2010 unnötig Mozilla Firefox 10.0 (x86 de) Mozilla 01.02.2012 42.1MB 10.0 notwendig MSXML 4.0 SP2 (KB925672) Microsoft Corporation 09.02.2007 1.24MB 4.20.9839.0 unbekannt MSXML 4.0 SP2 (KB927978) Microsoft Corporation 09.02.2007 1.24MB 4.20.9841.0 unbekannt MSXML 4.0 SP2 (KB936181) Microsoft Corporation 16.08.2007 1.27MB 4.20.9848.0 unbekannt MSXML 4.0 SP2 (KB941833) Microsoft Corporation 10.10.2007 1.27MB 4.20.9849.0 unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.11.2008 1.28MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1.34MB 4.20.9876.0 unbekannt MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 07.04.2011 36.00KB 4.20.9818.0 unbekannt Nero 7 Essentials Nero AG 08.02.2007 512MB 7.02.5182 notwendig Norton™ Security Scan Symantec Corporation 12.01.2008 4.94MB 1.2.0 unbekannt Nur Entfernen der CopyTrans Suite möglich WindSolutions 06.02.2012 2.34 unbekannt NVIDIA Display Control Panel NVIDIA Corporation 28.02.2010 6.14.11.9621notwendig NVIDIA Drivers NVIDIA Corporation 28.02.2010 1.10notwendig NVIDIA Grafiktreiber 275.33 NVIDIA Corporation 13.02.2012 275.33notwendig NVIDIA PhysX NVIDIA Corporation 15.02.2010 83.8MB 9.09.1112 notwendig NVIDIA Stereoscopic 3D Driver NVIDIA Corporation 28.02.2010 7.17.11.9621notwendig NVIDIA Update 1.3.5 NVIDIA Corporation 13.02.2012 1.3.5notwendig PantsOff 2.0 Christoph Bünger Software 26.06.2011 2.0 unbekannt Phase 5 HTML-Editor Systemberatung Schommer 23.05.2011 3.72MB 5.6.2.3 unnötig phase6_19_download phase6 12.10.2008 19.0MB 1.90.0000 unbekannt PhotoNow! 1.0 28.02.2010 unbekannt PicGrab 2.7.8 Benjamin Mussler 23.03.2011 2.7.8 unbekannt PowerCinema Linux 5.0 28.02.2010 unbekannt PowerDirector 28.02.2010 unbekannt PowerDVD CyberLink Corporation 28.02.2010 7.0.2414.0 unbekannt PowerProducer 28.02.2010 unbekannt Prince of Persia The Sands of Time 01.04.2010 1.00.181 unnötig Prince of Persia Warrior Within 19.01.2011 1.00.999 unnötig Realtek High Definition Audio Driver 28.02.2010 unbekannt RedMon - Redirection Port Monitor 28.02.2010 unbekannt Riva FLV Player Rothenberger & Partner 28.02.2010 1.0.0000 unbekannt S.T.A.L.K.E.R. - Shadow of Chernobyl THQ 18.09.2010 1.0000 notwendig Saitek Dual Analog Rumble Pad 03.04.2010 notwendig Samsung Kies Samsung Electronics Co., Ltd. 27.03.2011 170.1MB 2.0.0.11032_12 notwendig SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 11.02.2012 39.1MB 1.3.2250.0 notwendig Sansa Updater SanDisk Corporation 16.04.2011 0.57MB 1.301 unnötig Sceneo AbsolutTV 28.02.2010 unbekannt SchulwegPlaner 28.02.2010 unnötig SFV Checker 28.02.2010 unbekannt Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 24.07.2007 32.5MB 8.0.0 unbekannt Spybot - Search & Destroy Safer Networking Limited 28.03.2009 1.6.2 notwendig Spybot - Search & Destroy 1.5.2.20 Safer Networking Ltd. 06.04.2008 notwendig System Requirements Lab 28.02.2010 unbekannt The Times - Exclusive Tomb Raider Level 28.02.2010 notwendig TV Enhance 28.02.2010 1.0.3808 unbekannt TweakNow RegCleaner Standard TweakNow.com 28.03.2007 v3.0.1 unbekannt Ulead PhotoImpact 12 Ulead System 28.02.2010 12.0 unbekannt Uninstall 1.0.0.1 17.04.2011 10.9MB unbekannt VIA Plattform-Geräte-Manager VIA Technologies, Inc. 15.02.2007 2.59MB 1.22 unbekannt VLC media player 1.0.5 VideoLAN Team 28.02.2010 1.0.5 notwendig WinRAR 28.02.2010 notwendig WinZip 14.5 WinZip Computing, S.L. 08.09.2010 19.7MB 14.5.9095 notwendig X10 Hardware(TM) 28.02.2010 unbekannt YouRipper Remlap Software 28.02.2010 1.3.0.0 unnötig |
|
16.02.2012, 12:42
| #14 |
| /// Malware-holic | Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mir deinstaliere: 7-Zip neueste: 7-Zip deinstaliere: Ad-Aware deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Adobe Shockwave Alle meine Adressen Any Video Audiograbber : beide CIB pdf ClickOff CloneSpy Digital Voice DivX: beide eBay Free YouTube FUSSBALL MANAGER Google Chrome Google Desktop HiJackThis Java: alle Download der kostenlosen Java-Software downloade java jre, instalieren. deinstaliere: LetsTrade MEDION Fotos Mein Geld Mercenaries Norton™ PantsOff Phase : beide PhotoNow PicGrab alle mit Power startenden Prince of Persia : beide SchulwegPlaner Sceneo SFV Spelling Dictionaries Spybot : verzichte drauf, nutze lieber malwarebytes, von zeit zu zeit, nach update. TV Enhance TweakNow Ulead YouRipper öffne otl, bereinigen, neustart. öffne ccleaner, analysieren, bereinigen, neustart. testen ob alles nach wunsch läuft.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2012, 00:19
| #15 |
| | Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mir Alles gemacht. Schaut ganz gut aus |
|
| Themen zu Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mir |
| 7-zip, any video converter, audiograbber, avira, booten, computer, ebay.de, entfernen, error, euro, excel, flash player, format, geld, gesperrt, google, google chrome, grand theft auto, hijack, home, install.exe, jdownloader, logfile, microsoft office word, mozilla, office 2007, realtek, registry, rundll, scan, security, security update, server, software, studio, usb, video converter, visual studio, windows, yontoo |
Linear-Darstellung
