Windows Security System - Computer wird gesperrt - 100€ zahlen

plik · 15.02.2012, 13:48

Hallo,

ich sitze an einem Asus Netbook mit Win7 Starter und heute morgen ist ein, denke ich, bekanntes Problem aufgetreten.

- Windows Sicherheitswarnung - Computer gesperrt - und wenn 100€ gezahlt werden, dann ist das Problem behoben.

Während ich noch nicht da war, wurde der Rechner, wie im Forum beschrieben, im abgesicherten gestartet und eine Systemwiederherstellung durchgeführt (Sicherungspunkt von gestern).

Dann eine Antivir Suche ohne Ergebnis und letztendlich der OLT Scan.

Ich füge jetzt das Log File, hoffe dass ich an alles gedacht habe und bedanke mich schon jetzt für Eure Hilfe! Danke!

OTL logfile created on: 2/15/2012 12:57:28 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sandra
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1014.18 Mb Total Physical Memory | 159.29 Mb Available Physical Memory | 15.71% Memory free
1.99 Gb Paging File | 0.58 Gb Available in Paging File | 29.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 10.64 Gb Free Space | 10.64% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 89.03 Gb Free Space | 72.46% Space Free | Partition Type: NTFS
Drive F: | 3.69 Gb Total Space | 3.31 Gb Free Space | 89.74% Space Free | Partition Type: FAT32

Computer Name: EEEPC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/15 12:57:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\OTL.com
PRC - [2012/02/11 21:16:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Sandra\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/01/18 19:54:06 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/12/27 23:21:18 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/12/27 23:21:08 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/12/15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/12/15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/12/15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/12/15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/09/05 18:04:56 | 001,489,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2011/07/16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/07/29 01:40:56 | 000,311,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/11/11 01:07:50 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/26 23:30:00 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2009/10/17 06:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/10/17 02:31:06 | 000,284,160 | ---- | M] (ASUSTek) -- C:\Program Files\ASUS\LivCam\LivCam.exe
PRC - [2009/09/25 20:04:10 | 000,115,888 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\asus\SystemSetting\WallPaperAgent.exe
PRC - [2009/09/11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/28 00:38:28 | 000,803,304 | ---- | M] () -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2009/08/25 08:47:10 | 000,947,472 | ---- | M] (ECAREME) -- C:\Program Files\ASUS\Asus WebStorage\BackupService.exe
PRC - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/07/20 10:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/11 21:16:03 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/12 18:42:46 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a72ed18d2df70f09c57cf914ce591306\Microsoft.VisualBasic.ni.dll
MOD - [2012/01/12 18:06:23 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll
MOD - [2012/01/07 18:36:35 | 000,115,137 | ---- | M] () -- C:\Users\Sandra\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
MOD - [2011/12/27 23:21:18 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/12/23 20:59:22 | 000,625,576 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2011/12/23 20:59:22 | 000,493,992 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2011/12/23 20:59:22 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2011/12/23 20:59:22 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2011/11/15 12:10:40 | 009,364,480 | ---- | M] () -- C:\Users\Sandra\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
MOD - [2011/11/11 11:49:45 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/14 04:26:57 | 002,295,296 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/13 22:26:06 | 000,997,888 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll
MOD - [2011/10/13 21:14:09 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 21:12:04 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\fd6d00c3c7d56a2e3651769081e8f412\System.EnterpriseServices.ni.dll
MOD - [2011/10/13 21:11:57 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\834be57d8ab824b4ebcbf01161791d70\System.Transactions.ni.dll
MOD - [2011/10/13 21:11:44 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\45a20172acfdcc160ecb6bd358179c31\System.Data.ni.dll
MOD - [2011/10/13 21:09:32 | 014,322,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/13 21:07:01 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/13 21:06:21 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/13 21:06:02 | 012,216,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/13 21:05:09 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/13 21:04:45 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/13 21:04:23 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/13 21:04:19 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/13 21:03:11 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/09/05 18:04:58 | 000,056,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\Locale\de_de\brdlang32.DEU
MOD - [2011/09/05 18:04:56 | 000,249,232 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2009/11/11 09:44:34 | 000,029,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3524.15966__0d0f4b69e50e559b\SqliteShared.dll
MOD - [2009/11/11 09:44:33 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2009/09/15 23:30:42 | 000,376,832 | ---- | M] () -- C:\Program Files\ASUS\LivCam\SMIUtility.dll
MOD - [2009/08/25 08:47:24 | 000,140,560 | ---- | M] () -- C:\Program Files\ASUS\Asus WebStorage\EcaremeDLL.dll
MOD - [2009/08/25 08:47:22 | 000,095,504 | ---- | M] () -- C:\Program Files\ASUS\Asus WebStorage\BSWorker.dll
MOD - [2009/08/25 08:47:22 | 000,083,216 | ---- | M] () -- C:\Program Files\ASUS\Asus WebStorage\BSBroker.dll
MOD - [2009/07/26 02:25:26 | 000,208,896 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009/07/26 02:25:25 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 22:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
SRV - [2012/02/11 01:09:56 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2011/12/15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV - [2011/12/15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/12/15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/12/08 05:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/12/08 05:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/12/08 05:22:36 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2011/12/08 05:22:36 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2011/12/08 05:22:36 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2011/12/08 05:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/12/08 05:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/12/08 05:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010/02/17 12:53:24 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/05 18:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/27 08:06:45 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/07/20 10:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/06 03:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/07/01 05:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [1999/03/06 13:38:28 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASUSHWIO.SYS -- (asushwio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://asus.msn.comhxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/11 21:16:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/23 15:07:54 | 000,000,000 | ---D | M]

[2010/01/29 11:05:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Extensions
[2012/01/06 20:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\3f4mpqp4.default\extensions
[2010/02/17 12:54:05 | 000,002,055 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\3f4mpqp4.default\searchplugins\daemon-search.xml
[2011/11/10 21:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
() (No name found) -- C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3F4MPQP4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/11 21:16:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/02/15 12:49:44 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011/09/01 20:36:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/09/01 20:36:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/01 20:36:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/09/01 20:36:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/01 20:36:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/09/01 20:36:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Regentropfen = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil\1.0.0.2_0\
CHR - Extension: YouTube = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: YouTube = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
CHR - Extension: Google Mail = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ASUS Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\asus\SystemSetting\StarterHelper.dll (ASUSTeK Computer Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found
O4 - HKLM..\Run: [EeeStorageBackup] C:\Program Files\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LivCam] C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Sandra\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3AC0BE5-8EA1-43DA-BE95-05A299F8682F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Program Files\asus\SystemSetting\WallPaperAgent.exe) -C:\Program Files\asus\SystemSetting\WallPaperAgent.exe (ASUSTeK Computer Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/15 12:56:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\OTL.com
[2012/02/15 12:46:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\OTL.exe
[2012/02/15 12:33:13 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Avira
[2012/02/15 12:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/02/15 12:27:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012/02/15 12:27:03 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012/02/15 12:27:02 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/02/15 12:27:02 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012/02/15 12:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/02/15 12:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/02/08 14:08:29 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Mendeley Ltd
[2012/02/08 14:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mendeley Desktop
[2012/02/08 14:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mendeley Desktop
[2012/02/06 23:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/01/25 17:16:57 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\Mediopyxis R
[2012/01/24 15:45:20 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\RStudio
[2012/01/24 12:53:21 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\RStudio-Desktop
[2012/01/24 12:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
[2012/01/24 12:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\RStudio
[2012/01/23 15:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/23 15:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/01/23 14:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/23 14:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/23 14:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/23 14:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/01/20 17:05:21 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/06/03 14:46:59 | 000,750,508 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\ga_main.exe
[2011/06/03 14:46:59 | 000,348,160 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Cfg.dll
[2011/06/03 14:46:59 | 000,126,976 | ---- | C] (Info-ZIP) -- C:\Program Files\unzip32.dll
[2011/06/03 14:46:58 | 000,802,816 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Prod.dll
[2011/06/03 14:46:56 | 000,122,880 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\Veui32.dll
[2011/06/03 14:46:56 | 000,032,768 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\Vepb40.dll
[2011/06/03 14:46:55 | 000,344,064 | ---- | C] (Ulead Systems) -- C:\Program Files\mpg_hvd.dll
[2011/06/03 14:46:55 | 000,241,664 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Base.dll
[2011/06/03 14:46:55 | 000,225,280 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Fido.dll
[2011/06/03 14:46:55 | 000,167,936 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\UssCvt.dll
[2011/06/03 14:46:55 | 000,147,456 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\uRender.dll
[2011/06/03 14:46:55 | 000,135,168 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Clips.dll
[2011/06/03 14:46:55 | 000,122,880 | ---- | C] (Ulead Systems, Inc) -- C:\Program Files\wUfoComp.dll
[2011/06/03 14:46:55 | 000,114,688 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32File.dll
[2011/06/03 14:46:55 | 000,114,688 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Comm.dll
[2011/06/03 14:46:55 | 000,081,920 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\ucp1.ucp
[2011/06/03 14:46:55 | 000,049,152 | ---- | C] (Ulead Systems, Inc) -- C:\Program Files\uwUpdate.dll
[2011/06/03 14:46:55 | 000,045,056 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\USSGifsa.dll
[2011/06/03 14:46:55 | 000,045,056 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Brows.dll
[2011/06/03 14:46:55 | 000,040,960 | ---- | C] (Ulead Systems, Inc) -- C:\Program Files\ucsRWUFO.dll
[2011/06/03 14:46:55 | 000,028,672 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\VFX32.dll
[2011/06/03 14:46:54 | 000,081,920 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\anigen.exe
[2009/10/06 14:08:27 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2012/02/15 12:57:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\OTL.com
[2012/02/15 12:46:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\OTL.exe
[2012/02/15 12:34:07 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3575365184-2583104152-2841995273-1000UA.job
[2012/02/15 12:30:08 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/15 12:27:31 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/02/15 12:24:36 | 087,262,320 | ---- | M] () -- C:\Users\Sandra\avira_free_antivirus1200872_de.exe
[2012/02/15 12:21:00 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/15 12:21:00 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/15 12:13:42 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/15 12:09:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/15 12:09:07 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/14 00:00:17 | 000,001,072 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3575365184-2583104152-2841995273-1000Core.job
[2012/02/08 14:08:07 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Mendeley Desktop.lnk
[2012/02/03 21:48:25 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/02/03 21:48:25 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/02/03 21:48:25 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/02/03 21:48:25 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/02/03 00:09:52 | 000,025,188 | ---- | M] () -- C:\Users\Sandra\Documents\.Rhistory
[2012/02/02 11:04:45 | 000,000,982 | ---- | M] () -- C:\Users\Sandra\Desktop\Dropbox.lnk
[2012/02/02 11:04:45 | 000,000,962 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/01/25 11:47:13 | 000,002,359 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\WWB7_32.DAT
[2012/01/24 15:45:04 | 000,502,031 | ---- | M] () -- C:\Users\Sandra\Documents\.RData
[2012/01/24 13:52:24 | 000,047,763 | ---- | M] () -- C:\Users\Sandra\Desktop\Daten_Einlesen_mit_R.pdf
[2012/01/24 12:54:02 | 000,001,442 | ---- | M] () -- C:\Users\Sandra\Desktop\rstudio.exe - Verknüpfung.lnk
[2012/01/24 12:51:03 | 016,612,682 | ---- | M] () -- C:\Users\Sandra\RStudio-0.94.110.exe
[2012/01/23 14:43:06 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/02/15 12:27:31 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/02/15 12:22:10 | 087,262,320 | ---- | C] () -- C:\Users\Sandra\avira_free_antivirus1200872_de.exe
[2012/02/08 14:08:07 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Mendeley Desktop.lnk
[2012/01/24 15:45:02 | 000,502,031 | ---- | C] () -- C:\Users\Sandra\Documents\.RData
[2012/01/24 13:52:22 | 000,047,763 | ---- | C] () -- C:\Users\Sandra\Desktop\Daten_Einlesen_mit_R.pdf
[2012/01/24 12:54:02 | 000,001,442 | ---- | C] () -- C:\Users\Sandra\Desktop\rstudio.exe - Verknüpfung.lnk
[2012/01/24 12:50:23 | 016,612,682 | ---- | C] () -- C:\Users\Sandra\RStudio-0.94.110.exe
[2012/01/23 14:43:06 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/04 15:12:08 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2012/01/04 09:36:12 | 000,002,359 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\WWB7_32.DAT
[2011/12/23 20:58:28 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2011/06/03 14:46:59 | 000,057,344 | ---- | C] () -- C:\Program Files\u32opas.dll
[2011/06/03 14:46:59 | 000,032,768 | ---- | C] () -- C:\Program Files\OPASMgr.dll
[2011/06/03 14:46:58 | 000,007,759 | ---- | C] () -- C:\Program Files\GIF Animator 5 Readme.html
[2011/06/03 14:46:57 | 000,000,075 | ---- | C] () -- C:\windows\ULEAD32.INI
[2011/06/03 14:46:56 | 000,253,952 | ---- | C] () -- C:\Program Files\VFX_WMT.dll
[2011/06/03 14:46:56 | 000,053,248 | ---- | C] () -- C:\Program Files\UFCCOMM.dll
[2011/06/03 14:46:56 | 000,036,864 | ---- | C] () -- C:\Program Files\UFCCOLOR.dll
[2011/06/03 14:46:56 | 000,032,768 | ---- | C] () -- C:\Program Files\UFCBUF.dll
[2011/06/03 14:46:56 | 000,031,227 | ---- | C] () -- C:\Program Files\logo.gif
[2011/06/03 14:46:56 | 000,024,576 | ---- | C] () -- C:\Program Files\Vcvrt32.dll
[2011/06/03 14:46:56 | 000,003,766 | ---- | C] () -- C:\Program Files\iearrowhead.dat
[2011/06/03 14:46:56 | 000,003,507 | ---- | C] () -- C:\Program Files\IEDEFORM.DAT
[2011/06/03 14:46:56 | 000,002,396 | -H-- | C] () -- C:\Program Files\U32FILE.CFG
[2011/06/03 14:46:55 | 000,528,384 | ---- | C] () -- C:\Program Files\U32path.dll
[2011/06/03 14:46:55 | 000,311,296 | ---- | C] () -- C:\Program Files\Tge.dll
[2011/06/03 14:46:55 | 000,307,200 | ---- | C] () -- C:\Program Files\IdxEd.exe
[2011/06/03 14:46:55 | 000,237,568 | ---- | C] () -- C:\Program Files\UpiCtrl.dll
[2011/06/03 14:46:55 | 000,180,224 | ---- | C] () -- C:\Program Files\u32video.dll
[2011/06/03 14:46:55 | 000,176,128 | ---- | C] () -- C:\Program Files\sepa.dll
[2011/06/03 14:46:55 | 000,147,456 | ---- | C] () -- C:\Program Files\u32Cvt.dll
[2011/06/03 14:46:55 | 000,139,264 | ---- | C] () -- C:\Program Files\Vft32.dll
[2011/06/03 14:46:55 | 000,139,264 | ---- | C] () -- C:\Program Files\ussjpgen.dll
[2011/06/03 14:46:55 | 000,139,264 | ---- | C] () -- C:\Program Files\uJpgLib.dll
[2011/06/03 14:46:55 | 000,114,688 | ---- | C] () -- C:\Program Files\pngfio.dll
[2011/06/03 14:46:55 | 000,102,400 | ---- | C] () -- C:\Program Files\u32Tx.dll
[2011/06/03 14:46:55 | 000,090,112 | ---- | C] () -- C:\Program Files\u32Sel.dll
[2011/06/03 14:46:55 | 000,061,440 | ---- | C] () -- C:\Program Files\u32txtur.dll
[2011/06/03 14:46:55 | 000,040,960 | ---- | C] () -- C:\Program Files\uINet.dll
[2011/06/03 14:46:55 | 000,040,960 | ---- | C] () -- C:\Program Files\UAboutbox.dll
[2011/06/03 14:46:55 | 000,040,960 | ---- | C] () -- C:\Program Files\u32Aps32.dll
[2011/06/03 14:46:55 | 000,036,864 | ---- | C] () -- C:\Program Files\Pal.dll
[2011/06/03 14:46:55 | 000,032,768 | ---- | C] () -- C:\Program Files\uShadow.dll
[2011/06/03 14:46:55 | 000,032,768 | ---- | C] () -- C:\Program Files\u32Misc.dll
[2011/06/03 14:46:55 | 000,032,768 | ---- | C] () -- C:\Program Files\maskop.dll
[2011/06/03 14:46:55 | 000,028,672 | ---- | C] () -- C:\Program Files\u32Plug.dll
[2011/06/03 14:46:55 | 000,028,672 | ---- | C] () -- C:\Program Files\u32Aps.dll
[2011/06/03 14:46:55 | 000,028,672 | ---- | C] () -- C:\Program Files\ManageAd.dll
[2011/06/03 14:46:55 | 000,024,576 | ---- | C] () -- C:\Program Files\uLzwLib.dll
[2011/06/03 14:46:55 | 000,024,576 | ---- | C] () -- C:\Program Files\uGifLib.dll
[2011/06/03 14:46:55 | 000,020,480 | ---- | C] () -- C:\Program Files\u32sn.dll
[2011/06/03 14:46:54 | 000,081,920 | ---- | C] () -- C:\Program Files\EXE.UXE
[2011/03/25 17:11:22 | 000,363,080 | ---- | C] () -- C:\Program Files\Adobe_Photoshop_Elements_9-AkamaiDLM.exe
[2011/02/03 20:54:56 | 000,000,472 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\Poladroid prefs.plist
[2011/01/14 13:34:46 | 000,003,584 | ---- | C] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\windows\System32\vpnapi.dll
[2010/02/17 13:10:40 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2010/02/17 12:46:02 | 000,000,000 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\wklnhst.dat
[2010/01/29 10:51:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/29 10:40:33 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2009/11/11 01:02:27 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2009/11/11 01:02:27 | 000,021,864 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2009/11/11 01:00:14 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2009/11/11 00:49:39 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/11/11 00:42:59 | 000,011,448 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2009/11/11 00:42:49 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2009/07/26 02:28:45 | 000,643,866 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/07/26 02:28:45 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/07/26 02:28:45 | 000,126,394 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/07/26 02:28:45 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,379,472 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,607,190 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,103,568 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/01 09:10:50 | 000,000,176 | ---- | C] () -- C:\windows\explorer.exe.config
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2003/02/20 17:53:42 | 000,005,702 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/11/11 09:44:48 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Asus WebStorage
[2010/02/17 13:02:52 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\DAEMON Tools Lite
[2012/02/15 12:15:12 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Dropbox
[2011/02/03 20:36:53 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\EndNote
[2012/01/04 15:12:16 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\pdfforge
[2012/01/24 15:45:20 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\RStudio
[2012/01/07 18:35:52 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Samsung
[2012/01/04 09:30:35 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\StatSoft
[2011/11/20 23:10:04 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

cosinus · 15.02.2012, 13:51

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Windows Security System - Computer wird gesperrt - 100€ zahlen

Log-Analyse und Auswertung: Windows Security System - Computer wird gesperrt - 100€ zahlen

Windows Security System - Computer wird gesperrt - 100€ zahlen

Windows Security System - Computer wird gesperrt - 100€ zahlen

Ähnliche Themen: Windows Security System - Computer wird gesperrt - 100€ zahlen