| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows System ist Blockiert,BKA 50€ VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.02.2012, 22:26
| #1 |
| |  Windows System ist Blockiert,BKA 50€ Virus Nach dem Hochfahren von Windows Vista und herstellen der Internetverbindung erscheint Zahlungsaufforderung und System ist blockiert. Ohne Internetverbindung ist Windows nutzbar. Habe mit OTL Logdateien erstellt und stell sie gleich mit ein. OTL logfile created on: 16.02.2012 21:03:00 - Run 1 OTL by OldTimer - Version 3.2.32.0 Folder = F:\ 64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 61,63% Memory free 8,21 Gb Paging File | 6,29 Gb Available in Paging File | 76,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 65,38 Gb Free Space | 14,04% Space Free | Partition Type: NTFS Drive E: | 4,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 1,85 Gb Total Space | 1,76 Gb Free Space | 95,17% Space Free | Partition Type: FAT32 Computer Name: SCHLAFZIMMER-PC | User Name: Tommy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\Tobit ClipInc\Server\ClipInc-Server.exe () PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Program Files (x86)\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\OPENLiMiT\siqSEMr.exe (OPENLiMiT SignCubes GmbH) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Users\Tommy\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak) PRC - C:\Programme\Creative\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\taxaktuell.exe () PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files (x86)\Silvercrest MTS2118 driver\KMConfig.exe (UASSOFT.COM) PRC - C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe () PRC - C:\Program Files (x86)\Silvercrest MTS2118 driver\KMProcess.exe (UASSOFT.COM) PRC - C:\Program Files (x86)\Silvercrest MTS2118 driver\KMWDSrv.exe (UASSOFT.COM) PRC - C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe () PRC - C:\Program Files (x86)\Silvercrest MTS2118 driver\StartAutorun.exe (UASSOFT.COM) PRC - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) PRC - C:\Program Files (x86)\Common Files\G DATA\DAVServer\DAVServer.exe (G DATA Software AG) PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll () MOD - C:\Users\Tommy\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3736ba3ecac186f9c5d85f01bda2be98\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\4cb01a1063e99bd543ca34547e28bd44\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9ad65537fa3d6b3c9c01a98586acfa28\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2606f840d6783c9c2307965650735ada\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9895974a8ff48335614f44603ff16a9d\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\400510870f710fd409ee7fc71b4a69aa\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Tobit ClipInc\Player\clipinc$.ger () MOD - C:\Program Files (x86)\Tobit ClipInc\Player\TOBITCLT.dll () MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\taxaktuell.exe () MOD - C:\PROGRAM FILES (X86)\BUHL FINANCE\TAX 2008 STANDARD\wstyle08.dll () MOD - C:\PROGRAM FILES (X86)\BUHL FINANCE\TAX 2008 STANDARD\wstyle508.dll () MOD - C:\PROGRAM FILES (X86)\BUHL FINANCE\TAX 2008 STANDARD\wstyle108.dll () MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\winc08.dll () MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\wincb08.dll () MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\wglob08.dll () MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\rszeus08.dll () MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\rsdebug08.dll () MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\rswinapi08.dll () MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\qtscript08.dll () MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\qtsql08.dll () MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\qt3compat08.dll () MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\qtxml08.dll () MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\qtnetwork08.dll () MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\qtgui08.dll () MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\qtcore08.dll () MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\qtzlib08.dll () MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\rsodbc08.dll () MOD - C:\Program Files (x86)\Buhl finance\tax 2008 Standard\rsdcom08.dll () MOD - C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe () MOD - C:\Program Files (x86)\Silvercrest MTS2118 driver\keydll.dll () MOD - C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncRs.crl () MOD - C:\Program Files (x86)\Silvercrest MTS2118 driver\MouseHook.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll () SRV:64bit: - (usprserv) -- C:\Windows\SysNative\svchost.exe () SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (ClipInc001) -- C:\Program Files (x86)\Tobit ClipInc\Server\ClipInc-Server.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (aawservice) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (KMWDSERVICE) -- C:\Program Files (x86)\Silvercrest MTS2118 driver\KMWDSrv.exe (UASSOFT.COM) SRV - (SageDB 5.0) -- C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe () SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated) SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltjx64.sys () DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys () DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys () DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys () DRV:64bit: - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys () DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys () DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\657A.tmp () DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys () DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys () DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\Drivers\AnyDVD.sys () DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys () DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys () DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys () DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (irda) -- C:\Windows\SysNative\DRIVERS\irda.sys () DRV:64bit: - (irsir) -- C:\Windows\SysNative\DRIVERS\irsir.sys () DRV:64bit: - (usbser) -- C:\Windows\SysNative\DRIVERS\usbser.sys () DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys () DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\WG311Tx.sys () DRV:64bit: - (ElbyDelay) -- C:\Windows\SysNative\Drivers\ElbyDelay.sys () DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys () DRV:64bit: - (vcd9bus) -- C:\Windows\SysNative\DRIVERS\vcd9bus.sys () DRV:64bit: - (aksdf) -- C:\Windows\SysNative\DRIVERS\aksdf.sys () DRV:64bit: - (Hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys () DRV:64bit: - (Pnp680r) -- C:\Windows\SysNative\DRIVERS\pnp680r.sys () DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (Hardlock) -- C:\Windows\SysWOW64\drivers\hardlock.sys (Aladdin Knowledge Systems) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.defaultthis.engineName: "Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3 FF - prefs.js..extensions.enabledItems: sharonst@windowslive.com:1.03 FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6 FF - prefs.js..extensions.enabledItems: {7C9AE782-DB21-4e40-81FB-AD8A53A6233A}:1.83 FF - prefs.js..extensions.enabledItems: {34ea1c70-42cc-42c5-aa29-ec58b95a343e}:1.5.43.0 FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.18: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.14 16:18:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.02.04 18:19:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.15 18:28:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.26 17:31:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.19 14:23:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.04 18:19:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.14 16:18:45 | 000,000,000 | ---D | M] [2010.08.25 19:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions [2010.08.25 19:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.01.26 18:41:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\63icneww.default\extensions [2008.08.25 20:06:08 | 000,000,000 | ---D | M] (myBabylon Toolbar) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\63icneww.default\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e} [2012.01.26 18:41:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\63icneww.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.02.15 18:17:22 | 000,000,000 | ---D | M] (Live IP Address) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\63icneww.default\extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A} [2011.12.28 11:02:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\63icneww.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.02.21 16:00:04 | 000,000,000 | ---D | M] (Fire Tv button) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\63icneww.default\extensions\sharonst@windowslive.com [2011.11.10 17:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2008.10.31 17:57:17 | 000,000,000 | ---D | M] (PDFCreator Toolbar) -- C:\PROGRAM FILES (X86)\PDFCREATOR TOOLBAR\V3.3.0.1\FIREFOX [2012.01.15 18:28:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.06 16:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2008.08.25 20:05:56 | 000,002,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.10.06 16:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.06 16:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.06 16:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.06 16:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.06 16:45:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: InoViewer Plugin (Enabled) = C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files (x86)\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files (x86)\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files (x86)\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CTCheck] C:\Programme\Creative\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll () O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll () O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.dll () O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated) O4 - HKLM..\Run: [AS00_Gear311T] C:\Program Files (x86)\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [KMCONFIG] "C:\Program Files (x86)\Silvercrest MTS2118 driver\StartAutorun.exe" KMConfig.exe File not found O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [SCLicense] Reg Error: Invalid data type. File not found O4 - HKLM..\Run: [SignCubes] "C:\PROGRA~2\OPENLI~1\siqSEMr.exe" -a File not found O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [ClipIncSrvTray] C:\Program Files (x86)\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software) O4 - HKCU..\Run: [cogad] "C:\Users\Tommy\AppData\Roaming\cogad\cogad.exe" 61A847B5BBF72810339E3F466188719AB689201522886B092CBD44BD8689220221DD3257 File not found O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe () O4 - HKCU..\Run: [DAVSERVER.EXE] C:\Program Files (x86)\Common Files\G DATA\DAVServer\DAVServer.exe (G DATA Software AG) O4 - HKCU..\Run: [ffdwnd] C:\Users\Tommy\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKCU..\Run: [Twain] C:\Users\Tommy\AppData\Roaming\Twain\Twain.exe File not found O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0 O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CEBBC53-0FFD-447B-B8D9-306B9EDCBC10}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94C34F67-51F3-480B-8FE5-8F9F4A98BEAD}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0D03874-6439-4305-8FAE-E6DCC737BCD0}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9BCDEB2-D3D5-4B64-BE3C-F966A0978C22}: NameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O30:64bit: - LSA: Authentication Packages - (C:\\Windows\\system32\\vtUopOih) - File not found O30 - LSA: Authentication Packages - (C:\\Windows\\system32\\vtUopOih) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.08.24 06:43:12 | 000,000,224 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{9c99bc96-a5ef-11de-8067-001966585d91}\Shell - "" = AutoRun O33 - MountPoints2\{9c99bc96-a5ef-11de-8067-001966585d91}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2006.05.24 11:36:40 | 000,950,272 | R--- | M] () O33 - MountPoints2\{e4e15fd8-deb9-11e0-ad0f-001966585d91}\Shell - "" = AutoRun O33 - MountPoints2\{e4e15fd8-deb9-11e0-ad0f-001966585d91}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006.05.24 11:36:40 | 000,950,272 | R--- | M] () O33 - MountPoints2\{fd26ed01-c320-11de-ad4f-001966585d91}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.13 06:34:22 | 000,000,000 | ---D | C] -- C:\Windows\Registration [2012.02.07 19:00:26 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\Marcel [2012.02.07 14:37:54 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\SmartCards [2012.02.07 14:37:54 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\AttributeCertificates [2012.02.04 18:58:31 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Nokia Suite [2012.02.04 18:36:06 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Local\NokiaAccount [2012.02.04 18:35:58 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Nokia [2012.02.04 18:20:14 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Local\Nokia [2012.02.04 18:20:10 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\PC Suite [2012.02.04 18:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2012.02.04 18:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia [2012.02.04 18:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.02.04 18:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2012.02.04 18:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache [2012.02.03 11:48:20 | 000,000,000 | ---D | C] -- C:\oventrop [2012.02.03 11:32:14 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Fax dateien [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Tommy\Documents\*.tmp files -> C:\Users\Tommy\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.16 21:05:10 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.16 20:59:59 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\kgowsytp.job [2012.02.16 19:53:14 | 001,427,198 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.16 19:53:14 | 000,621,692 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.16 19:53:14 | 000,589,884 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.16 19:53:14 | 000,123,460 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.16 19:53:14 | 000,101,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.16 19:47:22 | 000,002,497 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk [2012.02.16 19:47:07 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.16 19:47:05 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.16 19:47:05 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.16 19:46:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.16 19:46:54 | 4294,238,208 | -HS- | M] () -- C:\hiberfil.sys [2012.02.16 18:39:05 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2BF7C0AF-D00F-48CB-BB90-A40D89FD3861}.job [2012.02.12 18:51:19 | 000,001,356 | ---- | M] () -- C:\Users\Tommy\AppData\Local\d3d9caps.dat [2012.02.07 14:47:28 | 000,000,615 | ---- | M] () -- C:\Users\Tommy\Desktop\BieterModul.ini [2012.02.06 21:19:41 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.02.05 14:57:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.02.04 18:37:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf [2012.02.04 18:37:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2012.02.04 18:19:40 | 000,001,927 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012.02.03 11:44:23 | 000,001,821 | ---- | M] () -- C:\Users\Tommy\Desktop\OVsol.lnk [2012.02.03 11:44:22 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\OVsol.lnk [2012.01.26 15:03:53 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Tommy\Documents\*.tmp files -> C:\Users\Tommy\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.13 21:33:58 | 4294,238,208 | -HS- | C] () -- C:\hiberfil.sys [2012.02.07 14:47:28 | 000,000,615 | ---- | C] () -- C:\Users\---\Desktop\BieterModul.ini [2012.02.05 14:57:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.02.04 18:49:05 | 000,172,544 | ---- | C] () -- C:\Windows\SysNative\drivers\WUDFRd.sys [2012.02.04 18:49:04 | 000,681,472 | ---- | C] () -- C:\Windows\SysNative\WUDFx.dll [2012.02.04 18:49:04 | 000,226,816 | ---- | C] () -- C:\Windows\SysNative\WUDFHost.exe [2012.02.04 18:49:04 | 000,182,784 | ---- | C] () -- C:\Windows\SysNative\WUDFPlatform.dll [2012.02.04 18:49:04 | 000,112,128 | ---- | C] () -- C:\Windows\SysNative\drivers\WUDFPf.sys [2012.02.04 18:49:04 | 000,075,264 | ---- | C] () -- C:\Windows\SysNative\WUDFSvc.dll [2012.02.04 18:49:04 | 000,044,544 | ---- | C] () -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.02.04 18:37:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf [2012.02.04 18:37:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2012.02.04 18:37:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf [2012.02.04 18:37:06 | 000,654,928 | ---- | C] () -- C:\Windows\SysNative\drivers\Wdf01000.sys [2012.02.04 18:37:06 | 000,042,064 | ---- | C] () -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.02.04 18:19:40 | 000,001,927 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012.02.04 18:18:19 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2012.02.03 11:44:22 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\OVsol.lnk [2012.01.12 19:10:55 | 000,000,512 | ---- | C] () -- C:\Windows\SysWow64\siqP11.dll.sig [2012.01.12 18:35:27 | 000,000,061 | ---- | C] () -- C:\Windows\SysWow64\siq0pfx.ini [2011.10.10 18:56:19 | 000,000,022 | ---- | C] () -- C:\Windows\MANOMETERconfig.ini [2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.05.26 20:17:22 | 000,184,208 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.04.04 11:38:04 | 000,009,590 | RHS- | C] () -- C:\Windows\innova3.ini [2011.02.23 17:35:52 | 001,448,202 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.04.04 09:24:03 | 000,000,760 | ---- | C] () -- C:\Users\---\AppData\Roaming\setup_ldm.iss [2010.03.14 16:18:29 | 000,023,716 | ---- | C] () -- C:\Windows\hpqins15.dat [2010.03.14 16:15:43 | 000,078,212 | ---- | C] () -- C:\Windows\hpqins05.dat [2009.09.20 16:40:22 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\cmll10sx.dll [2009.07.15 15:28:41 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\vcext.sys [2009.04.07 13:49:45 | 000,000,039 | ---- | C] () -- C:\Windows\ONLINE.INI [2009.03.25 17:29:15 | 000,004,096 | -H-- | C] () -- C:\Users\---\AppData\Local\keyfile3.drm [2009.03.18 19:25:08 | 000,000,748 | RH-- | C] () -- C:\Windows\SysWow64\ttri.dat [2009.03.10 09:26:55 | 000,012,717 | R--- | C] () -- C:\Windows\hpwscr14.dat [2009.03.10 09:25:45 | 000,206,162 | ---- | C] () -- C:\Windows\hpwins14.dat [2009.03.06 16:50:43 | 000,000,098 | ---- | C] () -- C:\Windows\odbc_merge.INI [2009.02.12 19:47:07 | 000,000,516 | ---- | C] () -- C:\Windows\ODBCINST.ini [2009.01.15 21:03:18 | 000,000,786 | ---- | C] () -- C:\Windows\wiso.ini [2009.01.14 22:04:32 | 000,000,003 | ---- | C] () -- C:\Windows\sbacknt.bin [2009.01.03 20:05:31 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll [2009.01.01 22:26:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.01.01 22:25:09 | 000,100,043 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.01.01 22:24:59 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.12.08 12:53:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2008.12.07 13:08:06 | 000,795,648 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2008.12.07 13:08:04 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2008.11.30 15:22:51 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2008.11.30 15:22:49 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2008.11.30 15:22:48 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2008.11.19 11:19:14 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\BH_DATA120VC8.dll [2008.11.14 18:17:24 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2008.11.14 18:16:02 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2008.11.14 18:14:34 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2008.11.14 18:14:22 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2008.11.10 23:07:26 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\FKStampPainter20.dll [2008.10.19 16:59:49 | 001,285,632 | ---- | C] () -- C:\Windows\SysWow64\MhCglobal10.dll [2008.10.19 16:59:49 | 000,450,560 | ---- | C] () -- C:\Windows\SysWow64\PEGRC32B.dll [2008.10.19 16:59:49 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\PEGRC32A.dll [2008.09.01 17:47:44 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2008.08.18 16:40:24 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll [2008.06.09 20:02:30 | 000,001,108 | R--- | C] () -- C:\Windows\hpwmdl14.dat [2008.04.01 15:44:09 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.03.24 11:41:31 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2008.03.24 10:10:33 | 000,000,083 | -HS- | C] () -- C:\Users\---\AppData\Roaming\.zreglib [2008.02.10 21:28:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.02.10 21:23:08 | 000,210,456 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll [2008.02.10 21:23:08 | 000,206,360 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll [2008.02.10 21:23:08 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll [2008.02.10 21:23:08 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll [2008.02.10 21:23:08 | 000,194,072 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll [2008.02.10 21:23:08 | 000,026,136 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll [2008.02.06 21:51:11 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini [2008.02.02 18:00:15 | 000,001,356 | ---- | C] () -- C:\Users\---\AppData\Local\d3d9caps.dat [2008.02.02 17:11:00 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll [2008.02.02 16:25:41 | 000,121,344 | ---- | C] () -- C:\Users\---\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.02 16:14:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.02.02 15:17:36 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll [2008.02.02 15:17:36 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe [2008.02.02 14:59:55 | 000,003,754 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2008.02.02 14:59:53 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2008.02.02 14:48:05 | 000,002,188 | ---- | C] () -- C:\Users\---\AppData\Local\d3d9caps64.dat [2007.09.04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 16:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 13:26:55 | 000,018,271 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2004.03.25 11:38:50 | 000,000,032 | ---- | C] () -- C:\Windows\RBuilder.ini [2003.02.20 14:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI [2001.12.12 13:41:36 | 000,041,472 | ---- | C] () -- C:\Windows\SysWow64\W32btstp.dll [2001.12.12 13:41:36 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\W32btxlt.dll [1998.02.09 03:00:00 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\bw32000c.dll [1998.02.09 03:00:00 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\bw320007.dll [1998.02.09 02:00:00 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\owl53v.dll [1995.05.22 03:50:00 | 000,097,072 | ---- | C] () -- C:\Windows\SysWow64\Bwcc0007.dll [1995.05.22 03:50:00 | 000,096,928 | ---- | C] () -- C:\Windows\SysWow64\Bwcc000c.dll ========== LOP Check ========== [2009.02.22 14:07:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Alnera [2009.02.24 14:30:57 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Autodesk [2008.03.30 12:05:23 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Buhl Data Service [2009.01.23 17:49:25 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\cogad [2010.05.16 19:26:00 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ComfortSoft [2008.09.13 20:19:26 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DeepBurner [2011.11.07 16:19:28 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\elsterformular [2012.01.15 17:56:47 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Foxit Software [2011.04.04 11:37:57 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\innoPlus [2009.03.18 19:23:57 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\LANGMaster [2010.04.04 09:24:09 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Leadertech [2009.02.12 21:17:40 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Lexware [2008.10.19 17:00:27 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\mh-software [2012.02.04 18:58:29 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Nokia [2012.02.04 18:58:31 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Nokia Suite [2010.09.19 10:25:27 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Notepad++ [2010.08.06 07:09:12 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OpenOffice.org [2012.02.04 19:10:26 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\PC Suite [2008.02.21 17:37:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ROUTE 66 Sync [2008.10.05 17:05:33 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\SAD [2011.11.04 20:01:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Samsung [2009.10.30 17:04:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Solarberater_DE [2011.06.30 15:36:08 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TeamViewer [2010.08.25 19:43:25 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Thunderbird [2008.09.01 17:50:26 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Tobit [2009.01.23 17:49:14 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Twain [2008.02.10 21:36:45 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Ulead Systems [2012.01.06 20:23:31 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Unity [2011.03.18 17:52:38 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\uTorrent [2009.01.14 22:13:28 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\vghd [2011.05.29 11:15:49 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\wilo.quick-select.13CA3E470454785AFB88622FD035C2B9B8F137C0.1 [2009.02.15 19:53:13 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1 [2012.02.16 20:59:59 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\kgowsytp.job [2012.02.16 19:45:48 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.02.16 18:39:05 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2BF7C0AF-D00F-48CB-BB90-A40D89FD3861}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:EB7E2581D4A0210E < End of report > |
|
16.02.2012, 22:42
| #2 |
  | Windows System ist Blockiert,BKA 50€ Virus Hi,
__________________das ist anscheinend noch was ekeliges auf dem Rechner... das wird interessant... Das nächste mal bitte das log in code tags einschließen! OTL:
 Code:
ATTFilter :OTL
O4 - HKCU..\Run: [ffdwnd] C:\Users\Tommy\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2012.02.16 20:59:59 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\kgowsytp.job
[2009.01.14 22:13:28 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\vghd
O4 - HKCU..\Run: [cogad] "C:\Users\Tommy\AppData\Roaming\cogad\cogad.exe" 61A847B5BBF72810339E3F466188719AB689201522886B092CBD44BD8689220221DD3257 File not found
:Commands
[purity]
[emptytemp]
[Reboot]
Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. chris Für mich: O30:64bit: - LSA: Authentication Packages - (C:\\Windows\\system32\\vtUopOih) - File not found O30 - LSA: Authentication Packages - (C:\\Windows\\system32\\vtUopOih) - File not found
__________________ Geändert von Chris4You (16.02.2012 um 22:55 Uhr) |
|
17.02.2012, 13:48
| #3 |
| | Windows System ist Blockiert,BKA 50€ Virus Habe alles abgearbeitet.System läuft und wird nicht mehr blockiert.
__________________Sende Log von OTL und Malwarebytes. Superarbeit. Kann euch nur tausend mal danken. Hoffe das alles bereinigt wurde. |
|
17.02.2012, 13:52
| #4 |
| | Windows System ist Blockiert,BKA 50€ Virus Hi, bitte ein neues OTL-Log, diesmal in code-Tags eingeschlossen... Achtung: Der Fix hat nicht funktioniert! Es gibt noch einen Job der unter Garantie die Viecher wieder nachzieht!: [2012.02.16 20:59:59 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\kgowsytp.job Entweder per Hand sofort löschen oder sofort log posten (bin nachher für ca. 3 h unterwegs)..... OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) Geändert von Chris4You (17.02.2012 um 14:00 Uhr) |
|
17.02.2012, 14:14
| #5 |
| | Windows System ist Blockiert,BKA 50€ Virus Hier nochmal die neue OTLextra Datei.Die OTL ist zu groß zum hochladen. |
|
17.02.2012, 14:22
| #6 |
| | Windows System ist Blockiert,BKA 50€ Virus Hi, die brauche ich aber, bitte packen/zippen und anhängen... chris
__________________ --> Windows System ist Blockiert,BKA 50€ Virus |
|
17.02.2012, 14:40
| #7 |
| | Windows System ist Blockiert,BKA 50€ Virus Hier die OTL Datei. |
|
18.02.2012, 15:13
| #8 |
| | Windows System ist Blockiert,BKA 50€ Virus Hi, Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Users\Tommy\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
Fix für OTL:
Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [ffdwnd] C:\Users\Tommy\AppData\Local\Mozilla\Firefox\firefox.exe File not found
O4 - HKCU..\Run: [Twain] C:\Users\Tommy\AppData\Roaming\Twain\Twain.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O30:64bit: - LSA: Authentication Packages - (C:\\Windows\\system32\\vtUopOih) - File not found
O30 - LSA: Authentication Packages - (C:\\Windows\\system32\\vtUopOih) - File not found
[2012.02.17 14:00:01 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\kgowsytp.job
@Alternate Data Stream - 24 bytes -> C:\Windows:EB7E2581D4A0210E
@Alternate Data Stream - 152 bytes -> C:\Users\Tommy\Documents\Meisterbrief.JPG:3or4kl4x13tuuug3Byamue2s4b
MOD - C:\Users\Tommy\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll ()
:Commands
[emptytemp]
[Reboot]
Superantispyware (SASW): http://www.trojaner-board.de/51871-a...tispyware.html chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu Windows System ist Blockiert,BKA 50€ Virus |
| .com, 0x00000001, ad-aware, adobe, alternate, askbar, avira, bho, blockiert, bonjour, cs3, defender, desktop, device driver, error, excel, firefox, format, google earth, logfile, microsoft office 2003, mozilla, mozilla thunderbird, netgear, plug-in, registry, scan, server, svchost.exe, system, version=1.0, virus, vista, windows |
Linear-Darstellung
