Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus - Betreibssystem blockiert, 50 Euro zahlen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 03.03.2012, 10:07   #1
acebolln
 
Virus - Betreibssystem blockiert, 50  Euro zahlen - Standard

Virus - Betreibssystem blockiert, 50 Euro zahlen



Sehr geehrtes Trojaner Board,

nach ein wenig Googlen und suchen hier im Forum, habe ich herausgefunden, dass dieses Problem anscheinend sowohl bekannt als auch verbreitet ist (Falls man das überhaupt zu Viren etc sagen kann )

Könnt ihr mir bitte helfen?

Wäre super, danke....

Gruß,
Christian

Hier der OTL.TXT

OTL:
OTL logfile created on: 3/3/2012 9:31:57 AM - Run 1
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\ace-dajana\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.91 Gb Total Physical Memory | 3.32 Gb Available Physical Memory | 84.86% Memory free
7.82 Gb Paging File | 7.24 Gb Available in Paging File | 92.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657.54 Gb Total Space | 450.42 Gb Free Space | 68.50% Space Free | Partition Type: NTFS
Drive D: | 37.99 Gb Total Space | 8.16 Gb Free Space | 21.49% Space Free | Partition Type: NTFS

Computer Name: ACE-DAJANA-PC | User Name: ace-dajana | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/03 08:32:08 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\ace-dajana\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/07/20 23:02:45 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/11/15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/08/31 18:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/27 07:44:01 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/27 07:44:01 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/07/20 22:50:29 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/15 00:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/03/24 14:47:04 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/03/24 14:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/03/24 14:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/03/15 17:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/24 19:40:20 | 008,591,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/25 20:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/01/24 10:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 00:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/09/16 08:08:50 | 001,077,416 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod77-64.sys -- (mod7764)
DRV:64bit: - [2010/09/03 13:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/06/25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/04/22 02:06:42 | 000,399,936 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2_usb.sys -- (NUMARK_OMNICONTROL)
DRV:64bit: - [2010/04/22 02:06:40 | 000,050,240 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2_wdm.sys -- (NUMARK_OMNICONTROL_WDM)
DRV:64bit: - [2010/04/22 02:06:38 | 000,031,296 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2midi.sys -- (NUMARK_OMNICONTROL_MIDI)
DRV:64bit: - [2009/11/01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 17:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/06/29 17:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 20:47:44 | 000,032,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF)
DRV:64bit: - [2009/05/13 20:26:14 | 000,015,896 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10hid.sys -- (X10Hid)
DRV:64bit: - [2009/04/09 12:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {7B61669A-BD41-4028-97CE-5436F1821D34}
IE - HKCU\..\SearchScopes\{7B61669A-BD41-4028-97CE-5436F1821D34}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.100
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/03 18:06:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/14 19:05:47 | 000,000,000 | ---D | M]

[2011/07/20 21:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ace-dajana\AppData\Roaming\mozilla\Extensions
[2012/02/28 22:58:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ace-dajana\AppData\Roaming\mozilla\Firefox\Profiles\j0loksl1.default\extensions
[2011/12/29 13:58:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ace-dajana\AppData\Roaming\mozilla\Firefox\Profiles\j0loksl1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/20 20:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ace-dajana\AppData\Roaming\mozilla\Firefox\Profiles\j0loksl1.default\extensions\nostmp
[2012/02/16 14:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/05 14:47:47 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
() (No name found) -- C:\USERS\ACE-DAJANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J0LOKSL1.DEFAULT\EXTENSIONS\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.XPI
() (No name found) -- C:\USERS\ACE-DAJANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J0LOKSL1.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2012/02/21 15:06:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/08 18:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/08 18:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/08 18:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/08 18:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/08 18:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/08 18:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll File not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s File not found
O4:64bit: - HKLM..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
O4 - HKLM..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min File not found
O4 - HKLM..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" File not found
O4 - HKLM..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart File not found
O4 - HKLM..\Run: [HotkeyApp] "C:\Program Files (x86)\Launch Manager\HotkeyApp.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] "C:\Program Files (x86)\Launch Manager\OSD.exe" File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Wbutton] "C:\Program Files (x86)\Launch Manager\Wbutton.exe" File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found
O4 - HKCU..\Run: [SkypeM] C:\Users\ace-dajana\AppData\Local\Skype\Skype.exe (Unizeto Sp. z o.o.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll File not found
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll File not found
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C98CD9E-06C7-4B36-AC4B-6E3E3B0E020D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86DD59FC-FF24-4A07-9C3E-C46AC9E7255C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL File not found
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{30bbd6cb-022a-11e1-9ba9-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{30bbd6cb-022a-11e1-9ba9-001e101f63cf}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{30bbd6da-022a-11e1-9ba9-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{30bbd6da-022a-11e1-9ba9-001e101f63cf}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{370d8c3d-0088-11e1-b156-00262dc6ff00}\Shell - "" = AutoRun
O33 - MountPoints2\{370d8c3d-0088-11e1-b156-00262dc6ff00}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{370d8c46-0088-11e1-b156-00262dc6ff00}\Shell - "" = AutoRun
O33 - MountPoints2\{370d8c46-0088-11e1-b156-00262dc6ff00}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f61bac3d-02fc-11e1-b8ed-00262dc6ff00}\Shell - "" = AutoRun
O33 - MountPoints2\{f61bac3d-02fc-11e1-b8ed-00262dc6ff00}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP


MsConfig:64bit - StartUpFolder: C:^Users^ace-dajana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Versandhelfer.lnk - - File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: HTC Sync Loader - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - File not found
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/03/03 18:17:58 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/03/03 08:32:06 | 000,585,216 | ---- | C] (OldTimer Tools) -- C:\Users\ace-dajana\Desktop\OTL.exe
[2012/03/02 09:06:08 | 000,000,000 | ---D | C] -- C:\InstantOnOS
[2012/03/02 08:07:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/29 17:35:37 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Desktop\Controlling mit Excel
[2012/02/29 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Desktop\Braunhart E&F
[2012/02/26 22:32:03 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Local\Zattoo
[2012/02/26 22:30:14 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012/02/26 22:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012/02/26 22:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zattoo4
[2012/02/26 21:47:27 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Roaming\JLC's Software
[2012/02/26 21:47:20 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JLC's Software
[2012/02/26 21:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JLC's Software
[2012/02/26 21:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JLC's Software
[2012/02/26 21:25:50 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Documents\Podcast Studio
[2012/02/26 21:25:19 | 000,962,560 | ---- | C] (East Wind Software) -- C:\Windows\SysWow64\advdaudio.ocx
[2012/02/26 21:25:19 | 000,634,880 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioEditor2.dll
[2012/02/26 21:25:19 | 000,522,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioTransform2.dll
[2012/02/26 21:25:19 | 000,467,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioRecord2.dll
[2012/02/26 21:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design
[2012/02/26 21:25:18 | 000,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioInformation2.dll
[2012/02/26 21:25:18 | 000,877,568 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTAudioFile2.dll
[2012/02/26 21:25:18 | 000,467,456 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioPlayer2.dll
[2012/02/26 21:25:17 | 000,413,696 | ---- | C] (Gabest) -- C:\Windows\SysWow64\flvsplitter.ax
[2012/02/26 21:25:17 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Documents\onlineTV 6
[2012/02/26 21:25:17 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Roaming\concept design
[2012/02/22 14:50:48 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Local\SKIDROW
[2012/02/22 14:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012/02/22 14:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2012/02/13 11:02:21 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Desktop\Soca Alben
[2012/02/13 11:01:55 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Desktop\Soca+Znouk+Calypso Alben
[2012/02/13 10:57:53 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Desktop\Riddims check
[2012/02/12 22:18:26 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2012/02/12 22:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2012/02/09 20:23:35 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Desktop\Naturbilder
[2012/02/07 22:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker
[2012/02/07 18:03:18 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Documents\Meine empfangenen Dateien
[2012/02/07 17:31:33 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Desktop\Telekom Unterlagen
[2012/02/03 20:53:43 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Documents\888poker
[2012/02/03 20:53:43 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker
[2012/02/03 20:53:22 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Roaming\PacificPoker
[2012/02/03 20:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PacificPoker
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/03 09:26:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/03 09:26:57 | 3148,091,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/03 09:25:48 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 09:25:48 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 08:32:08 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\ace-dajana\Desktop\OTL.exe
[2012/03/02 08:11:35 | 087,227,952 | ---- | M] () -- C:\Users\ace-dajana\Desktop\avira_free_antivirus_898de.exe
[2012/03/01 20:51:06 | 000,537,331 | ---- | M] () -- C:\Users\ace-dajana\Desktop\E&F_Gruppenarbeit_dt. Bankenlandschaft_WS 2011-12.pdf
[2012/03/01 17:48:41 | 001,761,096 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/01 17:48:41 | 000,754,068 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/03/01 17:48:41 | 000,699,084 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/01 17:48:41 | 000,172,008 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/03/01 17:48:41 | 000,138,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/29 20:48:44 | 000,017,408 | ---- | M] () -- C:\Users\ace-dajana\AppData\Local\WebpageIcons.db
[2012/02/29 19:53:06 | 000,667,881 | ---- | M] () -- C:\Users\ace-dajana\Desktop\Postbank.pdf
[2012/02/29 10:01:18 | 178,097,074 | ---- | M] () -- C:\Users\ace-dajana\Desktop\Richie Stephens feat. Gentleman - Warrior (OFFICIAL MUSIC VI.mp4
[2012/02/27 09:43:35 | 058,654,584 | ---- | M] () -- C:\Users\ace-dajana\Desktop\Dancehall Mix 1_2012.mp3
[2012/02/26 22:30:15 | 000,001,872 | ---- | M] () -- C:\Users\ace-dajana\Desktop\Zattoo.lnk
[2012/02/26 21:51:05 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/02/22 18:32:54 | 000,181,736 | ---- | M] () -- C:\Users\ace-dajana\Desktop\C_Bolln_SchadenOnlineMeldung_SON-12-004929.pdf
[2012/02/22 18:25:56 | 000,653,399 | ---- | M] () -- C:\Users\ace-dajana\Desktop\SchadenOnlineMeldung_SON-12-005121.pdf
[2012/02/22 14:53:01 | 000,012,926 | ---- | M] () -- C:\Users\ace-dajana\Desktop\Saints Row 3.lnk
[2012/02/22 08:10:16 | 000,161,508 | ---- | M] () -- C:\Users\ace-dajana\Desktop\2SchadenOnlineMeldung_SON-12-004929.pdf
[2012/02/22 07:57:24 | 000,269,384 | ---- | M] () -- C:\Users\ace-dajana\Desktop\barclaycard.pdf
[2012/02/21 12:59:40 | 000,653,804 | ---- | M] () -- C:\Users\ace-dajana\Desktop\SchadenOnlineMeldung_SON-12-004929.pdf
[2012/02/20 10:01:27 | 000,183,112 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/16 14:29:15 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/16 03:35:43 | 000,511,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/12 22:18:27 | 000,000,973 | ---- | M] () -- C:\Users\ace-dajana\Desktop\VirtualDJ PRO Full.lnk
[2012/02/11 21:07:20 | 000,413,696 | ---- | M] (Gabest) -- C:\Windows\SysWow64\flvsplitter.ax
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/02 08:15:01 | 087,227,952 | ---- | C] () -- C:\Users\ace-dajana\Desktop\avira_free_antivirus_898de.exe
[2012/03/02 08:07:32 | 3148,091,392 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/01 21:49:43 | 001,536,258 | ---- | C] () -- C:\Users\ace-dajana\Desktop\IMG_1918.JPG
[2012/03/01 20:51:05 | 000,537,331 | ---- | C] () -- C:\Users\ace-dajana\Desktop\E&F_Gruppenarbeit_dt. Bankenlandschaft_WS 2011-12.pdf
[2012/02/29 19:53:06 | 000,667,881 | ---- | C] () -- C:\Users\ace-dajana\Desktop\Postbank.pdf
[2012/02/29 09:59:30 | 178,097,074 | ---- | C] () -- C:\Users\ace-dajana\Desktop\Richie Stephens feat. Gentleman - Warrior (OFFICIAL MUSIC VI.mp4
[2012/02/27 09:39:59 | 058,654,584 | ---- | C] () -- C:\Users\ace-dajana\Desktop\Dancehall Mix 1_2012.mp3
[2012/02/26 22:32:03 | 000,017,408 | ---- | C] () -- C:\Users\ace-dajana\AppData\Local\WebpageIcons.db
[2012/02/26 22:30:15 | 000,001,872 | ---- | C] () -- C:\Users\ace-dajana\Desktop\Zattoo.lnk
[2012/02/26 21:51:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/02/26 21:25:19 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2012/02/26 21:25:19 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2012/02/26 21:25:18 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012/02/22 18:32:48 | 000,181,736 | ---- | C] () -- C:\Users\ace-dajana\Desktop\C_Bolln_SchadenOnlineMeldung_SON-12-004929.pdf
[2012/02/22 18:25:56 | 000,653,399 | ---- | C] () -- C:\Users\ace-dajana\Desktop\SchadenOnlineMeldung_SON-12-005121.pdf
[2012/02/22 14:53:01 | 000,012,926 | ---- | C] () -- C:\Users\ace-dajana\Desktop\Saints Row 3.lnk
[2012/02/22 08:10:13 | 000,161,508 | ---- | C] () -- C:\Users\ace-dajana\Desktop\2SchadenOnlineMeldung_SON-12-004929.pdf
[2012/02/22 07:57:19 | 000,269,384 | ---- | C] () -- C:\Users\ace-dajana\Desktop\barclaycard.pdf
[2012/02/21 12:59:39 | 000,653,804 | ---- | C] () -- C:\Users\ace-dajana\Desktop\SchadenOnlineMeldung_SON-12-004929.pdf
[2012/02/16 14:29:15 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/12 22:18:27 | 000,000,973 | ---- | C] () -- C:\Users\ace-dajana\Desktop\VirtualDJ PRO Full.lnk
[2011/12/13 21:26:19 | 000,007,607 | ---- | C] () -- C:\Users\ace-dajana\AppData\Local\Resmon.ResmonCfg
[2011/11/16 00:08:51 | 000,000,120 | ---- | C] () -- C:\Users\ace-dajana\AppData\Roaming\default.pls
[2011/11/13 19:46:52 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\GkSui20.EXE
[2011/10/28 15:18:47 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/08/31 18:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/31 18:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/31 18:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/07/21 15:54:32 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/21 15:53:14 | 001,738,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/20 23:02:46 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/07/20 23:02:39 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/20 22:42:21 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/04/24 12:57:25 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2011/04/24 12:57:24 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2011/04/24 12:35:41 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/24 12:35:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2011/12/11 17:06:34 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\ASCOMP Software
[2012/01/06 21:43:16 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\Ashampoo
[2012/01/09 08:58:27 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012/01/09 08:56:43 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\Command and Conquer 3 Kanes Wrath
[2012/03/03 18:06:07 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\concept design
[2011/12/11 17:11:41 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\DAEMON Tools Lite
[2011/07/30 11:58:48 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1
[2011/07/29 13:37:40 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\HTC
[2011/07/29 13:41:18 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/02/26 21:47:27 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\JLC's Software
[2011/07/20 22:59:59 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\Leadertech
[2012/03/03 18:06:05 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\Mp3tag
[2011/12/08 07:07:28 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\Notepad++
[2012/03/03 18:06:02 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\PacificPoker
[2011/10/30 16:26:01 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\pdfforge
[2012/03/03 09:25:43 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\uTorrent
[2011/10/29 11:12:35 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\Vodafone
[2011/11/23 17:38:17 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2012/03/02 08:07:47 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/03/03 18:17:58 | 000,000,000 | -HSD | M] -- C:\found.000
[2012/03/02 09:06:08 | 000,000,000 | ---D | M] -- C:\InstantOnOS
[2012/03/03 18:06:12 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/02/20 15:11:37 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/07/20 20:04:56 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/03/03 09:29:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/07/21 17:09:51 | 000,000,000 | R--D | M] -- C:\Users
[2012/03/03 09:26:57 | 000,000,000 | ---D | M] -- C:\Windows
[2012/01/02 15:30:03 | 000,000,000 | ---D | M] -- C:\Wirtschaftinformatik

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: IASTOR.SYS >
[2010/11/06 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/11/06 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: USER32.DLL >
[2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %USERPROFILE%\*.* >
[2012/01/06 21:44:23 | 000,001,024 | ---- | M] () -- C:\Users\ace-dajana\.rnd
[2012/03/03 09:38:57 | 008,388,608 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat
[2012/03/03 09:38:57 | 000,262,144 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat.LOG1
[2011/07/20 20:14:57 | 000,000,000 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat.LOG2
[2011/07/20 22:34:37 | 000,065,536 | -HS- | M] () -- C:\Users\ace-dajana\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/07/20 22:34:37 | 000,524,288 | -HS- | M] () -- C:\Users\ace-dajana\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/07/20 22:34:37 | 000,524,288 | -HS- | M] () -- C:\Users\ace-dajana\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/11/07 11:24:40 | 000,065,536 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat{cbbf8a73-085a-11e1-91e0-00262dc6ff00}.TM.blf
[2011/11/07 11:24:40 | 000,524,288 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat{cbbf8a73-085a-11e1-91e0-00262dc6ff00}.TMContainer00000000000000000001.regtrans-ms
[2011/11/07 11:24:40 | 000,524,288 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat{cbbf8a73-085a-11e1-91e0-00262dc6ff00}.TMContainer00000000000000000002.regtrans-ms
[2012/02/07 22:45:48 | 000,065,536 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat{cec7beb5-51cd-11e1-bce0-bc773720b9cf}.TM.blf
[2012/02/07 22:45:48 | 000,524,288 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat{cec7beb5-51cd-11e1-bce0-bc773720b9cf}.TMContainer00000000000000000001.regtrans-ms
[2012/02/07 22:45:48 | 000,524,288 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat{cec7beb5-51cd-11e1-bce0-bc773720b9cf}.TMContainer00000000000000000002.regtrans-ms
[2011/07/20 20:14:57 | 000,000,020 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.ini

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >



Danke schonmal für eure Hilfe...

 

Themen zu Virus - Betreibssystem blockiert, 50 Euro zahlen
50 euro, antivir, antivirus, avira, betriebssystem blockiert bundeskriminalamt trojaner 50euro, bho, blockiert, document, error, euro, firefox, google, gruppe, helper, home, launch, logfile, nvstor.sys, plug-in, problem, realtek, registry, required, rundll, scan, searchscopes, security, senden, software, super, trojaner, trojaner board, usb 3.0, viren, virus, windows




Ähnliche Themen: Virus - Betreibssystem blockiert, 50 Euro zahlen


  1. Aus Sicherheitsgründen wurde ihr Windows System blockiert: 50 Euro zahlen
    Log-Analyse und Auswertung - 21.04.2012 (11)
  2. windows blockiert 50 euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (7)
  3. Windows blockiert 50 Euro zahlen.
    Mülltonne - 04.04.2012 (0)
  4. Windows blockiert 50 Euro zahlen
    Log-Analyse und Auswertung - 20.03.2012 (1)
  5. (2x) Virus - Betreibssystem blockiert, 50 Euro zahlen
    Mülltonne - 03.03.2012 (2)
  6. Windows Blockiert 50 Euro Zahlen !
    Log-Analyse und Auswertung - 01.03.2012 (1)
  7. System aus Sicherheitsgründen blockiert - 50 Euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 19.02.2012 (14)
  8. Windows Systemblock 50 Euro zahlen + BKA Virus 100 Euro zahlen
    Log-Analyse und Auswertung - 29.01.2012 (1)
  9. Windows blockiert 50 Euro zahlen
    Log-Analyse und Auswertung - 12.01.2012 (1)
  10. Windows blockiert jetzt 50 Euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (5)
  11. Windows blockiert aus Sicherheitsgründen - 50 Euro zahlen
    Log-Analyse und Auswertung - 03.01.2012 (2)
  12. Windows blockiert aus Sicherheitsgründen - 50 Euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 02.01.2012 (40)
  13. Windows blockiert, 50 Euro zahlen
    Log-Analyse und Auswertung - 29.12.2011 (14)
  14. 50 euro zahlen - windows blockiert
    Log-Analyse und Auswertung - 21.12.2011 (3)
  15. Mal wieder: Windows blockiert aus Sicherheitsgründen - 50 Euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 20.12.2011 (8)
  16. Windows blockiert 50 euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (5)
  17. Windows blockiert 50 euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 03.12.2011 (26)

Zum Thema Virus - Betreibssystem blockiert, 50 Euro zahlen - Sehr geehrtes Trojaner Board, nach ein wenig Googlen und suchen hier im Forum, habe ich herausgefunden, dass dieses Problem anscheinend sowohl bekannt als auch verbreitet ist (Falls man das überhaupt - Virus - Betreibssystem blockiert, 50 Euro zahlen...
Archiv
Du betrachtest: Virus - Betreibssystem blockiert, 50 Euro zahlen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.