Virus - Betreibssystem blockiert, 50 Euro zahlen

acebolln · 03.03.2012, 10:07

Sehr geehrtes Trojaner Board,

nach ein wenig Googlen und suchen hier im Forum, habe ich herausgefunden, dass dieses Problem anscheinend sowohl bekannt als auch verbreitet ist (Falls man das überhaupt zu Viren etc sagen kann )

Könnt ihr mir bitte helfen?

Wäre super, danke....

Gruß,
Christian

Hier der OTL.TXT

OTL:
OTL logfile created on: 3/3/2012 9:31:57 AM - Run 1
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\ace-dajana\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.91 Gb Total Physical Memory | 3.32 Gb Available Physical Memory | 84.86% Memory free
7.82 Gb Paging File | 7.24 Gb Available in Paging File | 92.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657.54 Gb Total Space | 450.42 Gb Free Space | 68.50% Space Free | Partition Type: NTFS
Drive D: | 37.99 Gb Total Space | 8.16 Gb Free Space | 21.49% Space Free | Partition Type: NTFS

Computer Name: ACE-DAJANA-PC | User Name: ace-dajana | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/03 08:32:08 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\ace-dajana\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2011/07/20 23:02:45 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/11/15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/08/31 18:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/27 07:44:01 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/27 07:44:01 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/07/20 22:50:29 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/15 00:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/03/24 14:47:04 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/03/24 14:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/03/24 14:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/03/15 17:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/24 19:40:20 | 008,591,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/25 20:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/01/24 10:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 00:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/09/16 08:08:50 | 001,077,416 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod77-64.sys -- (mod7764)
DRV:64bit: - [2010/09/03 13:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/06/25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/04/22 02:06:42 | 000,399,936 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2_usb.sys -- (NUMARK_OMNICONTROL)
DRV:64bit: - [2010/04/22 02:06:40 | 000,050,240 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2_wdm.sys -- (NUMARK_OMNICONTROL_WDM)
DRV:64bit: - [2010/04/22 02:06:38 | 000,031,296 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2midi.sys -- (NUMARK_OMNICONTROL_MIDI)
DRV:64bit: - [2009/11/01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 17:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/06/29 17:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 20:47:44 | 000,032,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF)
DRV:64bit: - [2009/05/13 20:26:14 | 000,015,896 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10hid.sys -- (X10Hid)
DRV:64bit: - [2009/04/09 12:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {7B61669A-BD41-4028-97CE-5436F1821D34}
IE - HKCU\..\SearchScopes\{7B61669A-BD41-4028-97CE-5436F1821D34}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.100
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/03 18:06:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/14 19:05:47 | 000,000,000 | ---D | M]

[2011/07/20 21:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ace-dajana\AppData\Roaming\mozilla\Extensions
[2012/02/28 22:58:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ace-dajana\AppData\Roaming\mozilla\Firefox\Profiles\j0loksl1.default\extensions
[2011/12/29 13:58:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ace-dajana\AppData\Roaming\mozilla\Firefox\Profiles\j0loksl1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/20 20:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ace-dajana\AppData\Roaming\mozilla\Firefox\Profiles\j0loksl1.default\extensions\nostmp
[2012/02/16 14:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/05 14:47:47 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
() (No name found) -- C:\USERS\ACE-DAJANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J0LOKSL1.DEFAULT\EXTENSIONS\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.XPI
() (No name found) -- C:\USERS\ACE-DAJANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J0LOKSL1.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2012/02/21 15:06:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/08 18:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/08 18:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/08 18:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/08 18:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/08 18:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/08 18:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll File not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s File not found
O4:64bit: - HKLM..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
O4 - HKLM..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min File not found
O4 - HKLM..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" File not found
O4 - HKLM..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart File not found
O4 - HKLM..\Run: [HotkeyApp] "C:\Program Files (x86)\Launch Manager\HotkeyApp.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] "C:\Program Files (x86)\Launch Manager\OSD.exe" File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Wbutton] "C:\Program Files (x86)\Launch Manager\Wbutton.exe" File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found
O4 - HKCU..\Run: [SkypeM] C:\Users\ace-dajana\AppData\Local\Skype\Skype.exe (Unizeto Sp. z o.o.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll File not found
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll File not found
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C98CD9E-06C7-4B36-AC4B-6E3E3B0E020D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86DD59FC-FF24-4A07-9C3E-C46AC9E7255C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL File not found
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{30bbd6cb-022a-11e1-9ba9-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{30bbd6cb-022a-11e1-9ba9-001e101f63cf}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{30bbd6da-022a-11e1-9ba9-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{30bbd6da-022a-11e1-9ba9-001e101f63cf}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{370d8c3d-0088-11e1-b156-00262dc6ff00}\Shell - "" = AutoRun
O33 - MountPoints2\{370d8c3d-0088-11e1-b156-00262dc6ff00}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{370d8c46-0088-11e1-b156-00262dc6ff00}\Shell - "" = AutoRun
O33 - MountPoints2\{370d8c46-0088-11e1-b156-00262dc6ff00}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f61bac3d-02fc-11e1-b8ed-00262dc6ff00}\Shell - "" = AutoRun
O33 - MountPoints2\{f61bac3d-02fc-11e1-b8ed-00262dc6ff00}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

MsConfig:64bit - StartUpFolder: C:^Users^ace-dajana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Versandhelfer.lnk - - File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: HTC Sync Loader - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - File not found
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/03/03 18:17:58 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/03/03 08:32:06 | 000,585,216 | ---- | C] (OldTimer Tools) -- C:\Users\ace-dajana\Desktop\OTL.exe
[2012/03/02 09:06:08 | 000,000,000 | ---D | C] -- C:\InstantOnOS
[2012/03/02 08:07:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/29 17:35:37 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Desktop\Controlling mit Excel
[2012/02/29 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Desktop\Braunhart E&F
[2012/02/26 22:32:03 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Local\Zattoo
[2012/02/26 22:30:14 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012/02/26 22:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012/02/26 22:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zattoo4
[2012/02/26 21:47:27 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Roaming\JLC's Software
[2012/02/26 21:47:20 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JLC's Software
[2012/02/26 21:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JLC's Software
[2012/02/26 21:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JLC's Software
[2012/02/26 21:25:50 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Documents\Podcast Studio
[2012/02/26 21:25:19 | 000,962,560 | ---- | C] (East Wind Software) -- C:\Windows\SysWow64\advdaudio.ocx
[2012/02/26 21:25:19 | 000,634,880 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioEditor2.dll
[2012/02/26 21:25:19 | 000,522,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioTransform2.dll
[2012/02/26 21:25:19 | 000,467,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioRecord2.dll
[2012/02/26 21:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design
[2012/02/26 21:25:18 | 000,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioInformation2.dll
[2012/02/26 21:25:18 | 000,877,568 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTAudioFile2.dll
[2012/02/26 21:25:18 | 000,467,456 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioPlayer2.dll
[2012/02/26 21:25:17 | 000,413,696 | ---- | C] (Gabest) -- C:\Windows\SysWow64\flvsplitter.ax
[2012/02/26 21:25:17 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Documents\onlineTV 6
[2012/02/26 21:25:17 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Roaming\concept design
[2012/02/22 14:50:48 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Local\SKIDROW
[2012/02/22 14:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012/02/22 14:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2012/02/13 11:02:21 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Desktop\Soca Alben
[2012/02/13 11:01:55 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Desktop\Soca+Znouk+Calypso Alben
[2012/02/13 10:57:53 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Desktop\Riddims check
[2012/02/12 22:18:26 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2012/02/12 22:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2012/02/09 20:23:35 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Desktop\Naturbilder
[2012/02/07 22:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker
[2012/02/07 18:03:18 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Documents\Meine empfangenen Dateien
[2012/02/07 17:31:33 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Desktop\Telekom Unterlagen
[2012/02/03 20:53:43 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\Documents\888poker
[2012/02/03 20:53:43 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker
[2012/02/03 20:53:22 | 000,000,000 | ---D | C] -- C:\Users\ace-dajana\AppData\Roaming\PacificPoker
[2012/02/03 20:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PacificPoker
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/03 09:26:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/03 09:26:57 | 3148,091,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/03 09:25:48 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 09:25:48 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 08:32:08 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\ace-dajana\Desktop\OTL.exe
[2012/03/02 08:11:35 | 087,227,952 | ---- | M] () -- C:\Users\ace-dajana\Desktop\avira_free_antivirus_898de.exe
[2012/03/01 20:51:06 | 000,537,331 | ---- | M] () -- C:\Users\ace-dajana\Desktop\E&F_Gruppenarbeit_dt. Bankenlandschaft_WS 2011-12.pdf
[2012/03/01 17:48:41 | 001,761,096 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/01 17:48:41 | 000,754,068 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/03/01 17:48:41 | 000,699,084 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/01 17:48:41 | 000,172,008 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/03/01 17:48:41 | 000,138,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/29 20:48:44 | 000,017,408 | ---- | M] () -- C:\Users\ace-dajana\AppData\Local\WebpageIcons.db
[2012/02/29 19:53:06 | 000,667,881 | ---- | M] () -- C:\Users\ace-dajana\Desktop\Postbank.pdf
[2012/02/29 10:01:18 | 178,097,074 | ---- | M] () -- C:\Users\ace-dajana\Desktop\Richie Stephens feat. Gentleman - Warrior (OFFICIAL MUSIC VI.mp4
[2012/02/27 09:43:35 | 058,654,584 | ---- | M] () -- C:\Users\ace-dajana\Desktop\Dancehall Mix 1_2012.mp3
[2012/02/26 22:30:15 | 000,001,872 | ---- | M] () -- C:\Users\ace-dajana\Desktop\Zattoo.lnk
[2012/02/26 21:51:05 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/02/22 18:32:54 | 000,181,736 | ---- | M] () -- C:\Users\ace-dajana\Desktop\C_Bolln_SchadenOnlineMeldung_SON-12-004929.pdf
[2012/02/22 18:25:56 | 000,653,399 | ---- | M] () -- C:\Users\ace-dajana\Desktop\SchadenOnlineMeldung_SON-12-005121.pdf
[2012/02/22 14:53:01 | 000,012,926 | ---- | M] () -- C:\Users\ace-dajana\Desktop\Saints Row 3.lnk
[2012/02/22 08:10:16 | 000,161,508 | ---- | M] () -- C:\Users\ace-dajana\Desktop\2SchadenOnlineMeldung_SON-12-004929.pdf
[2012/02/22 07:57:24 | 000,269,384 | ---- | M] () -- C:\Users\ace-dajana\Desktop\barclaycard.pdf
[2012/02/21 12:59:40 | 000,653,804 | ---- | M] () -- C:\Users\ace-dajana\Desktop\SchadenOnlineMeldung_SON-12-004929.pdf
[2012/02/20 10:01:27 | 000,183,112 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/16 14:29:15 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/16 03:35:43 | 000,511,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/12 22:18:27 | 000,000,973 | ---- | M] () -- C:\Users\ace-dajana\Desktop\VirtualDJ PRO Full.lnk
[2012/02/11 21:07:20 | 000,413,696 | ---- | M] (Gabest) -- C:\Windows\SysWow64\flvsplitter.ax
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/02 08:15:01 | 087,227,952 | ---- | C] () -- C:\Users\ace-dajana\Desktop\avira_free_antivirus_898de.exe
[2012/03/02 08:07:32 | 3148,091,392 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/01 21:49:43 | 001,536,258 | ---- | C] () -- C:\Users\ace-dajana\Desktop\IMG_1918.JPG
[2012/03/01 20:51:05 | 000,537,331 | ---- | C] () -- C:\Users\ace-dajana\Desktop\E&F_Gruppenarbeit_dt. Bankenlandschaft_WS 2011-12.pdf
[2012/02/29 19:53:06 | 000,667,881 | ---- | C] () -- C:\Users\ace-dajana\Desktop\Postbank.pdf
[2012/02/29 09:59:30 | 178,097,074 | ---- | C] () -- C:\Users\ace-dajana\Desktop\Richie Stephens feat. Gentleman - Warrior (OFFICIAL MUSIC VI.mp4
[2012/02/27 09:39:59 | 058,654,584 | ---- | C] () -- C:\Users\ace-dajana\Desktop\Dancehall Mix 1_2012.mp3
[2012/02/26 22:32:03 | 000,017,408 | ---- | C] () -- C:\Users\ace-dajana\AppData\Local\WebpageIcons.db
[2012/02/26 22:30:15 | 000,001,872 | ---- | C] () -- C:\Users\ace-dajana\Desktop\Zattoo.lnk
[2012/02/26 21:51:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/02/26 21:25:19 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2012/02/26 21:25:19 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2012/02/26 21:25:18 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012/02/22 18:32:48 | 000,181,736 | ---- | C] () -- C:\Users\ace-dajana\Desktop\C_Bolln_SchadenOnlineMeldung_SON-12-004929.pdf
[2012/02/22 18:25:56 | 000,653,399 | ---- | C] () -- C:\Users\ace-dajana\Desktop\SchadenOnlineMeldung_SON-12-005121.pdf
[2012/02/22 14:53:01 | 000,012,926 | ---- | C] () -- C:\Users\ace-dajana\Desktop\Saints Row 3.lnk
[2012/02/22 08:10:13 | 000,161,508 | ---- | C] () -- C:\Users\ace-dajana\Desktop\2SchadenOnlineMeldung_SON-12-004929.pdf
[2012/02/22 07:57:19 | 000,269,384 | ---- | C] () -- C:\Users\ace-dajana\Desktop\barclaycard.pdf
[2012/02/21 12:59:39 | 000,653,804 | ---- | C] () -- C:\Users\ace-dajana\Desktop\SchadenOnlineMeldung_SON-12-004929.pdf
[2012/02/16 14:29:15 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/12 22:18:27 | 000,000,973 | ---- | C] () -- C:\Users\ace-dajana\Desktop\VirtualDJ PRO Full.lnk
[2011/12/13 21:26:19 | 000,007,607 | ---- | C] () -- C:\Users\ace-dajana\AppData\Local\Resmon.ResmonCfg
[2011/11/16 00:08:51 | 000,000,120 | ---- | C] () -- C:\Users\ace-dajana\AppData\Roaming\default.pls
[2011/11/13 19:46:52 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\GkSui20.EXE
[2011/10/28 15:18:47 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/08/31 18:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/31 18:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/31 18:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/07/21 15:54:32 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/21 15:53:14 | 001,738,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/20 23:02:46 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/07/20 23:02:39 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/20 22:42:21 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/04/24 12:57:25 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2011/04/24 12:57:24 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2011/04/24 12:35:41 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/24 12:35:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2011/12/11 17:06:34 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\ASCOMP Software
[2012/01/06 21:43:16 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\Ashampoo
[2012/01/09 08:58:27 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012/01/09 08:56:43 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\Command and Conquer 3 Kanes Wrath
[2012/03/03 18:06:07 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\concept design
[2011/12/11 17:11:41 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\DAEMON Tools Lite
[2011/07/30 11:58:48 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1
[2011/07/29 13:37:40 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\HTC
[2011/07/29 13:41:18 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/02/26 21:47:27 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\JLC's Software
[2011/07/20 22:59:59 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\Leadertech
[2012/03/03 18:06:05 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\Mp3tag
[2011/12/08 07:07:28 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\Notepad++
[2012/03/03 18:06:02 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\PacificPoker
[2011/10/30 16:26:01 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\pdfforge
[2012/03/03 09:25:43 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\uTorrent
[2011/10/29 11:12:35 | 000,000,000 | ---D | M] -- C:\Users\ace-dajana\AppData\Roaming\Vodafone
[2011/11/23 17:38:17 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/03/02 08:07:47 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/03/03 18:17:58 | 000,000,000 | -HSD | M] -- C:\found.000
[2012/03/02 09:06:08 | 000,000,000 | ---D | M] -- C:\InstantOnOS
[2012/03/03 18:06:12 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/02/20 15:11:37 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/07/20 20:04:56 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/03/03 09:29:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/07/21 17:09:51 | 000,000,000 | R--D | M] -- C:\Users
[2012/03/03 09:26:57 | 000,000,000 | ---D | M] -- C:\Windows
[2012/01/02 15:30:03 | 000,000,000 | ---D | M] -- C:\Wirtschaftinformatik

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: IASTOR.SYS >
[2010/11/06 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/11/06 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: USER32.DLL >
[2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %USERPROFILE%\*.* >
[2012/01/06 21:44:23 | 000,001,024 | ---- | M] () -- C:\Users\ace-dajana\.rnd
[2012/03/03 09:38:57 | 008,388,608 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat
[2012/03/03 09:38:57 | 000,262,144 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat.LOG1
[2011/07/20 20:14:57 | 000,000,000 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat.LOG2
[2011/07/20 22:34:37 | 000,065,536 | -HS- | M] () -- C:\Users\ace-dajana\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/07/20 22:34:37 | 000,524,288 | -HS- | M] () -- C:\Users\ace-dajana\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/07/20 22:34:37 | 000,524,288 | -HS- | M] () -- C:\Users\ace-dajana\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/11/07 11:24:40 | 000,065,536 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat{cbbf8a73-085a-11e1-91e0-00262dc6ff00}.TM.blf
[2011/11/07 11:24:40 | 000,524,288 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat{cbbf8a73-085a-11e1-91e0-00262dc6ff00}.TMContainer00000000000000000001.regtrans-ms
[2011/11/07 11:24:40 | 000,524,288 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat{cbbf8a73-085a-11e1-91e0-00262dc6ff00}.TMContainer00000000000000000002.regtrans-ms
[2012/02/07 22:45:48 | 000,065,536 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat{cec7beb5-51cd-11e1-bce0-bc773720b9cf}.TM.blf
[2012/02/07 22:45:48 | 000,524,288 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat{cec7beb5-51cd-11e1-bce0-bc773720b9cf}.TMContainer00000000000000000001.regtrans-ms
[2012/02/07 22:45:48 | 000,524,288 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.dat{cec7beb5-51cd-11e1-bce0-bc773720b9cf}.TMContainer00000000000000000002.regtrans-ms
[2011/07/20 20:14:57 | 000,000,020 | -HS- | M] () -- C:\Users\ace-dajana\ntuser.ini

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >

Danke schonmal für eure Hilfe...

Virus - Betreibssystem blockiert, 50 Euro zahlen

Plagegeister aller Art und deren Bekämpfung: Virus - Betreibssystem blockiert, 50 Euro zahlen

Virus - Betreibssystem blockiert, 50 Euro zahlen

Ähnliche Themen: Virus - Betreibssystem blockiert, 50 Euro zahlen