| |
| |||||||
Log-Analyse und Auswertung: Systemsperrung aufgrund Illegaler aktivitäten 100€ ZahlungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.07.2012, 10:05
| #1 |
| |  Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung Guten Tag! Habe mir diesen heute schon öfters beschriebenen Trojaner eingefangen! Beschreibung: Wenn ich eine Verbindung mit dem Internet aufbaue bekomme ich die Meldung: " Betriebssystem gesperrt wegen Krimineller Aktivität 100€ Zahlung zum wiederherstellen" Ich kann bei dieser Meldung nichts mehr machen ausser Codes für PSC eingeben! Bis jz habe ich da ich gesehen hab das es ein Fehler von ActiveX Windows Live war deren ganze Programme deinstalliert das half nichts! Ich habe mir eure Regeln gut durchgelesen und hoffe ich mach das hier richtig Q_Q OTL logfile created on: 23.07.2012 10:53:21 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Labasu\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 15,98 Gb Total Physical Memory | 13,75 Gb Available Physical Memory | 86,06% Memory free 31,95 Gb Paging File | 29,74 Gb Available in Paging File | 93,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1811,92 Gb Total Space | 1446,15 Gb Free Space | 79,81% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 31,08 Gb Free Space | 62,17% Space Free | Partition Type: NTFS Drive F: | 1,88 Gb Total Space | 1,84 Gb Free Space | 97,98% Space Free | Partition Type: FAT Computer Name: LABASU-PC | User Name: Labasu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.23 10:50:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Labasu\Desktop\OTL.exe PRC - [2012.07.23 07:07:44 | 000,061,440 | ---- | M] () -- C:\Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe PRC - [2012.07.09 19:29:34 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012.07.09 19:29:34 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Labasu\AppData\Local\Akamai\netsession_win.exe PRC - [2012.05.08 16:40:54 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 16:40:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 16:40:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.01.26 01:37:15 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.20 19:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.04.15 03:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.11.12 16:11:46 | 000,145,224 | ---- | M] (H+H Software GmbH) -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe PRC - [2009.11.12 16:11:40 | 000,383,304 | ---- | M] (H+H Software GmbH) -- C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe PRC - [2009.09.18 18:02:30 | 001,708,032 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe PRC - [2009.08.21 10:27:24 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe PRC - [2009.07.07 21:10:14 | 000,151,552 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe ========== Modules (No Company Name) ========== MOD - [2012.07.23 07:07:44 | 000,061,440 | ---- | M] () -- C:\Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe MOD - [2012.07.09 19:29:35 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll MOD - [2012.07.09 19:29:34 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012.06.15 04:55:14 | 000,434,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8a6ad5961be0d5083c33ed030fb088c7\IAStorUtil.ni.dll MOD - [2012.06.15 04:46:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.15 04:46:53 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.11 04:39:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 04:28:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.11 03:48:00 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.11 03:47:46 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.11 03:47:43 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.01.26 01:37:15 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe MOD - [2011.05.16 16:03:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.07 19:50:04 | 000,258,048 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll MOD - [2009.06.01 15:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\ANIOApi.dll MOD - [2009.06.01 15:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll MOD - [2008.08.18 15:11:24 | 001,237,504 | ---- | M] () -- C:\Program Files (x86)\Virtual CD v10\System\vorbis.dll MOD - [2008.08.18 15:08:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\Virtual CD v10\System\ogg.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.11.23 15:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV:64bit: - [2011.11.21 16:10:10 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.07.15 21:30:33 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) @C:\Program Files (x86) SRV - [2012.07.12 14:22:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.10 19:48:07 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) SRV - [2012.07.09 19:29:34 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0) SRV - [2012.06.16 17:28:37 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 16:40:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 16:40:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.01.26 01:37:15 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru) SRV - [2011.11.21 16:12:56 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.11.21 16:10:04 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.11.02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.11.12 16:11:46 | 000,145,224 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS) SRV - [2009.07.07 21:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 16:40:55 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 16:40:55 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.24 03:01:28 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.03.24 03:01:27 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.01 17:20:45 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2011.11.23 15:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV:64bit: - [2011.11.10 18:32:02 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.07.28 18:20:08 | 000,209,408 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.07.28 18:20:06 | 000,092,672 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.06.10 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.11 14:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.25 15:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010.06.09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2010.06.09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010.04.22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2009.11.09 10:55:36 | 000,220,696 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vdrv1000.sys -- (vdrv1000) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.08.05 22:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.09 10:24:30 | 000,024,088 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HH10Help.sys -- (HH10Help.sys) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.06 19:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf) DRV:64bit: - [2008.06.17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus) DRV - [2012.07.12 15:33:54 | 000,018,048 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.10.14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=nv1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{24C6541F-61B5-47A2-94F5-3177456FBB24}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{7D606411-4F39-4789-9A4C-BB011D91FDBF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393 IE - HKCU\..\SearchScopes\{85AF8E74-3A83-4C2C-963F-F3F5A584C5A8}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={DF015412-EBBC-469C-891E-52AFE4F608A7}&mid=c13c1e90bd9a47d0bf7219d59acaf9dc-c2dd0ca674a236917ef541232f14441249212182&lang=en&ds=ft011&pr=sa&d=2012-04-21 09:57:25&v=11.0.0.9&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{D9E6169C-4E85-4E7F-8343-39A4C86F040A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYAT&apn_uid=2F464C0F-B54D-4154-8487-750EAC33A190&apn_sauid=9823CB10-458E-420B-8187-A85AECF28AA6 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "https://www.google.at/" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011.12.01 18:14:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011.12.01 18:14:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011.12.01 18:14:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 19:29:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 17:28:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 17:28:37 | 000,000,000 | ---D | M] [2011.12.01 18:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Labasu\AppData\Roaming\mozilla\Extensions [2012.07.13 00:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Labasu\AppData\Roaming\mozilla\Firefox\Profiles\hqt996ux.default\extensions [2012.04.08 12:46:28 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Labasu\AppData\Roaming\mozilla\Firefox\Profiles\hqt996ux.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2012.07.03 07:17:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Labasu\AppData\Roaming\mozilla\Firefox\Profiles\hqt996ux.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.07.03 07:11:00 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Users\Labasu\AppData\Roaming\mozilla\Firefox\Profiles\hqt996ux.default\extensions\zigboom@ymail.com [2012.04.20 23:42:36 | 000,002,408 | ---- | M] () -- C:\Users\Labasu\AppData\Roaming\Mozilla\Firefox\Profiles\hqt996ux.default\searchplugins\askcom.xml [2012.03.12 20:44:30 | 000,001,797 | ---- | M] () -- C:\Users\Labasu\AppData\Roaming\Mozilla\Firefox\Profiles\hqt996ux.default\searchplugins\funmoods.xml [2012.07.10 00:27:14 | 000,001,056 | ---- | M] () -- C:\Users\Labasu\AppData\Roaming\Mozilla\Firefox\Profiles\hqt996ux.default\searchplugins\icqplugin.xml [2012.04.25 10:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.05 20:40:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.13 00:22:19 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\LABASU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HQT996UX.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2012.06.16 17:28:37 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.08 00:47:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.09 19:29:34 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.01.08 00:47:52 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.08 00:47:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.08 00:47:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.08 00:47:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.08 00:47:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com CHR - Extension: No name found = C:\Users\Labasu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.) O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [] C:\Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Labasu\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com) O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{072655FE-E572-402F-B11F-470E7CEF20C9}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll () O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab ZAO) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.23 10:52:53 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Labasu\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.23 10:52:53 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Labasu\Desktop\OTL.exe [2012.07.23 09:26:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.17 12:16:14 | 000,000,000 | ---D | C] -- C:\Users\Labasu\Desktop\FairyTale [2012.07.15 21:25:48 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.07.15 21:25:44 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2012.07.15 21:25:44 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2012.07.15 21:25:44 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2012.07.15 21:25:44 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2012.07.15 21:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities [2012.07.15 21:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2010 [2012.07.15 21:25:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2012.07.14 20:56:32 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6 [2012.07.14 02:52:02 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Local\Spotify [2012.07.14 02:51:09 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\Spotify [2012.07.13 20:53:37 | 000,000,000 | ---D | C] -- C:\Users\Labasu\Documents\gegl-0.0 [2012.07.13 02:23:38 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\pokerth [2012.07.13 02:02:55 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\UAs [2012.07.13 00:42:34 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\xmldm [2012.07.13 00:42:33 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\kock [2012.07.11 20:26:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.07.06 21:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\dvdfab [2012.07.06 21:27:21 | 000,000,000 | ---D | C] -- C:\Users\Labasu\Documents\DVDFab [2012.07.06 21:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt [2012.07.06 21:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 8 Qt [2012.07.06 21:24:07 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.07.06 21:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2012.07.06 16:18:36 | 000,220,696 | ---- | C] (H+H Software GmbH) -- C:\Windows\SysNative\drivers\vdrv1000.sys [2012.07.06 16:18:36 | 000,024,088 | ---- | C] (H+H Software GmbH) -- C:\Windows\SysNative\drivers\HH10Help.sys [2012.07.06 16:18:34 | 000,000,000 | --SD | C] -- C:\Users\Labasu\AppData\Roaming\Virtual CD v10 [2012.07.06 16:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual CD v10 [2012.07.06 16:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual CD v10 [2012.07.06 16:17:55 | 000,040,464 | ---- | C] (H+H Software GmbH) -- C:\Windows\SysNative\drivers\vcd10bus.sys [2012.07.06 15:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.07.06 15:53:53 | 000,000,000 | -H-D | C] -- C:\Users\Labasu\Documents\Freemake_do_not_remove_this_folder [2012.07.06 15:43:57 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\TuneUp Software [2012.07.06 15:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.07.06 15:43:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.07.06 15:42:08 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\OpenCandy [2012.07.06 15:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2012.07.06 15:25:28 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\AVS4YOU [2012.07.06 15:24:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2012.07.06 15:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2012.07.03 23:50:22 | 000,000,000 | ---D | C] -- C:\Users\Labasu\dwhelper [2012.07.02 18:28:38 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Local\Macromedia [7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.23 10:52:00 | 000,000,000 | ---- | M] () -- C:\Users\Labasu\defogger_reenable [2012.07.23 10:50:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Labasu\Desktop\OTL.exe [2012.07.23 10:50:03 | 001,318,344 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.23 10:50:03 | 000,581,614 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.23 10:50:03 | 000,551,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.23 10:50:03 | 000,108,788 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.23 10:50:03 | 000,088,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.23 10:46:54 | 000,050,477 | ---- | M] () -- C:\Users\Labasu\Desktop\Defogger.exe [2012.07.23 10:38:36 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Labasu\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.23 10:26:22 | 000,000,454 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Labasu.job [2012.07.23 10:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.23 10:15:31 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.23 10:15:31 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.23 10:08:09 | 000,001,151 | ---- | M] () -- C:\Users\Labasu\Desktop\Wechseldatenträger (F) 1,83 GB.lnk [2012.07.23 10:07:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.23 10:07:28 | 4276,228,094 | -HS- | M] () -- C:\hiberfil.sys [2012.07.23 09:57:27 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{072655FE-E572-402F-B11F-470E7CEF20C9} [2012.07.23 09:57:27 | 000,003,284 | ---- | M] () -- C:\Users\Labasu\AppData\Roaming\ANIWZCS{072655FE-E572-402F-B11F-470E7CEF20C9} [2012.07.23 09:45:56 | 000,000,646 | ---- | M] () -- C:\Users\Labasu\Labasu - Verknüpfung.lnk [2012.07.23 09:20:49 | 000,002,416 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.07.22 16:58:57 | 000,102,593 | ---- | M] () -- C:\Users\Labasu\Desktop\FxCam_1342794874513.jpg [2012.07.22 16:57:31 | 002,886,076 | ---- | M] () -- C:\Users\Labasu\Desktop\20120722_035102.jpg [2012.07.22 05:08:17 | 000,833,331 | ---- | M] () -- C:\Users\Labasu\Desktop\Unbenannt.jpg [2012.07.22 05:08:17 | 000,045,037 | ---- | M] () -- C:\Users\Labasu\.recently-used.xbel [2012.07.19 16:33:22 | 000,021,172 | -HS- | M] () -- C:\Users\Labasu\Desktop\Folder.jpg [2012.07.19 16:33:22 | 000,005,916 | -HS- | M] () -- C:\Users\Labasu\Desktop\AlbumArtSmall.jpg [2012.07.15 21:30:32 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.07.15 21:30:32 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2012.07.14 02:52:02 | 000,001,776 | ---- | M] () -- C:\Users\Labasu\Desktop\Spotify.lnk [2012.07.13 02:03:04 | 000,000,083 | ---- | M] () -- C:\Users\Labasu\AppData\Roaming\urhtps.dat [2012.07.13 02:01:24 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf [2012.07.13 02:00:14 | 000,284,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.12 15:33:54 | 000,018,048 | ---- | M] () -- C:\Windows\SysWow64\drivers\lirsgt.sys [2012.07.06 21:27:41 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.07.06 21:27:19 | 000,001,020 | ---- | M] () -- C:\Users\Labasu\Desktop\DVDFab 8 Qt.lnk [2012.07.06 21:24:07 | 000,001,889 | ---- | M] () -- C:\Users\Labasu\Desktop\CCleaner.lnk [2012.07.06 16:18:34 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CD v10.lnk [2012.07.06 15:59:43 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.07.06 13:42:54 | 000,000,540 | ---- | M] () -- C:\Users\Labasu\AppData\Roaming\AutoGK.ini [7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.23 10:52:53 | 000,050,477 | ---- | C] () -- C:\Users\Labasu\Desktop\Defogger.exe [2012.07.23 10:52:00 | 000,000,000 | ---- | C] () -- C:\Users\Labasu\defogger_reenable [2012.07.23 10:08:09 | 000,001,151 | ---- | C] () -- C:\Users\Labasu\Desktop\Wechseldatenträger (F) 1,83 GB.lnk [2012.07.23 09:45:56 | 000,000,646 | ---- | C] () -- C:\Users\Labasu\Labasu - Verknüpfung.lnk [2012.07.22 16:58:41 | 000,102,593 | ---- | C] () -- C:\Users\Labasu\Desktop\FxCam_1342794874513.jpg [2012.07.22 16:56:43 | 002,886,076 | ---- | C] () -- C:\Users\Labasu\Desktop\20120722_035102.jpg [2012.07.22 05:08:17 | 000,833,331 | ---- | C] () -- C:\Users\Labasu\Desktop\Unbenannt.jpg [2012.07.22 05:08:17 | 000,045,037 | ---- | C] () -- C:\Users\Labasu\.recently-used.xbel [2012.07.19 16:14:54 | 000,021,172 | -HS- | C] () -- C:\Users\Labasu\Desktop\Folder.jpg [2012.07.19 16:14:54 | 000,005,916 | -HS- | C] () -- C:\Users\Labasu\Desktop\AlbumArtSmall.jpg [2012.07.15 21:25:38 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.07.15 21:25:38 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2012.07.15 21:25:36 | 000,002,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities.lnk [2012.07.14 02:52:02 | 000,001,776 | ---- | C] () -- C:\Users\Labasu\Desktop\Spotify.lnk [2012.07.14 02:52:02 | 000,001,762 | ---- | C] () -- C:\Users\Labasu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012.07.13 01:55:36 | 000,000,083 | ---- | C] () -- C:\Users\Labasu\AppData\Roaming\urhtps.dat [2012.07.13 01:00:38 | 000,438,272 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll [2012.07.12 15:30:33 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\lirsgt.sys [2012.07.06 21:27:41 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.07.06 21:27:19 | 000,001,020 | ---- | C] () -- C:\Users\Labasu\Desktop\DVDFab 8 Qt.lnk [2012.07.06 21:24:07 | 000,001,889 | ---- | C] () -- C:\Users\Labasu\Desktop\CCleaner.lnk [2012.07.06 16:18:34 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CD v10.lnk [2012.07.06 15:59:43 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.07.06 13:42:54 | 000,000,540 | ---- | C] () -- C:\Users\Labasu\AppData\Roaming\AutoGK.ini [2012.06.06 00:14:07 | 000,001,595 | ---- | C] () -- C:\Users\Labasu\.ucon64rc [2012.02.19 13:52:07 | 000,000,060 | ---- | C] () -- C:\Windows\popcinfo.dat [2012.02.17 07:05:25 | 001,435,292 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.25 03:17:01 | 000,002,416 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.12.01 19:27:23 | 000,003,284 | ---- | C] () -- C:\Users\Labasu\AppData\Roaming\ANIWZCS{072655FE-E572-402F-B11F-470E7CEF20C9} [2011.12.01 17:56:45 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ANIWConnService.exe [2011.12.01 17:55:32 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\wlanapp.dll [2011.12.01 17:55:32 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\aIPH.dll [2011.12.01 17:55:32 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AQCKGen.dll [2011.12.01 17:55:32 | 000,045,115 | ---- | C] () -- C:\Windows\SysWow64\ANICtl.dll [2011.12.01 17:55:09 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\ANIOApi.dll [2011.12.01 17:53:26 | 000,733,184 | ---- | C] () -- C:\Windows\SysWow64\ANIOWPS.dll [2011.12.01 17:53:26 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe [2011.12.01 17:53:26 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\ANIWPS.exe [2011.12.01 17:52:35 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\rt73.bin ========== LOP Check ========== [2011.12.01 19:01:26 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\Acreon [2012.07.22 05:08:17 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\gtk-2.0 [2012.07.13 02:03:01 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\ICQ [2012.07.13 00:42:33 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\kock [2012.05.09 10:41:40 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\MotioninJoy [2012.07.06 15:42:08 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\OpenCandy [2012.07.13 02:23:38 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\pokerth [2012.07.23 08:32:14 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\SoftGrid Client [2012.07.23 09:57:05 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\Spotify [2012.02.17 07:06:26 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\TP [2012.01.15 01:52:29 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\TS3Client [2011.12.01 21:04:25 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\ts3overlay [2012.07.15 21:25:30 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\TuneUp Software [2012.07.13 02:02:59 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\UAs [2012.07.23 09:36:08 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\uTorrent [2012.07.06 16:19:40 | 000,000,000 | --SD | M] -- C:\Users\Labasu\AppData\Roaming\Virtual CD v10 [2012.02.08 18:54:24 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\VoipBuster [2012.07.13 02:02:59 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\xmldm [2012.05.29 14:05:45 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 23.07.2012 10:53:21 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Labasu\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 15,98 Gb Total Physical Memory | 13,75 Gb Available Physical Memory | 86,06% Memory free 31,95 Gb Paging File | 29,74 Gb Available in Paging File | 93,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1811,92 Gb Total Space | 1446,15 Gb Free Space | 79,81% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 31,08 Gb Free Space | 62,17% Space Free | Partition Type: NTFS Drive F: | 1,88 Gb Total Space | 1,84 Gb Free Space | 97,98% Space Free | Partition Type: FAT Computer Name: LABASU-PC | User Name: Labasu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00D71038-71F2-4530-9310-8D65CC6EAB4E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{07418B52-F82B-4048-8FC6-8A58D344A2A6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{1E7B18A8-441D-4640-80FA-F2F9E57B10B7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{31D1E8B2-9A02-4FB1-9288-81F694F737CA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3B514802-D02D-4375-9D0A-7312139FC3DA}" = protocol=17 | dir=in | app=c:\users\labasu\appdata\local\akamai\netsession_win.exe | "{5858B59B-2D5C-4A81-8481-A25F7B2AC140}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{5D3B5FFC-9239-4C82-B068-501272A3724E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{8A73CD91-AFF6-474C-8E86-CDA23179F579}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{AB1A5ED4-87C3-4BCB-82F2-4C285B936E6E}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "{BC3B71B4-A783-4BBD-B9E1-B08615E7F4D3}" = protocol=6 | dir=in | app=c:\users\labasu\appdata\local\akamai\netsession_win.exe | "{D9DDC0B3-021E-4553-ABF4-B168AE2D7BF8}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "TCP Query User{463F16C7-02E4-4884-A119-25DE487623C1}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | "TCP Query User{A453B499-2B46-4E7B-8D38-2313069768A6}C:\users\labasu\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\labasu\appdata\roaming\spotify\spotify.exe | "TCP Query User{B5DC89D9-8D8A-4722-8C33-3F0835BC603B}C:\users\labasu\appdata\local\radiosure\radiosure.exe" = protocol=6 | dir=in | app=c:\users\labasu\appdata\local\radiosure\radiosure.exe | "UDP Query User{11E4F484-BA8D-45A8-ACD5-722A755F9B43}C:\users\labasu\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\labasu\appdata\roaming\spotify\spotify.exe | "UDP Query User{7B12C2CE-3FCE-4ECA-AE48-08F3EB073148}C:\users\labasu\appdata\local\radiosure\radiosure.exe" = protocol=17 | dir=in | app=c:\users\labasu\appdata\local\radiosure\radiosure.exe | "UDP Query User{93A86D3A-F8F5-4963-8803-4CC0D4E6CE8A}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit) "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0005 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "Sandboxie" = Sandboxie 3.62 (64-bit) "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener "{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5F753314-628E-4C13-B8AE-BFA7FD514CBE}" = D-Link Wireless G DWL-G122_DWA-110 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DB52C99-EC51-4173-93C5-298769170CB0}" = Audition "{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Akamai" = Akamai NetSession Interface "AVG Secure Search" = AVG Security Toolbar "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner (remove only) "DVDFab 8 Qt_is1" = DVDFab 8.1.9.0 (06/07/2012) Qt "Fraps" = Fraps (remove only) "Guard.Mail.ru" = Guard.ICQ "ICQToolbar" = ICQ Toolbar "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NSS" = Norton Security Scan "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "TuneUp Utilities" = TuneUp Utilities "VLC media player" = VLC media player 2.0.2 "WinGimp-2.0_is1" = GIMP 2.6.7 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "RadioSure" = RadioSure "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.07.2012 03:25:37 | Computer Name = Labasu-PC | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren werden. Error - 23.07.2012 03:25:48 | Computer Name = Labasu-PC | Source = Application Hang | ID = 1002 Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 750 Startzeit: 01cd68a3d965a851 Endzeit: 6 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: 9a8fe5ce-d497-11e1-abf5-c89cdc2e102f Error - 23.07.2012 03:33:05 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019 Description = Error - 23.07.2012 03:33:14 | Computer Name = Labasu-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 23.07.2012 03:33:18 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019 Description = Error - 23.07.2012 03:34:26 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019 Description = Error - 23.07.2012 03:47:18 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019 Description = Error - 23.07.2012 03:49:24 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019 Description = Error - 23.07.2012 04:05:11 | Computer Name = Labasu-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 23.07.2012 04:18:18 | Computer Name = Labasu-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: [ System Events ] Error - 23.07.2012 03:22:26 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 23.07.2012 03:25:15 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 23.07.2012 03:42:02 | Computer Name = Labasu-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 23.07.2012 03:42:02 | Computer Name = Labasu-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 23.07.2012 03:54:58 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 23.07.2012 03:54:59 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 23.07.2012 03:57:19 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 23.07.2012 04:08:07 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 23.07.2012 04:08:07 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 23.07.2012 04:10:27 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > |
|
23.07.2012, 10:13
| #2 |
| /// Helfer-Team  | Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - [2012.07.23 07:07:44 | 000,061,440 | ---- | M] () -- C:\Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe
MOD - [2012.07.09 19:29:34 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2009.07.07 19:50:04 | 000,258,048 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll
SRV - [2012.07.15 21:30:33 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) @C:\Program Files (x86)
SRV - [2012.07.10 19:48:07 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012.07.09 19:29:34 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012.01.26 01:37:15 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.07.07 21:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService)
DRV - [2012.07.12 15:33:54 | 000,018,048 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\lirsgt.sys -- (lirsgt)
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{24C6541F-61B5-47A2-94F5-3177456FBB24}: "URL" = http://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{7D606411-4F39-4789-9A4C-BB011D91FDBF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7MDNF_enDE393
IE - HKCU\..\SearchScopes\{85AF8E74-3A83-4C2C-963F-F3F5A584C5A8}: "URL" = http://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={DF015412-EBBC-469C-891E-52AFE4F608A7}&mid=c13c1e90bd9a47d0bf7219d59acaf9dc-c2dd0ca674a236917ef541232f14441249212182&lang=en&ds=ft011&pr=sa&d=2012-04-21 09:57:25&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{D9E6169C-4E85-4E7F-8343-39A4C86F040A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYA T&apn_uid=2F464C0F-B54D-4154-8487-750EAC33A190&apn_sauid=9823CB10-458E-420B-8187-A85AECF28AA6
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "https://www.google.at/"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 19:29:37 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [] C:\Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Labasu\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
[2012.07.15 21:25:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2012.07.15 21:25:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2012.07.13 02:02:55 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\UAs
[2012.07.13 02:02:59 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\xmldm
[2012.07.13 00:42:33 | 000,000,000 | ---D | M] -- C:\Users\Labasu\AppData\Roaming\kock
[2012.07.06 15:42:08 | 000,000,000 | ---D | C] -- C:\Users\Labasu\AppData\Roaming\OpenCandy
:Files
C:\Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
23.07.2012, 10:21
| #3 |
| | Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung Danke für die schnelle Hilfe irgendwie Glaub ich das es sich trotzdem nicht gut anhört Q_Q
__________________Error: Unable to interpret <OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.07.2012 10:53:21 - Run 1> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Labasu\Desktop> in the current context!
Error: Unable to interpret <64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 9.0.8112.16421)> in the current context!
Error: Unable to interpret <Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <15,98 Gb Total Physical Memory | 13,75 Gb Available Physical Memory | 86,06% Memory free> in the current context!
Error: Unable to interpret <31,95 Gb Paging File | 29,74 Gb Available in Paging File | 93,07% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)> in the current context!
Error: Unable to interpret <Drive C: | 1811,92 Gb Total Space | 1446,15 Gb Free Space | 79,81% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive D: | 50,00 Gb Total Space | 31,08 Gb Free Space | 62,17% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive F: | 1,88 Gb Total Space | 1,84 Gb Free Space | 97,98% Space Free | Partition Type: FAT> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: LABASU-PC | User Name: Labasu | Logged in as Administrator.> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans> in the current context!
Error: Unable to interpret <Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Extra Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== File Associations ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]> in the current context!
Error: Unable to interpret <.html[@ = ChromeHTML] -- Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]> in the current context!
Error: Unable to interpret <.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <.html [@ = ChromeHTML] -- Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]> in the current context!
Error: Unable to interpret <.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Shell Spawning ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]> in the current context!
Error: Unable to interpret <batfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <cmdfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <helpfile [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <htmlfile [edit] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <htmlfile [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <htmlfile [opennew] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"> in the current context!
Error: Unable to interpret <http [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <https [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)> in the current context!
Error: Unable to interpret <InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)> in the current context!
Error: Unable to interpret <InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)> in the current context!
Error: Unable to interpret <piffile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <regfile [merge] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <scrfile [config] -- "%1"> in the current context!
Error: Unable to interpret <scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l> in the current context!
Error: Unable to interpret <scrfile [open] -- "%1" /S> in the current context!
Error: Unable to interpret <txtfile [edit] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1> in the current context!
Error: Unable to interpret <Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()> in the current context!
Error: Unable to interpret <Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()> in the current context!
Error: Unable to interpret <Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Folder [explore] -- Reg Error: Value error.> in the current context!
Error: Unable to interpret <Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Applications\iexplore.exe [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]> in the current context!
Error: Unable to interpret <batfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <cmdfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)> in the current context!
Error: Unable to interpret <exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <helpfile [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <htmlfile [edit] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <htmlfile [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <htmlfile [opennew] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"> in the current context!
Error: Unable to interpret <http [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <https [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)> in the current context!
Error: Unable to interpret <piffile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <regfile [merge] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <scrfile [config] -- "%1"> in the current context!
Error: Unable to interpret <scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l> in the current context!
Error: Unable to interpret <scrfile [open] -- "%1" /S> in the current context!
Error: Unable to interpret <txtfile [edit] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1> in the current context!
Error: Unable to interpret <Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()> in the current context!
Error: Unable to interpret <Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()> in the current context!
Error: Unable to interpret <Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Folder [explore] -- Reg Error: Value error.> in the current context!
Error: Unable to interpret <Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Applications\iexplore.exe [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Security Center Settings ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]> in the current context!
Error: Unable to interpret <"cval" = 1> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]> in the current context!
Error: Unable to interpret <"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]> in the current context!
Error: Unable to interpret <"AntiVirusOverride" = 0> in the current context!
Error: Unable to interpret <"AntiSpywareOverride" = 0> in the current context!
Error: Unable to interpret <"FirewallOverride" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]> in the current context!
Error: Unable to interpret <"DisableMonitoring" = 1> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Firewall Settings ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]> in the current context!
Error: Unable to interpret <"EnableFirewall" = 1> in the current context!
Error: Unable to interpret <"DisableNotifications" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]> in the current context!
Error: Unable to interpret <"EnableFirewall" = 1> in the current context!
Error: Unable to interpret <"DisableNotifications" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]> in the current context!
Error: Unable to interpret <"EnableFirewall" = 1> in the current context!
Error: Unable to interpret <"DisableNotifications" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Authorized Applications List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Vista Active Open Ports Exception List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Vista Active Application Exception List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]> in the current context!
Error: Unable to interpret <"{00D71038-71F2-4530-9310-8D65CC6EAB4E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | > in the current context!
Error: Unable to interpret <"{07418B52-F82B-4048-8FC6-8A58D344A2A6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | > in the current context!
Error: Unable to interpret <"{1E7B18A8-441D-4640-80FA-F2F9E57B10B7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | > in the current context!
Error: Unable to interpret <"{31D1E8B2-9A02-4FB1-9288-81F694F737CA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | > in the current context!
Error: Unable to interpret <"{3B514802-D02D-4375-9D0A-7312139FC3DA}" = protocol=17 | dir=in | app=c:\users\labasu\appdata\local\akamai\netsession_win.exe | > in the current context!
Error: Unable to interpret <"{5858B59B-2D5C-4A81-8481-A25F7B2AC140}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | > in the current context!
Error: Unable to interpret <"{5D3B5FFC-9239-4C82-B068-501272A3724E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | > in the current context!
Error: Unable to interpret <"{8A73CD91-AFF6-474C-8E86-CDA23179F579}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | > in the current context!
Error: Unable to interpret <"{AB1A5ED4-87C3-4BCB-82F2-4C285B936E6E}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | > in the current context!
Error: Unable to interpret <"{BC3B71B4-A783-4BBD-B9E1-B08615E7F4D3}" = protocol=6 | dir=in | app=c:\users\labasu\appdata\local\akamai\netsession_win.exe | > in the current context!
Error: Unable to interpret <"{D9DDC0B3-021E-4553-ABF4-B168AE2D7BF8}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | > in the current context!
Error: Unable to interpret <"TCP Query User{463F16C7-02E4-4884-A119-25DE487623C1}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | > in the current context!
Error: Unable to interpret <"TCP Query User{A453B499-2B46-4E7B-8D38-2313069768A6}C:\users\labasu\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\labasu\appdata\roaming\spotify\spotify.exe | > in the current context!
Error: Unable to interpret <"TCP Query User{B5DC89D9-8D8A-4722-8C33-3F0835BC603B}C:\users\labasu\appdata\local\radiosure\radiosure.exe" = protocol=6 | dir=in | app=c:\users\labasu\appdata\local\radiosure\radiosure.exe | > in the current context!
Error: Unable to interpret <"UDP Query User{11E4F484-BA8D-45A8-ACD5-722A755F9B43}C:\users\labasu\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\labasu\appdata\roaming\spotify\spotify.exe | > in the current context!
Error: Unable to interpret <"UDP Query User{7B12C2CE-3FCE-4ECA-AE48-08F3EB073148}C:\users\labasu\appdata\local\radiosure\radiosure.exe" = protocol=17 | dir=in | app=c:\users\labasu\appdata\local\radiosure\radiosure.exe | > in the current context!
Error: Unable to interpret <"UDP Query User{93A86D3A-F8F5-4963-8803-4CC0D4E6CE8A}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== HKEY_LOCAL_MACHINE Uninstall List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!
Error: Unable to interpret <"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)> in the current context!
Error: Unable to interpret <"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0005> in the current context!
Error: Unable to interpret <"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161> in the current context!
Error: Unable to interpret <"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17> in the current context!
Error: Unable to interpret <"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010> in the current context!
Error: Unable to interpret <"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting> in the current context!
Error: Unable to interpret <"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)> in the current context!
Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26> in the current context!
Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26> in the current context!
Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621> in the current context!
Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28> in the current context!
Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0> in the current context!
Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application> in the current context!
Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components> in the current context!
Error: Unable to interpret <"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64> in the current context!
Error: Unable to interpret <"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319> in the current context!
Error: Unable to interpret <"Sandboxie" = Sandboxie 3.62 (64-bit)> in the current context!
Error: Unable to interpret <"TeamSpeak 3 Client" = TeamSpeak 3 Client> in the current context!
Error: Unable to interpret <"WinRAR archiver" = WinRAR archiver> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!
Error: Unable to interpret <"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener> in the current context!
Error: Unable to interpret <"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10> in the current context!
Error: Unable to interpret <"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31> in the current context!
Error: Unable to interpret <"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology> in the current context!
Error: Unable to interpret <"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater> in the current context!
Error: Unable to interpret <"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service> in the current context!
Error: Unable to interpret <"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver> in the current context!
Error: Unable to interpret <"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411> in the current context!
Error: Unable to interpret <"{5F753314-628E-4C13-B8AE-BFA7FD514CBE}" = D-Link Wireless G DWL-G122_DWA-110> in the current context!
Error: Unable to interpret <"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM> in the current context!
Error: Unable to interpret <"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components> in the current context!
Error: Unable to interpret <"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011> in the current context!
Error: Unable to interpret <"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable> in the current context!
Error: Unable to interpret <"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable> in the current context!
Error: Unable to interpret <"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7> in the current context!
Error: Unable to interpret <"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)> in the current context!
Error: Unable to interpret <"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX> in the current context!
Error: Unable to interpret <"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight> in the current context!
Error: Unable to interpret <"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch> in the current context!
Error: Unable to interpret <"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010> in the current context!
Error: Unable to interpret <"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer> in the current context!
Error: Unable to interpret <"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6> in the current context!
Error: Unable to interpret <"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17> in the current context!
Error: Unable to interpret <"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161> in the current context!
Error: Unable to interpret <"{9DB52C99-EC51-4173-93C5-298769170CB0}" = Audition> in the current context!
Error: Unable to interpret <"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X> in the current context!
Error: Unable to interpret <"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI> in the current context!
Error: Unable to interpret <"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR> in the current context!
Error: Unable to interpret <"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call> in the current context!
Error: Unable to interpret <"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities> in the current context!
Error: Unable to interpret <"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9> in the current context!
Error: Unable to interpret <"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219> in the current context!
Error: Unable to interpret <"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver> in the current context!
Error: Unable to interpret <"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center> in the current context!
Error: Unable to interpret <"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022> in the current context!
Error: Unable to interpret <"Adobe AIR" = Adobe AIR> in the current context!
Error: Unable to interpret <"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX> in the current context!
Error: Unable to interpret <"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin> in the current context!
Error: Unable to interpret <"Adobe Shockwave Player" = Adobe Shockwave Player 11.6> in the current context!
Error: Unable to interpret <"Akamai" = Akamai NetSession Interface> in the current context!
Error: Unable to interpret <"AVG Secure Search" = AVG Security Toolbar> in the current context!
Error: Unable to interpret <"Avira AntiVir Desktop" = Avira Free Antivirus> in the current context!
Error: Unable to interpret <"CCleaner" = CCleaner (remove only)> in the current context!
Error: Unable to interpret <"DVDFab 8 Qt_is1" = DVDFab 8.1.9.0 (06/07/2012) Qt> in the current context!
Error: Unable to interpret <"Fraps" = Fraps (remove only)> in the current context!
Error: Unable to interpret <"Guard.Mail.ru" = Guard.ICQ> in the current context!
Error: Unable to interpret <"ICQToolbar" = ICQ Toolbar> in the current context!
Error: Unable to interpret <"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver> in the current context!
Error: Unable to interpret <"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011> in the current context!
Error: Unable to interpret <"McAfee Security Scan" = McAfee Security Scan Plus> in the current context!
Error: Unable to interpret <"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)> in the current context!
Error: Unable to interpret <"MozillaMaintenanceService" = Mozilla Maintenance Service> in the current context!
Error: Unable to interpret <"NSS" = Norton Security Scan> in the current context!
Error: Unable to interpret <"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010> in the current context!
Error: Unable to interpret <"TuneUp Utilities" = TuneUp Utilities> in the current context!
Error: Unable to interpret <"VLC media player" = VLC media player 2.0.2> in the current context!
Error: Unable to interpret <"WinGimp-2.0_is1" = GIMP 2.6.7> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== HKEY_CURRENT_USER Uninstall List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!
Error: Unable to interpret <"Akamai" = Akamai NetSession Interface> in the current context!
Error: Unable to interpret <"RadioSure" = RadioSure> in the current context!
Error: Unable to interpret <"Spotify" = Spotify> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Last 20 Event Log Errors ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[ Application Events ]> in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:25:37 | Computer Name = Labasu-PC | Source = Microsoft-Windows-RestartManager | ID = 10006> in the current context!
Error: Unable to interpret <Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren> in the current context!
Error: Unable to interpret < werden.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:25:48 | Computer Name = Labasu-PC | Source = Application Hang | ID = 1002> in the current context!
Error: Unable to interpret <Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter> in the current context!
Error: Unable to interpret < Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf > in the current context!
Error: Unable to interpret <in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem> in the current context!
Error: Unable to interpret < zu suchen. Prozess-ID: 750 Startzeit: 01cd68a3d965a851 Endzeit: 6 Anwendungspfad: C:\Windows\Explorer.EXE> in the current context!
Error: Unable to interpret <Berichts-ID:> in the current context!
Error: Unable to interpret < 9a8fe5ce-d497-11e1-abf5-c89cdc2e102f > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:33:05 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:33:14 | Computer Name = Labasu-PC | Source = CVHSVC | ID = 100> in the current context!
Error: Unable to interpret <Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):> in the current context!
Error: Unable to interpret < DownloadLatest Failed: > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:33:18 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:34:26 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:47:18 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:49:24 | Computer Name = Labasu-PC | Source = Windows Search Service | ID = 1019> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 04:05:11 | Computer Name = Labasu-PC | Source = CVHSVC | ID = 100> in the current context!
Error: Unable to interpret <Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):> in the current context!
Error: Unable to interpret < DownloadLatest Failed: > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 04:18:18 | Computer Name = Labasu-PC | Source = CVHSVC | ID = 100> in the current context!
Error: Unable to interpret <Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):> in the current context!
Error: Unable to interpret < DownloadLatest Failed: > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[ System Events ]> in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:22:26 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000> in the current context!
Error: Unable to interpret <Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:> in the current context!
Error: Unable to interpret < %%577> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:25:15 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7034> in the current context!
Error: Unable to interpret <Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet.> in the current context!
Error: Unable to interpret < Dies ist bereits 1 Mal passiert.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:42:02 | Computer Name = Labasu-PC | Source = VDS Basic Provider | ID = 33554433> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:42:02 | Computer Name = Labasu-PC | Source = VDS Basic Provider | ID = 33554433> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:54:58 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000> in the current context!
Error: Unable to interpret <Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:> in the current context!
Error: Unable to interpret < %%577> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:54:59 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000> in the current context!
Error: Unable to interpret <Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:> in the current context!
Error: Unable to interpret < %%577> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 03:57:19 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7034> in the current context!
Error: Unable to interpret <Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet.> in the current context!
Error: Unable to interpret < Dies ist bereits 1 Mal passiert.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 04:08:07 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000> in the current context!
Error: Unable to interpret <Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:> in the current context!
Error: Unable to interpret < %%577> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 04:08:07 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7000> in the current context!
Error: Unable to interpret <Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:> in the current context!
Error: Unable to interpret < %%577> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 23.07.2012 04:10:27 | Computer Name = Labasu-PC | Source = Service Control Manager | ID = 7034> in the current context!
Error: Unable to interpret <Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet.> in the current context!
Error: Unable to interpret < Dies ist bereits 1 Mal passiert.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << End of report >
> in the current context! OTL by OldTimer - Version 3.2.54.0 log created on 07232012_111808 |
|
23.07.2012, 10:24
| #4 |
| /// Helfer-Team | Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung Du sollst den FIX eingeben und nicht das Log!!! Nochmal! Anleitung beachten! |
|
23.07.2012, 10:33
| #5 |
| | Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung Tut mir Leid Falscher Zwischenspeicher mit PC´s arbeiten macht einen krank Q_Q All processes killed ========== OTL ========== Error: No service named TuneUp.Defrag) @C:\Program Files (x86 was found to stop! Service\Driver key TuneUp.Defrag) @C:\Program Files (x86 not found. C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe moved successfully. Service Akamai stopped successfully! Service Akamai deleted successfully! c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll moved successfully. Service vToolbarUpdater11.2.0 stopped successfully! Service vToolbarUpdater11.2.0 deleted successfully! C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe moved successfully. Service Guard.Mail.ru stopped successfully! Service Guard.Mail.ru deleted successfully! C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe moved successfully. Service ICQ Service stopped successfully! Service ICQ Service deleted successfully! C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe moved successfully. Service ANIWConnService stopped successfully! Service ANIWConnService deleted successfully! C:\Windows\SysWOW64\ANIWConnService.exe moved successfully. Service lirsgt stopped successfully! Service lirsgt deleted successfully! C:\Windows\SysWOW64\drivers\lirsgt.sys moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully. C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24C6541F-61B5-47A2-94F5-3177456FBB24}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24C6541F-61B5-47A2-94F5-3177456FBB24}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7D606411-4F39-4789-9A4C-BB011D91FDBF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D606411-4F39-4789-9A4C-BB011D91FDBF}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{85AF8E74-3A83-4C2C-963F-F3F5A584C5A8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85AF8E74-3A83-4C2C-963F-F3F5A584C5A8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D9E6169C-4E85-4E7F-8343-39A4C86F040A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9E6169C-4E85-4E7F-8343-39A4C86F040A}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "Ask.com" removed from browser.search.order.1 Prefs.js: "chr-greentree_ff&type=937811&ilc=12" removed from browser.search.param.yahoo-fr Prefs.js: "Google" removed from browser.search.selectedEngine Prefs.js: false removed from browser.search.update Prefs.js: "https://www.google.at/" removed from browser.startup.homepage Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=" removed from keyword.URL 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922\ deleted successfully. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Guard.Mail.ru.gui deleted successfully. File C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HF_G_Jul deleted successfully. C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully. C:\Program Files (x86)\AVG Secure Search\vprot.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. C:\Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully. C:\Users\Labasu\AppData\Local\Akamai\netsession_win.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon\ deleted successfully. File move failed. C:\Windows\SysNative\klogon.dll scheduled to be moved on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} folder moved successfully. C:\Windows\SysWow64\sho1748.tmp deleted successfully. C:\Windows\SysWow64\sho1D2F.tmp deleted successfully. C:\Windows\SysWow64\sho3727.tmp deleted successfully. C:\Windows\SysWow64\sho4E10.tmp deleted successfully. C:\Windows\SysWow64\sho58D4.tmp deleted successfully. C:\Windows\SysWow64\shoBB7C.tmp deleted successfully. C:\Windows\SysWow64\shoE2A0.tmp deleted successfully. Folder C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}\ not found. C:\Users\Labasu\AppData\Roaming\UAs folder moved successfully. C:\Users\Labasu\AppData\Roaming\xmldm folder moved successfully. C:\Users\Labasu\AppData\Roaming\kock folder moved successfully. C:\Users\Labasu\AppData\Roaming\OpenCandy\9525991AA34C4C4E9BDB334A76CF21F8 folder moved successfully. C:\Users\Labasu\AppData\Roaming\OpenCandy folder moved successfully. ========== FILES ========== File\Folder C:\Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Labasu\Desktop\cmd.bat deleted successfully. C:\Users\Labasu\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Labasu ->Temp folder emptied: 31626960 bytes ->Temporary Internet Files folder emptied: 2244742 bytes ->Java cache emptied: 748693 bytes ->FireFox cache emptied: 55767964 bytes ->Google Chrome cache emptied: 100773969 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1222398 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes RecycleBin emptied: 474 bytes Total Files Cleaned = 184,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Labasu ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.54.0 log created on 07232012_112905 Files\Folders moved on Reboot... File move failed. C:\Windows\SysNative\klogon.dll scheduled to be moved on reboot. PendingFileRenameOperations files... [2010.10.05 21:27:52 | 000,233,656 | ---- | M] (Kaspersky Lab ZAO) C:\Windows\SysNative\klogon.dll : Unable to obtain MD5 Registry entries deleted on Reboot... |
|
23.07.2012, 10:39
| #6 |
| /// Helfer-Team | Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung |
|
23.07.2012, 11:21
| #7 |
| | Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung So bis jz läuft alles!!! Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.23.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Labasu :: LABASU-PC [Administrator] Schutz: Aktiviert 23.07.2012 11:44:30 mbam-log-2012-07-23 (12-16-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 325211 Laufzeit: 31 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Labasu\Downloads\SoftonicDownloader_fuer_1a-bildsauger.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\07232012_112905\C_Users\Labasu\AppData\Local\Temp\rgnygtgcuex.exe (Trojan.Agent.3D) -> Keine Aktion durchgeführt. (Ende) # AdwCleaner v1.703 - Logfile created 07/23/2012 at 12:19:44 # Updated 20/07/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Labasu - LABASU-PC # Running from : C:\Users\Labasu\Downloads\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Labasu\AppData\Local\AVG Secure Search Folder Found : C:\Users\Labasu\AppData\Local\Conduit Folder Found : C:\Users\Labasu\AppData\LocalLow\AVG Secure Search Folder Found : C:\Users\Labasu\AppData\LocalLow\Conduit Folder Found : C:\Users\Labasu\AppData\Roaming\Mozilla\Firefox\Profiles\hqt996ux.default\ConduitCommon Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\AVG Secure Search Folder Found : C:\Program Files (x86)\AVG Secure Search Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search File Found : C:\Users\Labasu\AppData\Roaming\Mozilla\Firefox\Profiles\hqt996ux.default\searchplugins\Askcom.xml File Found : C:\Users\Labasu\AppData\Roaming\Mozilla\Firefox\Profiles\hqt996ux.default\searchplugins\funmoods.xml File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\IGearSettings Key Found : HKCU\Software\SweetIm Key Found : HKLM\SOFTWARE\AVG Secure Search Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\Iminent Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKLM\SOFTWARE\SweetIM Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] [x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar [x64] Key Found : HKCU\Software\AVG Secure Search [x64] Key Found : HKCU\Software\IGearSettings [x64] Key Found : HKCU\Software\SweetIm [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 [x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol [x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi [x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 [x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE [x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1 -\\ Mozilla Firefox v13.0.1 (de) Profile name : default File : C:\Users\Labasu\AppData\Roaming\Mozilla\Firefox\Profiles\hqt996ux.default\prefs.js Found : user_pref("CT2851647..clientLogIsEnabled", false); Found : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2851647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2851647.CTID", "CT2851647"); Found : user_pref("CT2851647.CurrentServerDate", "7-6-2012"); Found : user_pref("CT2851647.DSInstall", false); Found : user_pref("CT2851647.DialogsAlignMode", "LTR"); Found : user_pref("CT2851647.DialogsGetterLastCheckTime", "Wed Jun 06 2012 22:45:03 GMT+0200"); Found : user_pref("CT2851647.DownloadReferralCookieData", ""); Found : user_pref("CT2851647.EMailNotifierPollDate", "Thu Jun 07 2012 07:17:04 GMT+0200"); Found : user_pref("CT2851647.FeedLastCount2532783744689806690", 495); Found : user_pref("CT2851647.FeedPollDate2429156812186649977", "Thu Jun 07 2012 07:17:05 GMT+0200"); Found : user_pref("CT2851647.FeedPollDate2429156813040823546", "Thu Jun 07 2012 07:17:04 GMT+0200"); Found : user_pref("CT2851647.FeedPollDate2429156813130095866", "Thu Jun 07 2012 07:17:04 GMT+0200"); Found : user_pref("CT2851647.FeedPollDate2429156813224203613", "Thu Jun 07 2012 07:17:04 GMT+0200"); Found : user_pref("CT2851647.FeedPollDate2429156813230837251", "Thu Jun 07 2012 07:17:05 GMT+0200"); Found : user_pref("CT2851647.FeedPollDate2429156813454291735", "Thu Jun 07 2012 07:17:04 GMT+0200"); Found : user_pref("CT2851647.FeedPollDate2429156813729834876", "Thu Jun 07 2012 07:17:04 GMT+0200"); Found : user_pref("CT2851647.FeedPollDate2429156813860870021", "Thu Jun 07 2012 07:17:05 GMT+0200"); Found : user_pref("CT2851647.FeedPollDate2429156814264681793", "Thu Jun 07 2012 07:17:05 GMT+0200"); Found : user_pref("CT2851647.FeedPollDate2429156814863075366", "Thu Jun 07 2012 07:17:04 GMT+0200"); Found : user_pref("CT2851647.FeedPollDate2429156815257761081", "Thu Jun 07 2012 07:17:04 GMT+0200"); Found : user_pref("CT2851647.FeedTTL2429156813040823546", 15); Found : user_pref("CT2851647.FeedTTL2429156813130095866", 10); Found : user_pref("CT2851647.FeedTTL2429156813454291735", 5); Found : user_pref("CT2851647.FeedTTL2429156814264681793", 5); Found : user_pref("CT2851647.FirstServerDate", "28-5-2012"); Found : user_pref("CT2851647.FirstTime", true); Found : user_pref("CT2851647.FirstTimeFF3", true); Found : user_pref("CT2851647.FixPageNotFoundErrors", true); Found : user_pref("CT2851647.GroupingServerCheckInterval", 1440); Found : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2851647.HPInstall", false); Found : user_pref("CT2851647.HasUserGlobalKeys", true); Found : user_pref("CT2851647.HomePageProtectorEnabled", false); Found : user_pref("CT2851647.HomepageBeforeUnload", "hxxp://isearch.avg.com?cid=%7B49e835a2-974d-4eb1-a949-9[...] Found : user_pref("CT2851647.Initialize", true); Found : user_pref("CT2851647.InitializeCommonPrefs", true); Found : user_pref("CT2851647.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2851647.InstallationId", "fft2060.tmp.exe"); Found : user_pref("CT2851647.InstallationType", "XPE"); Found : user_pref("CT2851647.InstalledDate", "Mon May 28 2012 14:47:32 GMT+0200"); Found : user_pref("CT2851647.IsAlertDBUpdated", true); Found : user_pref("CT2851647.IsGrouping", false); Found : user_pref("CT2851647.IsInitSetupIni", true); Found : user_pref("CT2851647.IsMulticommunity", false); Found : user_pref("CT2851647.IsOpenThankYouPage", true); Found : user_pref("CT2851647.IsOpenUninstallPage", false); Found : user_pref("CT2851647.LanguagePackLastCheckTime", "Wed Jun 06 2012 23:11:42 GMT+0200"); Found : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2851647.LastLogin_3.12.0.8", "Mon May 28 2012 19:07:11 GMT+0200"); Found : user_pref("CT2851647.LastLogin_3.12.2.3", "Wed May 30 2012 15:56:13 GMT+0200"); Found : user_pref("CT2851647.LastLogin_3.13.0.6", "Thu Jun 07 2012 05:45:25 GMT+0200"); Found : user_pref("CT2851647.LatestVersion", "3.13.0.6"); Found : user_pref("CT2851647.Locale", "de"); Found : user_pref("CT2851647.MCDetectTooltipHeight", "83"); Found : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2851647.MCDetectTooltipWidth", "295"); Found : user_pref("CT2851647.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2851647.OriginalFirstVersion", "3.12.0.8"); Found : user_pref("CT2851647.SearchCaption", "uTorrentBar_DE Customized Web Search"); Found : user_pref("CT2851647.SearchEngineBeforeUnload", "Google"); Found : user_pref("CT2851647.SearchFromAddressBarIsInit", true); Found : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...] Found : user_pref("CT2851647.SearchInNewTabEnabled", true); Found : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Wed Jun 06 2012 23:11:41 GMT+0200"); Found : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2851647.SearchProtectorEnabled", false); Found : user_pref("CT2851647.SearchProtectorToolbarDisabled", true); Found : user_pref("CT2851647.SendProtectorDataViaLogin", true); Found : user_pref("CT2851647.ServiceMapLastCheckTime", "Wed Jun 06 2012 23:11:42 GMT+0200"); Found : user_pref("CT2851647.SettingsLastCheckTime", "Thu Jun 07 2012 05:41:09 GMT+0200"); Found : user_pref("CT2851647.SettingsLastUpdate", "1337169810"); Found : user_pref("CT2851647.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13"); Found : user_pref("CT2851647.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Mon May 28 2012 14:47:31 GMT+0200"); Found : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1331806000"); Found : user_pref("CT2851647.ToolbarDisabled", true); Found : user_pref("CT2851647.ToolbarShrinkedFromSetup", false); Found : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647"); Found : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2851647.UserID", "UN13208600499804413"); Found : user_pref("CT2851647.ValidationData_Toolbar", 2); Found : user_pref("CT2851647.WeatherNetwork", ""); Found : user_pref("CT2851647.WeatherPollDate", "Thu Jun 07 2012 07:17:05 GMT+0200"); Found : user_pref("CT2851647.WeatherUnit", "C"); Found : user_pref("CT2851647.alertChannelId", "1243681"); Found : user_pref("CT2851647.autoDisableScopes", -1); Found : user_pref("CT2851647.backendstorage.cb_user_id_000", "43423831383931343739303830345F46697265666F78")[...] Found : user_pref("CT2851647.backendstorage.cbcountry_000", "4154"); Found : user_pref("CT2851647.backendstorage.cbfirsttime", "4D6F6E204D617920323820323031322031343A34373A33382[...] Found : user_pref("CT2851647.backendstorage.facebook_mode", "32"); Found : user_pref("CT2851647.backendstorage.facebook_user_locale", "6465"); Found : user_pref("CT2851647.backendstorage.pairingkey", "43364431414237364332453135394133334634443336303343[...] Found : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...] Found : user_pref("CT2851647.backendstorage.url_history0001", "687474703A2F2F64656A6176752E666F72756D6965726[...] Found : user_pref("CT2851647.backendstorage.uttorrents", "7B226275696C64223A32373232302C226C6162656C223A5B5D[...] Found : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Mon May 28 2012 14:47:33 GMT+0200"); Found : user_pref("CT2851647.homepageProtectorEnableByLogin", true); Found : user_pref("CT2851647.initDone", true); Found : user_pref("CT2851647.isAppTrackingManagerOn", true); Found : user_pref("CT2851647.myStuffEnabled", true); Found : user_pref("CT2851647.myStuffPublihserMinWidth", 400); Found : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2851647.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2851647.navigateToUrlOnSearch", false); Found : user_pref("CT2851647.revertSettingsEnabled", true); Found : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2851647.searchProtectorEnableByLogin", true); Found : user_pref("CT2851647.testingCtid", ""); Found : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Wed Jun 06 2012 23:11:42 GMT+0200"); Found : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Mon May 28 2012 14:47:35 GMT+0200"); Found : user_pref("CT2851647.usagesFlag", 2); Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"3eb[...] Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Labasu\\AppData\\Roaming\\Mozilla\\[...] Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6"); Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v3.13/gadget.html", [...] Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://youtube.conduitapps.com/v115/gadget.php?appMo[...] Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid=%7B49e[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT2851647"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647"); Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647"); Found : user_pref("CommunityToolbar.globalUserId", "100d7f8d-98c0-4d56-9865-f1c22c7f4b4e"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851647"); Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jun 04 2012 14:47:3[...] Found : user_pref("CommunityToolbar.notifications.alertEnabled", false); Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.notifications.locale", "en"); Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jun 06 2012 23:11:42 GMT+0200"); Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.notifications.userId", "46a51786-967d-45cc-ad88-cef9cd3c3be6"); Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://isearch.avg.com?cid=%7B49e835a2-974d-4eb1-a94[...] Found : user_pref("CommunityToolbar.originalSearchEngine", "Google"); Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.0.0.9"); Found : user_pref("extensions.funmoods.SimilarSitesStorage-pid2", "a21074ed1337878a"); Found : user_pref("extensions.funmoods.admin", false); Found : user_pref("extensions.funmoods.aflt", "nv1"); Found : user_pref("extensions.funmoods.cntry", "AT"); Found : user_pref("extensions.funmoods.dfltLng", ""); Found : user_pref("extensions.funmoods.dfltSrch", true); Found : user_pref("extensions.funmoods.excTlbr", false); Found : user_pref("extensions.funmoods.hdrMd5", "474292A34C49459BBF5E82B657FA1328"); Found : user_pref("extensions.funmoods.hmpg", true); Found : user_pref("extensions.funmoods.id", "204c3cc000000000000000265a8322ae"); Found : user_pref("extensions.funmoods.instlDay", "15411"); Found : user_pref("extensions.funmoods.instlRef", ""); Found : user_pref("extensions.funmoods.isDcmntCmplt", true); Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.11.1619:44:31"); Found : user_pref("extensions.funmoods.newTab", true); Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1"); Found : user_pref("extensions.funmoods.noFFXTlbr", false); Found : user_pref("extensions.funmoods.prdct", "funmoods"); Found : user_pref("extensions.funmoods.prtnrId", "funmoods"); Found : user_pref("extensions.funmoods.sg", "none"); Found : user_pref("extensions.funmoods.smplGrp", "none"); Found : user_pref("extensions.funmoods.srchPrvdr", "Search"); Found : user_pref("extensions.funmoods.tlbrId", "base"); Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=nv1&q="); Found : user_pref("extensions.funmoods.vrsn", "1.5.11.16"); Found : user_pref("extensions.funmoods.vrsnTs", "1.5.11.1619:44:31"); Found : user_pref("extensions.funmoods.vrsni", "1.5.11.16"); Found : user_pref("extensions.funmoods_i.aflt", "nv1"); Found : user_pref("extensions.funmoods_i.dfltLng", ""); Found : user_pref("extensions.funmoods_i.dfltSrch", true); Found : user_pref("extensions.funmoods_i.dnsErr", true); Found : user_pref("extensions.funmoods_i.excTlbr", false); Found : user_pref("extensions.funmoods_i.hmpg", true); Found : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1"); Found : user_pref("extensions.funmoods_i.id", "204c3cc000000000000000265a8322ae"); Found : user_pref("extensions.funmoods_i.instlDay", "15411"); Found : user_pref("extensions.funmoods_i.instlRef", ""); Found : user_pref("extensions.funmoods_i.newTab", true); Found : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1"); Found : user_pref("extensions.funmoods_i.prdct", "funmoods"); Found : user_pref("extensions.funmoods_i.prtnrId", "funmoods"); Found : user_pref("extensions.funmoods_i.smplGrp", "none"); Found : user_pref("extensions.funmoods_i.srchPrvdr", "Search"); Found : user_pref("extensions.funmoods_i.tlbrId", "base"); Found : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=nv1&q=")[...] Found : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16"); Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1619:44:31"); Found : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16"); -\\ Google Chrome v [Unable to get version] File : C:\Users\Labasu\AppData\Local\Google\Chrome\User Data\Default\Preferences Found : "search_url" : "hxxp://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms}", ************************* AdwCleaner[R1].txt - [23849 octets] - [23/07/2012 12:19:44] ########## EOF - C:\AdwCleaner[R1].txt - [23978 octets] ########## Danke schonmal Für die Hilfe was ist noch zu tun? |
|
23.07.2012, 17:50
| #8 |
| /// Helfer-Team | Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung FUNDE LOESCHEN LASSEN! Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
07.08.2012, 15:44
| #9 |
| /// Helfer-Team | Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung |
| akamai, antivir, avg secure search, avg security toolbar, avira, bho, cid, error, failed, fehler, firefox, flash player, home, iexplore.exe, install.exe, kaspersky, logfile, microsoft office starter 2010, mozilla, nvidia update, plug-in, realtek, registry, scan, searchscopes, secure search, security, software, tastatur, teamspeak, trojaner, usb, usb 3.0, vtoolbarupdater, windows, zahlung |
Linear-Darstellung
