Hi Leute, ich habe mir gerade einen "illegal/legalen/film angekuckt und bin hald auf ne Sex werbung gekommen. Plötzlich war mein Bildschirm weiß und dann stand da: Der Computer ist für die Verletzung der Gesetze der Republik Österreich gesperrt worden".

Und dann konnte ich nix mehr machen.
Ich kenne mich mit dem PC wirklich nicht besonders gut aus und brauche UNBEDINGT eure Hilfe!! Danke schon mal im Vorraus!

Mfg Major

Ich such mal alles heraus was hier so gefordert wird. Die mbam file folgt auch gleich.


Hier mal die OTL Logfiles:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 10.09.2012 18:49:06 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\ADMIN\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 3,28 Gb Available Physical Memory | 83,50% Memory free
7,86 Gb Paging File | 7,25 Gb Available in Paging File | 92,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913,41 Gb Total Space | 757,39 Gb Free Space | 82,92% Space Free | Partition Type: NTFS
Drive D: | 7,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ADMIN-PC | User Name: ADMIN | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B2FA53-1502-4D33-9BC4-CEB56888E038}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe | 
"{06CD26A1-042C-4BE8-8E6C-BE28AA2EC5DF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\matschutsch\counter-strike source\hl2.exe | 
"{2AB71673-F33D-4D5E-BECC-07CEA0581746}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2AC3A11A-FFEE-4B5F-BCD9-EC319139B0B1}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{2E8F33D2-2A07-4116-ACB5-CEC1925C2DAC}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\devicesetup.exe | 
"{3948AF1F-F402-459A-9D42-529A7A8F8A44}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{39789757-654D-41E5-9DDC-2D7FF41471DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3AAF34BA-A4BB-4897-A3CF-8739176DD797}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{42A4DF58-FFCE-4DBE-A836-3CF70AD25430}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{4B20B07C-B85C-48E1-AE11-E9EDB653F815}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe | 
"{58547579-73E0-4977-9FEC-B666860EF50E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{589DF324-940D-4A46-945B-D7B9ABAF3E45}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{6EFC8012-2E41-4577-8FC6-BF747C00AB85}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe | 
"{701082C1-7ED0-4664-B262-B5CEE6F75D36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\matschutsch\day of defeat source\hl2.exe | 
"{7864229F-B4C1-4D89-8033-75905E78240F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{877CF603-01E7-4E4F-BAB3-33C995DFEA7B}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{885865AC-F5BE-4177-8E01-032A9B3C20CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe | 
"{8B410664-243B-4347-BAA9-8A7E5B4B3EF4}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{8EAF3A58-74B5-43AD-B4E0-834822A01AF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe | 
"{90133B96-3A2A-4F6A-96F2-197E09DFC73D}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{9AC6D324-2D5D-4808-97A7-3FF541FEFA2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{9B1636CD-8B91-46D7-8263-CF389E2BB639}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe | 
"{A23EF242-1ACE-4364-99AA-A932DB449D25}" = dir=in | app=c:\program files\eslwire\wire.exe | 
"{AEAF2F3C-675D-4823-B39A-1852123C3B98}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B9133BCA-3FDA-41AE-8CE7-439F05DE512F}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{C6496616-A797-48B5-8E65-62B46E8C97FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{C79A1061-C36B-4E93-8B99-827705CF9075}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{D9496290-4F69-4855-913F-143D1B50184F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E1D7FA71-7DD3-41D5-8F8F-5D6D4D913818}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe | 
"{E47BEA7D-3C87-4B34-804E-8600B7D561C9}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe | 
"{EE41D461-1762-40A6-B479-E1497BB14396}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe | 
"{F08A6BD3-7352-454A-B707-819430359BC9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\matschutsch\day of defeat source\hl2.exe | 
"{F5BA64AB-1FA6-4AC1-8E87-F25BD29BB964}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F9835579-3D8D-4552-9BFD-B7E99B61053D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\matschutsch\counter-strike source\hl2.exe | 
"{FC0ECF1F-1EC7-4610-882D-2A04155E2F4D}" = dir=out | app=c:\program files\eslwire\wire.exe | 
"TCP Query User{04BE5918-0777-4C86-BC25-8E6BCB596896}C:\users\admin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{06D22777-694F-4B38-97E0-52F2412CBD7D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{85C956E8-7226-4400-B317-6AACFF4E0C85}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{B72EEC79-E23C-4580-B4C4-CA4FC260DCB3}C:\program files (x86)\steam\steamapps\matschutsch\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\matschutsch\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{BF727E9E-A521-4ED7-BFC6-F9E8C598D929}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{E02BEDCE-D3C8-4B09-84A1-C6339F8586B1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{E74E8AE6-BE13-423E-89B7-2A3528C9126A}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"UDP Query User{18C52A5F-BDF5-4680-ACCA-73B9C637F307}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{3CA4A66F-A4D9-4C9E-8971-CA3F080CDFDF}C:\program files (x86)\steam\steamapps\matschutsch\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\matschutsch\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{3FC1B521-A43D-4C4B-A129-5BE0847BB8CA}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{4197D4FE-4440-447D-A7BA-CD73B5E04506}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"UDP Query User{736BECF4-0DA2-482B-975F-1DFF118127E6}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{B10897D0-5A85-49C0-8AF9-E9D5F23162F7}C:\users\admin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{CE494880-1347-4E3B-8927-C37E1C910576}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{323E134C-707D-4017-9768-D916A4D8F82E}" = HP Photosmart 5510d series - Grundlegende Software für das Gerät
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5409411D-CD72-432D-B823-1B520B24BD3C}" = HP Photosmart 5510 series - Grundlegende Software für das Gerät
"{5F3E04B1-390D-35F3-4C08-D82C7FB95AE5}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98BA2F7A-DCC7-C939-9A77-ABAFA55E0AF6}" = ATI AVIVO64 Codecs
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft-Maus- und Tastatur-Center
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}" = Python 2.7.3 (64-bit)
"{C42B7876-FA88-4F4A-9A5F-E175AD143F2A}" = ATI Catalyst Install Manager
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"C-Media PCI Audio Driver" = Aureon 5.1 PCI
"ESL Wire_is1" = ESL Wire 1.14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Microsoft Security Client" = Microsoft Security Essentials
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{033063B9-94AF-DC7C-95D3-35F641D8AEBE}" = CCC Help English
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{171D318E-31FD-954F-0C3E-21EB06C0E899}" = CCC Help Russian
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20460018-6444-825B-4EBA-40D8DD30F12C}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2893F5FD-0C0E-0B0F-3C70-C141539174B8}" = CCC Help Czech
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{362E1FE9-1FF7-EE96-E7FF-D5E661173FFB}" = Catalyst Control Center Graphics Full Existing
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{440D3BE4-EC27-5F34-DB56-A76E7EDF8BB1}" = CCC Help Finnish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAFDDA4-65ED-F56B-CFC2-849E958AE6B1}" = CCC Help Korean
"{4DA5BB7E-9CB8-5E01-7F96-46F1EE2F2D4F}" = CCC Help Chinese Standard
"{4FFBF030-A72F-B9FD-B944-B7850BEBE80C}" = CCC Help Swedish
"{542A08AB-AFD4-B5A4-9780-A8507A738F7F}" = CCC Help Chinese Traditional
"{5433D947-A97A-25D5-A84E-A5171D2B8D6A}" = CCC Help Hungarian
"{545E8571-FAB5-5BFC-1B70-A6A8E4ACA298}" = CCC Help Thai
"{57020886-809C-746B-2303-8030A84A0EB8}" = CCC Help Turkish
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5F7E6484-A2FB-778D-431D-D181C55C3F1C}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6D441C98-EB46-D873-66A0-3FA448B8AD08}" = CCC Help Japanese
"{6DC5AFA1-10F0-D421-2147-C426D554F286}" = Catalyst Control Center Graphics Full New
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{722EB9DF-A9EF-129D-816F-C6F17769EDAA}" = CCC Help Italian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79437AE7-3196-2C0C-0AF6-90B2AF22D8DA}" = CCC Help Greek
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"{7DF0573D-A96F-9133-2454-D80A62F9FA77}" = CCC Help Polish
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8295C50D-F52A-E4E1-4230-C4110980C3A0}" = CCC Help Norwegian
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A227815-272D-A304-015F-DA71AABADE0A}" = Catalyst Control Center Localization All
"{8AAE1CA8-68A1-15F7-DCCD-311F3435EFC4}" = Catalyst Control Center Core Implementation
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{93BC4791-8EC4-363C-1274-4F1F8FB03F2B}" = Catalyst Control Center Graphics Previews Vista
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C984E3E-9B9B-CBCC-326D-A63CCE560C0C}" = Catalyst Control Center Graphics Light
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFE5FFBC-CE6D-F6BE-7EAA-AA2760E75E03}" = CCC Help Spanish
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C0C6AD06-71E3-934A-8232-4487B751177F}" = CCC Help Dutch
"{C5634562-6215-543B-3E86-0CF513706972}" = CCC Help French
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{DBDF2E37-701F-416F-92F6-1A239C666AA3}" = Real Environment Xtreme Essential
"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Hilfe
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE10D76C-39B7-40A8-A24C-1BEEACBED160}" = Catalyst Control Center - Branding
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4719A65-7FF1-6146-BCC3-419662516FCF}" = ccc-core-static
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F5FE4F51-9998-BC38-E32C-6C056ACA0BC1}" = Catalyst Control Center InstallProxy
"{FC541630-B9CF-7783-3D1C-7CE1094BDD97}" = CCC Help Portuguese
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"Free Audio Converter_is1" = Free Audio Converter version 5.0.6.221
"Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.11.29.823
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"FreePDF_XP" = FreePDF (Remove only)
"Giraffic" = Veoh Giraffic Video Accelerator
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Origin" = Origin
"RealPlayer 15.0" = RealPlayer
"RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X
"SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1
"Steam App 105450" = Age of Empires® III: Complete Collection
"Steam App 211" = Source SDK
"Steam App 730" = Counter-Strike: Global Offensive Beta
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.09.2012 09:29:21 | Computer Name = ADMIN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 07.09.2012 09:29:21 | Computer Name = ADMIN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13088
 
Error - 07.09.2012 09:29:21 | Computer Name = ADMIN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13088
 
Error - 07.09.2012 09:41:04 | Computer Name = ADMIN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: veohwebplayer.exe, Version: 1.3.9.1000,
 Zeitstempel: 0x4fce0418  Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.7.0.0,
 Zeitstempel: 0x4dff2959  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051ae6  ID des fehlerhaften
 Prozesses: 0xb9c  Startzeit der fehlerhaften Anwendung: 0x01cd8cd45fcc3876  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
Berichtskennung:
 ab0f2dcb-f8f1-11e1-b0c3-4487fc9e2d1e
 
Error - 08.09.2012 07:04:52 | Computer Name = ADMIN-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.09.2012 15:31:23 | Computer Name = ADMIN-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.09.2012 08:58:48 | Computer Name = ADMIN-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.09.2012 10:27:29 | Computer Name = ADMIN-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.09.2012 11:19:13 | Computer Name = ADMIN-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.09.2012 12:40:06 | Computer Name = ADMIN-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 10.09.2012 12:38:22 | Computer Name = ADMIN-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   discache  MpFilter  spldr  Wanarpv6
 
Error - 10.09.2012 12:38:33 | Computer Name = ADMIN-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.09.2012 12:38:40 | Computer Name = ADMIN-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.09.2012 12:38:45 | Computer Name = ADMIN-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.09.2012 12:38:45 | Computer Name = ADMIN-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.09.2012 12:43:37 | Computer Name = ADMIN-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   discache  MpFilter  spldr  Wanarpv6
 
Error - 10.09.2012 12:43:41 | Computer Name = ADMIN-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.09.2012 12:43:48 | Computer Name = ADMIN-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.09.2012 12:43:50 | Computer Name = ADMIN-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.09.2012 12:43:50 | Computer Name = ADMIN-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 10.09.2012 18:49:06 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\ADMIN\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 3,28 Gb Available Physical Memory | 83,50% Memory free
7,86 Gb Paging File | 7,25 Gb Available in Paging File | 92,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913,41 Gb Total Space | 757,39 Gb Free Space | 82,92% Space Free | Partition Type: NTFS
Drive D: | 7,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ADMIN-PC | User Name: ADMIN | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.02 22:19:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\ADMIN\Desktop\OTL.exe
PRC - [2012.07.18 17:01:50 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.18 17:01:45 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.01.13 23:04:08 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.09.08 21:30:47 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.04 10:12:54 | 000,678,416 | ---- | M] () [Auto | Stopped] -- C:\Programme\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV - [2012.08.14 22:31:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.18 17:01:49 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.02 17:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Stopped] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.04 10:12:44 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012.06.26 21:38:28 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.06.24 22:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.03.04 22:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.13 23:26:00 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.01.13 22:10:56 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.10.02 13:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.30 10:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.22 15:02:34 | 001,155,072 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.02 23:11:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.02 23:11:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.02 23:11:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.06.13 18:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN\AppData\Roaming\mozilla\Extensions
[2012.08.14 16:53:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\wdl6tu5g.default\extensions
[2012.03.11 23:24:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\wdl6tu5g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.14 14:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.14 14:03:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.18 17:01:50 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.14 16:53:36 | 000,002,176 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.08.29 23:13:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [vsjitdebugger] C:\Users\ADMIN\AppData\Local\Microsoft\Windows\3641\vsjitdebugger.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated)
O4 - HKCU..\RunOnce: [msupdate] C:\Users\ADMIN\AppData\Roaming\2.exe (Company)
O8:64bit: - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\ADMIN\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ADMIN\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\ADMIN\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ADMIN\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.153.32.129 213.153.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F2B174D-7CCE-4860-97BF-76D213CE4305}: DhcpNameServer = 213.153.32.129 213.153.32.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.07 00:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FsPassengersX
[2012.09.06 14:59:13 | 000,295,936 | ---- | C] (Thrustmaster) -- C:\Windows\SysNative\tmffbcpl.dll
[2012.09.06 14:59:13 | 000,208,304 | ---- | C] (Macrovision Corporation) -- C:\Windows\SysNative\isrt.dll
[2012.09.06 14:59:13 | 000,099,840 | ---- | C] (Macrovision Corporation) -- C:\Windows\SysNative\_IsRes.dll
[2012.09.06 14:59:13 | 000,041,984 | ---- | C] (Thrustmaster) -- C:\Windows\SysNative\tmffbdrv.dll
[2012.09.06 14:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thrustmaster
[2012.09.06 14:59:03 | 000,253,952 | ---- | C] (Thrustmaster) -- C:\Windows\SysWow64\tmffbcpl.dll
[2012.09.06 14:59:03 | 000,034,304 | ---- | C] (Thrustmaster) -- C:\Windows\SysWow64\tmffbdrv.dll
[2012.09.06 14:59:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Thrustmaster
[2012.09.04 20:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
[2012.09.03 20:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REX Essential
[2012.09.03 19:55:41 | 000,778,088 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPMb411.dll
[2012.09.02 22:23:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.02 22:19:34 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\ADMIN\Desktop\OTL.exe
[2012.09.02 21:51:56 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\hellomoto
[2012.08.24 14:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2012.08.24 14:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
[2012.08.24 13:59:12 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.08.24 13:59:12 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.08.19 19:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3
[2012.08.15 16:42:08 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\Documents\GTA San Andreas User Files
[2012.08.15 16:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All
[2012.08.15 16:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MTA San Andreas 1.3
[2012.08.15 16:30:01 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\Desktop\GTA San Andreas
[2012.08.15 16:07:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.15 16:07:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.15 16:07:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.15 16:07:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.15 16:07:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.15 16:07:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.15 16:07:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.15 16:07:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.15 16:07:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.15 16:07:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.15 16:07:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.15 16:07:37 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 16:07:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 16:04:58 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 16:04:58 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 16:04:57 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 16:04:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 16:04:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 16:04:57 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 16:04:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 16:04:44 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.14 16:53:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2012.08.14 16:46:24 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\PhotoFiltre
[2012.08.14 16:46:22 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre
[2012.08.14 16:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre
[2012.08.14 16:46:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoFiltre
[2012.08.14 16:46:17 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Opera
[2012.08.14 16:46:14 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\OCS
[2012.08.14 16:46:07 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll
[2012.08.14 16:46:05 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\DesktopIconForAmazon
[2012.06.14 15:46:58 | 000,390,144 | ---- | C] (Company) -- C:\Users\ADMIN\AppData\Roaming\2.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.10 18:43:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.10 18:43:25 | 3163,873,280 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.10 18:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.10 17:30:07 | 000,138,089 | ---- | M] () -- C:\Users\ADMIN\Documents\Gamer Forumeintrag.odg
[2012.09.10 17:24:46 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 17:24:46 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.08 13:05:26 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2012.09.04 10:12:44 | 000,147,472 | ---- | M] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2012.09.03 20:11:16 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\REX Essential.lnk
[2012.09.03 19:55:40 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 5510d series.lnk
[2012.09.03 19:55:40 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Photosmart 5510d series.lnk
[2012.09.03 19:55:40 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Photosmart 5510d series.lnk
[2012.09.03 19:35:53 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.03 19:35:53 | 000,656,028 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.03 19:35:53 | 000,617,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.03 19:35:53 | 000,130,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.03 19:35:53 | 000,107,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.03 17:27:06 | 000,000,222 | ---- | M] () -- C:\Users\ADMIN\Desktop\Age of Empires III Complete Collection.url
[2012.09.02 22:19:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\ADMIN\Desktop\OTL.exe
[2012.08.24 17:14:54 | 000,083,102 | ---- | M] () -- C:\Users\ADMIN\Cross Fire Rank Icons - by FAME Gaming.zip
[2012.08.24 16:37:24 | 000,001,434 | ---- | M] () -- C:\Users\ADMIN\Desktop\Free YouTube to iPhone Converter.lnk
[2012.08.23 11:18:48 | 000,405,152 | ---- | M] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.08.19 19:56:53 | 000,312,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.19 19:55:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012.08.19 19:55:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012.08.19 19:14:33 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2012.08.14 22:31:15 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.14 22:31:14 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.14 16:46:22 | 000,001,043 | ---- | M] () -- C:\Users\ADMIN\Desktop\PhotoFiltre.lnk
 
========== Files Created - No Company Name ==========
 
[2012.09.10 17:30:04 | 000,138,089 | ---- | C] () -- C:\Users\ADMIN\Documents\Gamer Forumeintrag.odg
[2012.09.04 20:52:52 | 015,481,870 | ---- | C] () -- C:\Users\ADMIN\Desktop\aoe3x-106-german.exe
[2012.09.03 20:11:16 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\REX Essential.lnk
[2012.09.03 19:55:40 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart 5510d series.lnk
[2012.09.03 19:55:40 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Photosmart 5510d series.lnk
[2012.09.03 19:55:40 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Photosmart 5510d series.lnk
[2012.09.03 17:27:06 | 000,000,222 | ---- | C] () -- C:\Users\ADMIN\Desktop\Age of Empires III Complete Collection.url
[2012.08.24 17:14:54 | 000,083,102 | ---- | C] () -- C:\Users\ADMIN\Cross Fire Rank Icons - by FAME Gaming.zip
[2012.08.19 19:55:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012.08.19 19:55:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012.08.19 19:14:33 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2012.08.14 16:46:22 | 000,001,043 | ---- | C] () -- C:\Users\ADMIN\Desktop\PhotoFiltre.lnk
[2012.08.14 16:46:08 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.06.11 18:51:51 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012.04.13 22:52:59 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.04.02 16:14:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll
[2012.04.02 16:14:58 | 000,000,188 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2012.04.02 16:14:41 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2012.04.02 14:08:35 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\VMix.dll
[2012.04.02 14:07:54 | 000,000,621 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2012.03.27 17:22:19 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2012.03.11 21:23:52 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.11 21:08:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.11 21:06:41 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.08.06 17:39:46 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\.minecraft
[2012.06.13 18:52:32 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Babylon
[2012.06.14 13:25:17 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\BabylonToolbar
[2012.03.11 21:39:01 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Canneverbe Limited
[2012.08.14 16:46:06 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\DesktopIconForAmazon
[2012.08.24 16:37:28 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\DVDVideoSoft
[2012.04.17 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.02 21:52:07 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\hellomoto
[2012.04.26 18:57:25 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\LolClient
[2012.06.14 06:27:49 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Media Finder
[2012.08.14 16:46:14 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\OCS
[2012.06.21 16:00:26 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\OpenCandy
[2012.03.11 21:31:00 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\OpenOffice.org
[2012.08.14 16:46:17 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Opera
[2012.07.19 23:51:21 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Origin
[2012.09.02 23:11:28 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\PhotoFiltre
[2012.09.06 23:53:30 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Spotify
[2012.03.25 10:35:20 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\TeamViewer
[2012.09.02 23:11:28 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\TS3Client
[2012.07.29 00:19:27 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\ts3overlay
[2012.06.21 16:00:59 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\TuneUp Software
[2012.06.17 10:27:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

und die mbam file:

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.10.06

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
ADMIN :: ADMIN-PC [Administrator]

Schutz: Deaktiviert

10.09.2012 19:18:21
mbam-log-2012-09-10 (19-18-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 411576
Laufzeit: 35 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|msupdate (Backdoor.Bot) -> Daten: C:\Users\ADMIN\AppData\Roaming\2.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\ADMIN\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\Users\ADMIN\AppData\Roaming\2.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ADMIN\Desktop\Markus Download bis 11.3.12\FSPassengerX+Crack\FSPassengers X\Crack\fspassengersx.(cracked.by.komu)-v7.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ADMIN\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ADMIN\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Entschuldigt, hier noch ein Paar Infos die Ihr vielleicht brauchen könnt.

Also ich habe eine 64 bit Version, Windows 7 Home Premium.

Bitte, wenn ihr noch mehr Infos braucht sagt es mir. Ich brauche den PC so schnell wie möglich wieder. Jetzt bin ich ja im Abgesicherten Modus mit Netzwerktreibern. Es gibt einiges das ich für mein Abitur dieses Jahr brauche!

Ich kann es nur wiederholen: Ich kenne mich wirklich nicht gut aus deshalb Bitte ich um eure HILFE

Code: Alles auswählenAufklappen

ATTFilter

C:\Users\ADMIN\Desktop\Markus Download bis 11.3.12\FSPassengerX+Crack\FSPassengers X\Crack\fspassengersx.(cracked.by.komu)-v7.exe
         

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

Ich habe mir den FSPassenger eigentlich legal online gekauft, beim Hersteller? Ich habe sonst keine Cracks von FSPassenger heruntergeladen...

fspassengersx.(cracked.by.komu) kann man also so beim Hersteller online kaufen?

Kla^^ ne ich habs mir mal gecracked geholt weil ich kucken wollte wie das so ist, dann habe ich mir das Original gekauft. So wars :P

Also doch nichts mit "sonst keine Cracks"
Naja ich merk es immer wieder, das ist ein heikles Thema mit den Cracks. Da dreht man sich gern wie Fähnchen im Wind und verzettelt sich in Wiedersprüche als Crackuser.

Wie auch immer, für dich geht es hier weiter => Neuinstallation von Windows
Wenn du Fragen dazu oder zur Datenrettung hast frag, aber bereinigt wird dieser Fall nicht mehr.