Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: smiley auf dunklem bildschirm, windows startete nicht mehr

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.09.2011, 15:48   #1
glueckskind
 
smiley auf dunklem bildschirm, windows startete nicht mehr - Standard

smiley auf dunklem bildschirm, windows startete nicht mehr



hej,

ich fand hier schon einen eintragmit scheinbar selbigem problem von 2007
http://www.trojaner-board.de/39607-s...mehr-hoch.html
habe aber vorsichtshalber nicht in diesem thread weitergeschrieben, da ich nicht weiss, inwiefern mein thema als aktuell angezeigt wird.

gestern ließ sich windows (vista) den ganzen tag nicht mehr starten, da beim hochfahren ein schwarzer bildschirm mit weißem smiley und blinkendem cursur in linker unterer bildschirmecke auftauchte und nicht mehr verschwand. lediglich strg+alt+entf brachten einen neustart hervor, jede andere taste ließ die grinsebacke erst kurz verschwinden und dann gleich wieder auftauchen.

ins bios-menü konnte ich vorher noch gelangen, weshalb ich heute die vista-cd ausgegraben habe.

allerdings funktionierte eben das hochfahren wieder problemlos, microsoft security essentials hat nichts gefunden.


frage: könnt ihr mir scans empfehlen, mit denen ich evtl gründlicher überprüfen kann, ob sich das problem wirklich von selbst behoben hat?

es scheint zwar alles ok und wäre auch wunderbar, wenns so ist, aber bevor ich das ganze übereilt abhake, wäre mir eine zweite meinung wichtig.

dankeschön im voraus fürs drüberlesen,
y

Alt 08.09.2011, 21:54   #2
Swisstreasure
/// Malwareteam
 
smiley auf dunklem bildschirm, windows startete nicht mehr - Standard

smiley auf dunklem bildschirm, windows startete nicht mehr





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________


Alt 09.09.2011, 11:02   #3
glueckskind
 
smiley auf dunklem bildschirm, windows startete nicht mehr - Standard

smiley auf dunklem bildschirm, windows startete nicht mehr



done.
hier der malwarebytes-log:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7682

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

09.09.2011 11:39:58
mbam-log-2011-09-09 (11-39-58).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 186553
Laufzeit: 6 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


und die zwei von otl:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.09.2011 11:47:25 - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\Yvi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,88% Memory free
6,19 Gb Paging File | 5,19 Gb Available in Paging File | 83,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,75 Gb Total Space | 217,11 Gb Free Space | 48,71% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,66 Gb Free Space | 53,32% Space Free | Partition Type: FAT32
Drive I: | 7,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: YVI-PC | User Name: Yvi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.09 11:46:45 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Yvi\Desktop\OTL.exe
PRC - [2011.08.02 12:47:12 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.16 00:01:44 | 000,478,720 | ---- | M] (Crossrider) -- C:\Programme\CrossriderWebApps\Crossrider.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2010.05.05 09:18:46 | 000,148,280 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\ezprint.exe
PRC - [2010.05.05 09:18:43 | 000,770,728 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2010.04.14 16:45:21 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeacoms.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.08 13:34:00 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ielowutil.exe
PRC - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2008.01.21 04:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007.05.29 16:40:48 | 000,360,096 | ---- | M] () -- C:\Windows\System32\atwtusb.exe
PRC - [2007.05.29 08:55:20 | 001,969,824 | ---- | M] () -- C:\Windows\System32\WTMKM.exe
PRC - [2006.05.18 11:40:18 | 001,499,136 | ---- | M] () -- C:\Programme\NETGEAR\WG311T\wlancfg5.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.05.05 09:18:46 | 000,148,280 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\ezprint.exe
MOD - [2010.05.05 09:18:43 | 000,770,728 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2010.04.05 06:56:20 | 000,094,359 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2010.04.05 06:56:19 | 000,045,221 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\epstring.dll
MOD - [2010.04.05 06:56:17 | 002,203,803 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\epwizres.dll
MOD - [2010.04.05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\epwizard.dll
MOD - [2010.04.05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\customui.dll
MOD - [2010.04.05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\epfunct.dll
MOD - [2010.04.05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\eputil.dll
MOD - [2010.04.05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\imagutil.dll
MOD - [2010.04.01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2010.04.01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2009.05.27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeadatr.dll
MOD - [2009.04.07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\iptk.dll
MOD - [2009.03.10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009.03.02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009.02.20 04:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\System32\LXEAsmr.dll
MOD - [2009.02.20 04:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXEAsm.dll
MOD - [2007.05.29 16:40:48 | 000,360,096 | ---- | M] () -- C:\Windows\System32\atwtusb.exe
MOD - [2007.05.29 08:55:20 | 001,969,824 | ---- | M] () -- C:\Windows\System32\WTMKM.exe
MOD - [2006.08.28 17:29:00 | 000,180,224 | ---- | M] () -- C:\Windows\System32\ATWTINK.DLL
MOD - [2006.05.18 11:40:18 | 001,499,136 | ---- | M] () -- C:\Programme\NETGEAR\WG311T\wlancfg5.exe
MOD - [2006.04.24 14:27:58 | 000,098,304 | ---- | M] () -- C:\Programme\NETGEAR\WG311T\WlanDll.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.07 09:37:55 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.04.14 16:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeacoms.exe -- (lxea_device)
SRV - [2010.04.14 16:45:14 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | Disabled | Running] --  -- (MBAMProtector)
DRV - [2011.09.09 11:42:29 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5DB49302-83F6-4186-8BAB-77C088CAA2A3}\MpKsle37b256b.sys -- (MpKsle37b256b)
DRV - [2011.07.27 12:12:42 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.04.03 12:56:00 | 007,444,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.02.15 16:17:14 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008.01.17 22:35:30 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2008.01.16 18:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2007.11.21 12:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.10.12 03:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.10.30 17:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006.06.27 20:08:24 | 000,071,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2006.05.03 22:40:42 | 000,390,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd.sys -- (snpstd)
DRV - [2006.04.04 10:54:28 | 000,456,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WG311T13.sys -- (AR5211)
DRV - [2002.07.17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2001.05.23 10:42:52 | 000,012,084 | ---- | M] (Aiptek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UTBLFILT.sys -- (utblfilt)
DRV - [2001.02.18 17:09:56 | 000,009,312 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hp4200c.sys -- (hp4200c)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yodl.de/?&affid=1&uid=5ABE1BC3-76C2-4620-8ACC-E089E690C969
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="
FF - prefs.js..browser.startup.homepage: "hxxp://www.ninwiki.com/Special:Random"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: crossriderapp435@crossrider.com:0.72.17
FF - prefs.js..keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011.07.26 20:05:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.07 12:40:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.07 12:40:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
 
[2008.07.11 16:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yvi\AppData\Roaming\mozilla\Extensions
[2011.09.08 16:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\luyqcj2o.default\extensions
[2010.04.29 19:28:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\luyqcj2o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.25 12:41:39 | 000,000,000 | ---D | M] (AvantGarde Rosepetal) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\luyqcj2o.default\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
[2011.08.18 16:42:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\luyqcj2o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.12 09:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\luyqcj2o.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.05.12 09:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\luyqcj2o.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011.03.28 19:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.07.26 20:05:04 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\PROGRAMDATA\CODECCHECK\FIREFOX
[2011.03.20 01:06:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.09.18 20:17:57 | 000,001,779 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\clipfish.xml
[2009.09.18 20:17:57 | 000,001,013 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conrad.xml
[2009.09.18 20:17:57 | 000,002,487 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\discount24.xml
[2011.03.20 01:06:12 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.20 01:06:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.09.18 20:17:57 | 000,001,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\musicload.xml
[2009.09.18 20:17:57 | 000,002,120 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\myvideo.xml
[2009.09.18 20:17:57 | 000,002,023 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\otto.xml
[2009.09.18 20:17:57 | 000,000,758 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\quelle.xml
[2009.09.18 20:17:57 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\telefonbuch-de.xml
[2011.03.20 01:06:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.20 01:06:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2009.09.18 20:17:57 | 000,005,375 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yodl.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Programme\CrossriderWebApps\Crossrider.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin)
O4 - HKLM..\Run: [atwtusb] C:\Windows\System32\atwtusb.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
O4 - HKLM..\Run: [hplampc] C:\Windows\System32\hplampc.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)]  File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [snpstd] C:\Windows\vsnpstd.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CrossRiderPlugin] C:\Programme\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [espaces]  File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6876E3B5-09B4-40A9-AB89-8CBD155BB5EC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Yvi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Yvi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{57e932e0-f2d6-11de-b4f2-001d92ecbd05}\Shell\AutoRun\command - "" = I:\installer.exe
O33 - MountPoints2\{57e932e0-f2d6-11de-b4f2-001d92ecbd05}\Shell\verb\command - "" = I:\installer.exe
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setupSNK.exe
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk - C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^w98Eject.lnk - C:\Windows\system\w98eject.exe - (Sigmatel)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: BDRegion - hkey= - key= - C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: lxeamon.exe - hkey= - key= - C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
MsConfig - StartUpReg: PhonostarTimer - hkey= - key= - C:\Programme\phonostar\ps_timer.exe (phonostar)
MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - C:\Programme\GoogleEULA\EULALauncher.exe ( )
MsConfig - StartUpReg: TVBroadcast - hkey= - key= - C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.09 11:46:33 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Yvi\Desktop\OTL.exe
[2011.09.09 11:13:40 | 000,000,000 | ---D | C] -- C:\Users\Yvi\AppData\Roaming\Malwarebytes
[2011.09.09 11:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.09 11:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.06 09:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2011.09.06 09:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2011.09.06 09:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2011.09.05 19:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF to Word Doc Converter
[2011.09.05 19:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Free PDF to Word Doc Converter
[2011.08.29 21:55:13 | 000,000,000 | ---D | C] -- C:\Users\Yvi\atomix
[2011.08.28 16:35:09 | 000,000,000 | ---D | C] -- C:\Users\Yvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011.08.27 22:32:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011.08.27 22:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011.08.27 22:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011.08.17 17:49:33 | 000,000,000 | ---D | C] -- C:\Users\Yvi\AppData\Local\Solid State Networks
[2010.09.21 11:14:16 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeacoin.dll
[2010.09.21 11:13:24 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeaserv.dll
[2010.09.21 11:13:24 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeausb1.dll
[2010.09.21 11:13:24 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeainpa.dll
[2010.09.21 11:13:24 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEAhcp.dll
[2010.09.21 11:13:24 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeaiesc.dll
[2010.09.21 11:13:23 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeacomc.dll
[2010.09.21 11:13:23 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeahbn3.dll
[2010.09.21 11:13:23 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeapmui.dll
[2010.09.21 11:13:23 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeacoms.exe
[2010.09.21 11:13:23 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxealmpm.dll
[2010.09.21 11:13:23 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeacfg.exe
[2010.09.21 11:13:23 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeacomm.dll
[2010.09.21 11:13:23 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeaih.exe
[2008.07.30 18:33:31 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd.dll
[2005.04.21 00:16:28 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll
[2004.02.16 20:59:50 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Yvi\AppData\Local\*.tmp files -> C:\Users\Yvi\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.09 11:49:04 | 000,676,444 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.09 11:49:04 | 000,636,302 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.09 11:49:04 | 000,147,028 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.09 11:49:04 | 000,120,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.09 11:46:45 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Yvi\Desktop\OTL.exe
[2011.09.09 11:44:47 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.09.09 11:42:28 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.09 11:42:28 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.09 11:42:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.09 11:42:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.08 15:52:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.06 09:36:50 | 000,001,593 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2011.09.06 09:35:36 | 000,001,982 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Yvi\AppData\Local\*.tmp files -> C:\Users\Yvi\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.06 09:36:50 | 000,001,593 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2011.09.06 09:35:36 | 000,001,982 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2011.09.04 12:51:11 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2010.11.18 22:11:20 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI
[2010.09.21 11:14:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeavs.dll
[2010.09.21 11:14:14 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeacui.dll
[2010.09.21 11:14:14 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeacuir.dll
[2010.09.21 11:14:14 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeagcfg.dll
[2010.09.21 11:13:24 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXEAinst.dll
[2010.09.21 11:13:23 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeains.dll
[2010.09.21 11:13:23 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeainsb.dll
[2010.09.21 11:13:23 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeacu.dll
[2010.09.21 11:13:23 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeagrd.dll
[2010.09.21 11:13:23 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxeainsr.dll
[2010.09.21 11:13:23 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeacub.dll
[2010.09.21 11:13:23 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeajswr.dll
[2010.09.21 11:13:23 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeacur.dll
[2010.09.21 11:13:09 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEAsm.dll
[2010.09.21 11:13:09 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LXEAsmr.dll
[2010.05.21 01:18:24 | 000,000,072 | ---- | C] () -- C:\Windows\oemaster.ini
[2010.04.26 22:35:43 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll
[2010.04.26 22:35:43 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll
[2010.04.26 22:35:25 | 000,014,348 | ---- | C] () -- C:\Windows\HPSETUP.INI
[2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2010.03.19 01:04:40 | 000,004,956 | ---- | C] () -- C:\ProgramData\esswogwb.bbd
[2010.01.07 12:29:48 | 000,000,065 | ---- | C] () -- C:\Windows\FISHUI.INI
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.10.10 14:59:40 | 000,001,040 | ---- | C] () -- C:\Users\Yvi\AppData\Roaming\wklnhst.dat
[2009.10.02 23:21:25 | 000,000,000 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009.09.24 11:41:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.24 11:41:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.10 16:50:07 | 000,000,967 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.09.10 16:50:07 | 000,000,774 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.05.30 15:00:10 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.01.26 18:52:51 | 000,225,280 | R--- | C] () -- C:\Windows\USBM55phmgunin.exe
[2008.12.23 00:48:57 | 000,000,062 | ---- | C] () -- C:\Windows\10eG-Install.ini
[2008.12.14 17:16:51 | 000,253,696 | ---- | C] () -- C:\Windows\pptpunin.exe
[2008.12.07 23:56:23 | 000,006,688 | ---- | C] () -- C:\Windows\movexe.exe
[2008.10.16 17:23:22 | 000,360,096 | ---- | C] () -- C:\Windows\System32\atwtusb.exe
[2008.10.16 17:23:21 | 000,048,800 | ---- | C] () -- C:\Windows\System32\InstallService.exe
[2008.10.16 17:23:20 | 001,969,824 | ---- | C] () -- C:\Windows\System32\WTMKM.exe
[2008.10.16 17:23:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\ATWTINK.DLL
[2008.10.16 17:23:20 | 000,102,048 | ---- | C] () -- C:\Windows\RmTablet.exe
[2008.10.16 17:23:19 | 000,013,951 | ---- | C] () -- C:\Windows\System32\Photoshop Elements.ini
[2008.10.16 17:23:19 | 000,010,361 | ---- | C] () -- C:\Windows\System32\PhotoImpact XL SE.ini
[2008.10.16 17:23:19 | 000,007,633 | ---- | C] () -- C:\Windows\System32\Vista.ini
[2008.10.16 17:23:19 | 000,007,341 | ---- | C] () -- C:\Windows\System32\XP_2000.ini
[2008.10.16 17:23:19 | 000,006,386 | ---- | C] () -- C:\Windows\aiptbl.ini
[2008.10.16 17:23:19 | 000,000,574 | ---- | C] () -- C:\Windows\System32\MKProfile.ini
[2008.09.17 13:36:22 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2008.09.17 13:36:20 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2008.09.17 13:36:20 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2008.09.17 13:36:20 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll
[2008.09.16 14:28:04 | 000,001,473 | ---- | C] () -- C:\Windows\eReg.dat
[2008.08.29 11:55:37 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.08.13 17:09:06 | 000,000,000 | ---- | C] () -- C:\Windows\MAPPER.INI
[2008.07.30 18:33:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsnpstd.dll
[2008.07.23 23:39:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.22 14:38:48 | 000,000,029 | ---- | C] () -- C:\Windows\viewer.ini
[2008.07.11 16:40:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.07.09 21:06:50 | 000,007,592 | ---- | C] () -- C:\Users\Yvi\AppData\Local\d3d9caps.dat
[2008.07.08 20:28:07 | 000,246,784 | ---- | C] () -- C:\Users\Yvi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.06 17:21:19 | 000,000,091 | ---- | C] () -- C:\Users\Yvi\AppData\Local\fusioncache.dat
[2008.04.30 12:12:26 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2008.04.30 12:12:26 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008.04.30 11:28:46 | 000,000,052 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2008.04.01 15:35:46 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.04.01 15:13:07 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.04.01 15:13:06 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.03.31 12:55:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.01.21 09:15:58 | 000,676,444 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,147,028 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,372,872 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,636,302 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,120,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.05.03 22:40:42 | 000,390,784 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys
[2006.04.04 10:54:28 | 000,192,512 | ---- | C] () -- C:\Windows\System32\AegisI5.exe
[2006.04.04 10:54:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\acs.exe
[2005.10.11 20:54:48 | 000,339,968 | ---- | C] () -- C:\Windows\vsnpstd.exe
[2005.02.02 02:29:12 | 000,020,480 | ---- | C] () -- C:\Windows\usnpstd.exe
[2003.01.18 00:34:40 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini
[2002.09.06 11:36:16 | 000,124,416 | ---- | C] () -- C:\Windows\lame_enc.dll
[2001.11.19 21:13:36 | 000,401,408 | ---- | C] () -- C:\Windows\stepbuttons.dll
[1997.12.08 02:03:00 | 000,067,104 | ---- | C] () -- C:\Windows\Paul-setup.exe
[1996.12.14 00:00:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\WRKGADM.EXE
[1996.12.14 00:00:00 | 000,025,600 | ---- | C] () -- C:\Windows\System32\VADE232.DLL
[1996.12.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1996.12.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1996.12.14 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2011.05.07 09:09:07 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\.minecraft
[2011.05.02 21:33:10 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\.purple
[2009.06.07 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Amazon
[2010.06.16 23:17:50 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Bioshock
[2011.07.27 04:45:28 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\BitTorrent
[2010.03.20 03:11:16 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\CocoonSoftware
[2011.07.27 12:13:54 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\DAEMON Tools Lite
[2010.01.07 12:29:38 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\DataCast
[2011.05.07 12:42:01 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\FreeFLVConverter
[2010.03.19 02:08:08 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\FreeScreenToVideo
[2010.09.13 21:39:28 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\gtk-2.0
[2010.09.16 15:04:49 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Gutscheinmieze
[2011.09.07 09:57:20 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\ICQ
[2008.07.11 17:21:06 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\ICQLite
[2010.05.21 01:26:36 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\kikin
[2009.03.16 00:57:41 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\McLoad
[2008.07.11 17:02:31 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Miranda
[2009.01.26 18:52:11 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\MobileAction
[2010.02.21 15:18:58 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\OfficeRecovery
[2009.07.11 12:17:42 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\phonostar-Player
[2009.09.02 22:10:05 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\QIP
[2009.01.27 14:00:24 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Simple Star
[2009.10.10 14:59:42 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Template
[2010.02.13 03:03:33 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\TuneUp Software
[2011.09.09 11:41:12 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2008.07.06 17:21:13 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.09.24 20:45:00 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.07.26 20:05:00 | 000,000,000 | ---D | M] -- C:\codec-info
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.07.06 17:13:53 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.09.21 11:12:00 | 000,000,000 | ---D | M] -- C:\Lexmark
[2008.07.22 16:34:36 | 000,000,000 | ---D | M] -- C:\Medion
[2008.12.14 17:16:51 | 000,000,000 | ---D | M] -- C:\MISSION
[2009.12.30 01:05:48 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.04.11 14:08:14 | 000,000,000 | ---D | M] -- C:\MyWorks
[2011.07.26 20:05:37 | 000,000,000 | ---D | M] -- C:\premiumsoft
[2011.09.09 11:13:23 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.09.09 11:13:28 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.07.06 17:13:53 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.04.26 22:35:43 | 000,000,000 | ---D | M] -- C:\SCANJET
[2010.04.26 22:35:15 | 000,000,000 | ---D | M] -- C:\sj655
[2011.09.09 11:49:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.09.10 16:50:13 | 000,000,000 | ---D | M] -- C:\Temp
[2008.08.13 17:07:50 | 000,000,000 | ---D | M] -- C:\UbiSoft
[2008.07.06 17:20:40 | 000,000,000 | R--D | M] -- C:\Users
[2011.09.06 09:40:26 | 000,000,000 | ---D | M] -- C:\Windows
[2008.09.08 18:09:57 | 000,000,000 | ---D | M] -- C:\xampp
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-07 10:45:19
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 638 bytes -> C:\Users\Yvi\Documents\spielenachmittag_-abend (_.eml:OECustomProperty

< End of report >
         
--- --- ---


extras:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.09.2011 11:47:25 - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\Yvi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,88% Memory free
6,19 Gb Paging File | 5,19 Gb Available in Paging File | 83,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,75 Gb Total Space | 217,11 Gb Free Space | 48,71% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,66 Gb Free Space | 53,32% Space Free | Partition Type: FAT32
Drive I: | 7,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: YVI-PC | User Name: Yvi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11B0C170-4D3E-4220-8806-7B4DFB611ADB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{301A28D9-CC67-4FE2-8B26-D665F65D4A4C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{364F9AB9-CEAD-40C0-B336-5ED7879EDB9A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{374AA3E9-BECE-406A-BE1B-8B0FD04F1E31}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3C2BC6EC-0637-4601-951A-7303CCAF4A07}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3E6CBDD9-EE41-4F52-960B-C8F9CDDE33BA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5053EE42-2E21-4FE4-8881-0601ACC88EA2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6315892C-D473-49B7-8F20-1A8ED331D15E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{938A4075-8CAE-4F26-8D57-B74B9A2EE048}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{99D1D08F-C6D5-425A-9014-4ECB60B94255}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A96EC6AF-069F-4379-891B-A345E2474029}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BD991224-1357-49D3-8726-CF904A505482}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BE398DE8-3201-49E8-ADBC-F46042B97ECF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BFC98B4E-D51C-4DA4-AFF5-A028A3DE2EA9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C1475E40-24B1-4FFF-A329-3E65431C3D49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{C28AB338-CAFD-46A5-BC32-145B10F172C5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D93B6D11-83F7-4271-B8E2-AB0640D0D2F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DE938DAD-8629-4527-B9C5-5AEED97DA6A2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FA8D3940-7FCB-4579-9781-02766D1A9834}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEC9DC91-6481-4BCF-AAC1-BAADA9EC4BCA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050D951E-4861-453B-901B-1EF29E63CF57}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{093236E9-D90F-4986-B244-F0B18590F6A0}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{117F21C4-B9E7-4DFC-8AE6-42A8806367A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{15B796D0-5EFE-403A-A917-800241CEFE02}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{1819669A-AD67-4511-A125-B22B637B4629}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{21EEE702-1043-4380-87AF-2970844E1791}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{2A558AC9-D23D-4CD3-AC52-CD81711C0E8C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2E62EB71-CB0D-4B06-9592-977E7BBF7796}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{308D2295-71F2-4777-87F5-1104A680C0DF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{38937176-D46E-4694-998C-E95BDD7375EB}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{46513B2D-194A-44AA-B067-0C8E8F02DCF7}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{50B9C9C9-A1D0-4F0C-AA50-E41C4ECEDDF3}" = dir=in | app=c:\windows\system32\lxeacoms.exe | 
"{57ECFFB6-EF28-401C-897A-44476F1ABD67}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe | 
"{594004F0-2A09-483B-91BF-4D96DD6F2B66}" = dir=in | app=c:\windows\system32\lxeacoms.exe | 
"{63FC5AAA-6C37-42DF-AC8B-F14FB3E99E6B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{643FEC32-4A59-4FAF-A51B-99F09C40C03E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{71D114BC-6C6E-4FC7-8DEE-3E8ED76F80BD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{801DACCE-AE80-4329-8BAD-EC6C4596EA63}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{83176666-185A-4014-8152-2B23C109B985}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{8C699785-9625-43BA-AB25-C594F590809F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{9524F062-4C15-4AF3-8582-D91DBC8CD54D}" = dir=in | app=c:\windows\system32\lxeacoms.exe | 
"{9C14FC8A-2BEA-41B0-AED8-DB4FBB1F4FCC}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe | 
"{A23348EC-8353-4649-8231-9F5AD5933B53}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{AB86E956-9CF0-48C6-BC39-EC91EE0BAFD0}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{B2A01903-1FAC-43F7-A777-2605A8DE79B8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{C1542B42-FF23-4DFF-A108-8AF67F8E1BE8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{C1EEF1A2-B250-4167-9072-CDB0E6C177D4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C2305E0C-B8F1-4AEE-B832-EC3F8934AB45}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{C5B90965-B043-49F8-8BA4-7461C5FB297E}" = dir=in | app=c:\windows\system32\lxeacoms.exe | 
"{C67D9EE5-7862-4C72-A75B-7BE3C586CD38}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{CBBA7441-09EC-4A30-B508-4CB710C4E265}" = protocol=17 | dir=in | app=h:\alicecd.exe | 
"{CBED4B7D-6ADB-4FA3-83E9-EACB94B0B187}" = protocol=6 | dir=in | app=h:\alicecd.exe | 
"{CDF15067-DE91-4CAE-A73C-F5E97415021B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{D51B741C-B7F5-4FC3-BCB8-47FFCAAC9247}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{D8CE8103-5595-4C2F-99D8-CC9C951791B2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{E8C2FD35-6555-4A19-BC75-6213CC7B096D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EBF3EF6B-003A-4A6E-9FC8-EEA0C30A7FA9}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{F08C870D-303D-4F00-A6B5-C75E96C59164}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{0F45DF03-7D18-447E-936E-7FDEA313F8B6}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{21466352-AFCF-4A72-B7F3-D051827C336A}C:\program files\steam\steamapps\common\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"TCP Query User{25517D32-3BBE-4F96-AD06-27246CD5D3A8}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{3A49D631-774B-42DF-9341-387C659B1311}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{5DE6BB2A-72C3-40A2-86F8-08F592AFAF7D}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{6BA400C8-CB2B-41CF-B9CA-2A228FA4B9C5}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{6E6CD1D4-4901-4C1E-82CF-A331D2144C95}C:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\apache.exe | 
"TCP Query User{764975D0-697D-49EA-BE14-C9CA57365678}C:\users\yvi\downloads\ipcurve100win32\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\users\yvi\downloads\ipcurve100win32\ipcurve\ipcurve.exe | 
"TCP Query User{771C3396-4F64-4140-B573-98F14F3D749F}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"TCP Query User{7CC3CF82-1508-4F6D-8E3C-25F6F123992F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{7CF55CB3-859F-4B58-BE1C-C96A59538D6F}C:\program files\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files\qip infium\infium.exe | 
"TCP Query User{8A2E5674-4EBC-4A2C-A204-E489D7DA7E5A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{90654FFA-076A-4A6F-A317-2305C715BF36}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | 
"TCP Query User{B0FB3946-E5DD-4E20-8215-8F646724789A}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{C41EE633-9212-412A-B674-DE95A3093775}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{DB015508-EC3B-43CD-AC65-860DAF153450}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{E194A3EF-9D0D-4CBA-B62C-DB5691C9755E}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | 
"TCP Query User{EE253F81-E48A-4D20-8E9C-7ABE340BF2D5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{F1632741-3E4F-454D-83F3-633240A552E3}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{167DDB5A-EA87-404C-B78E-B106B8531B1E}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{26E6A495-7922-4E96-86DC-79A2589BA61D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{4AE1D26A-6F4F-4EB5-A2D0-C9B5F230A643}C:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\apache.exe | 
"UDP Query User{5101F411-7B56-4B95-8B51-5F515D46342E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{59A5DE72-F107-4106-90E9-451B23866882}C:\program files\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files\qip infium\infium.exe | 
"UDP Query User{5B0E64F6-545E-4396-8021-7009DFB001C4}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{6EF9A5EB-BD7F-455F-9AD0-EC862F951F12}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{775CEE26-DAA8-4EC6-A769-FE74D6F99CCB}C:\program files\steam\steamapps\common\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"UDP Query User{7AD709A3-2A29-408A-873D-14C1B13571E6}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{9B532CAD-DAF1-4BED-BFB9-C722A13D8656}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{A2C099DA-A91F-4F43-9587-3A2F59418EBC}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{B29507D8-C45E-43F9-BCF8-BFD52D230D92}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{C694473C-0D09-4512-B17F-53AAE6FE1F1A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{CE1BD52C-C9E1-4C1C-97FB-DEE0BF229275}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{D7BD00A0-C1D4-410D-A592-65FEBD5FB20C}C:\users\yvi\downloads\ipcurve100win32\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\users\yvi\downloads\ipcurve100win32\ipcurve\ipcurve.exe | 
"UDP Query User{E9E4396A-DD90-4318-9E16-450869B8D4E4}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | 
"UDP Query User{EEA85A52-3E76-482B-A917-6D2181392618}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{F6570E4F-22BE-43F7-AC11-6651B26FA4B2}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | 
"UDP Query User{F70EE985-5887-4D9D-A36A-4AF01AC26FBA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23BB5CFE-8B85-4568-9A85-68F99D19680E}" = Audio 180 %
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{36BBA884-C697-48B6-B496-5F329215E249}" = BioShock Demo
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57383270-6F61-4DC8-A9B8-C1745FC29F38}" = USB PC Camera (SN9C101)
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{769033E4-C119-496A-8144-3F468081F8D7}" = Movavi Video Suite 8
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AE38076-D8FD-4EF9-A203-98A3EF0C66C1}" = Siemens Data Suite
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F251952-43A3-1305-997C-5B285C76FCAD}" = ATI Catalyst Install Manager
"{9FD45917-95E6-449D-ACC9-01E634A34CBD}_is1" = MPEG Video Wizard DVD 5.0.0.104 (01/2010)
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4CF84DC-055D-469B-AFEC-FFB9E5FB770B}" = TrekStor i.Beat censo
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAF5914B-5730-4373-B038-9F436AC6A0D6}" = Rayman3
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DB44F479-789A-4D76-A31E-663C5658F576}" = Mindjet MindManager 9
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F701F7AC-B6A5-4B97-8901-B6C08649FCDF}" = TrekStor i.Beat cebrax FM
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer
"Advanced MP3 Converter_is1" = Advanced MP3 Converter 2.20
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"BitTorrent" = BitTorrent
"CamStudio" = CamStudio
"Crossrider" = Crossrider Web Apps
"DAEMON Tools Lite" = DAEMON Tools Lite
"Die Sims" = Die Sims
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Doro_is1" = Doro 1.42
"Eufloria_is1" = Eufloria v2.07
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free FLV Converter_is1" = Free FLV Converter V 6.96.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Screen To Video_is1" = Free Screen To Video V 1.2
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GTK 2.0" = GTK+ Runtime 2.12.12 rev a (nur entfernen)
"hedgewars" = Hedgewars
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP PrecisionScan LT Software" = HP PrecisionScan LT Software
"Insaniquarium Deluxe 1.0" = Insaniquarium Deluxe 1.0
"InstallShield_{7AE38076-D8FD-4EF9-A203-98A3EF0C66C1}" = Siemens Data Suite
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR  WG311T Wireless Adapter
"JDownloader" = JDownloader
"kikin Plugin (Murb.com Edition)" = kikin Plugin (Murb.com Edition) 1.11
"LetsTrade" = LetsTrade Komponenten
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"M55 USB-Handset Manager" = M55 USB-Handset Manager
"McLoad Preinstaller" = McLoad Preinstaller
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"Mpeg Video Wizard DVD 5.0" = MPEG Video Wizard DVD 5.0.0.104 (01/2010)
"MyFreeCodec" = MyFreeCodec
"NVIDIA Drivers" = NVIDIA Drivers
"OEMaster-Daten-ExportfürOutlookExpress" = OEMaster - DBX-Reader und Daten-Export für Outlook Express
"Office8.0" = Microsoft Office 97, Professional Edition
"OpenAL" = OpenAL
"PDF-XChange 3_is1" = PDF-XChange 3
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.4
"Pidgin" = Pidgin
"PPTP" = Pink Panthers Gefährliche Mission
"RealPlayer 6.0" = RealPlayer
"Rmtablet" = GRAFIKABLETT MD 85637
"Siemens S55 Colour Scheme Editor_is1" = Siemens S55 Colour Scheme Editor 0.9.14
"Steam App 400" = Portal
"Steam App 620" = Portal 2
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"WinDjView" = WinDjView 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xilisoft AVI MPEG Converter" = Xilisoft AVI MPEG Converter
"Zuma Deluxe RA" = Zuma Deluxe RA
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"pdfsam" = pdfsam
"QIP Infium" = QIP Infium 2.0.9032 RC4
"QUICKMEDIACONVERTER" = QMC
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.11.2009 10:27:31 | Computer Name = Yvi-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 03.11.2009 11:27:38 | Computer Name = Yvi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.11.2009 17:08:15 | Computer Name = Yvi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.11.2009 11:01:10 | Computer Name = Yvi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.11.2009 13:08:54 | Computer Name = Yvi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.11.2009 13:45:15 | Computer Name = Yvi-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 04.11.2009 16:53:49 | Computer Name = Yvi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.11.2009 17:38:41 | Computer Name = Yvi-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 04.11.2009 17:38:53 | Computer Name = Yvi-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 04.11.2009 18:03:47 | Computer Name = Yvi-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 12.05.2010 05:15:22 | Computer Name = Yvi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 570
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 27.03.2011 10:18:40 | Computer Name = Yvi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07.09.2011 05:43:05 | Computer Name = Yvi-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
 
Error - 08.09.2011 07:44:11 | Computer Name = Yvi-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = 
 
Error - 08.09.2011 07:44:30 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 08.09.2011 07:44:30 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.09.2011 10:53:28 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 08.09.2011 10:53:28 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.09.2011 05:09:40 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 09.09.2011 05:09:40 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.09.2011 05:42:50 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 09.09.2011 05:42:50 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 09.09.2011, 21:40   #4
Swisstreasure
/// Malwareteam
 
smiley auf dunklem bildschirm, windows startete nicht mehr - Standard

smiley auf dunklem bildschirm, windows startete nicht mehr



Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Alt 09.09.2011, 22:01   #5
glueckskind
 
smiley auf dunklem bildschirm, windows startete nicht mehr - Standard

smiley auf dunklem bildschirm, windows startete nicht mehr



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: MEDIONPC
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MEDIONPC
System Product Name: MS-7501
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 152):
0x82606000 \SystemRoot\system32\ntkrnlpa.exe
0x829C0000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\PSHED.dll
0x8041B000 \SystemRoot\system32\BOOTVID.dll
0x80423000 \SystemRoot\system32\CLFS.SYS
0x80464000 \SystemRoot\system32\CI.dll
0x80544000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80609000 \SystemRoot\system32\drivers\acpi.sys
0x8064F000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80658000 \SystemRoot\system32\drivers\msisadrv.sys
0x80660000 \SystemRoot\system32\drivers\pci.sys
0x80687000 \SystemRoot\System32\drivers\partmgr.sys
0x80696000 \SystemRoot\system32\drivers\volmgr.sys
0x806A5000 \SystemRoot\System32\drivers\volmgrx.sys
0x806EF000 \SystemRoot\system32\DRIVERS\amdide.sys
0x806F6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x80704000 \SystemRoot\System32\drivers\mountmgr.sys
0x80714000 \SystemRoot\system32\drivers\atapi.sys
0x8071C000 \SystemRoot\system32\drivers\ataport.SYS
0x8073A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8076C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8077C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83001000 \SystemRoot\system32\drivers\ndis.sys
0x8310C000 \SystemRoot\system32\drivers\msrpc.sys
0x83137000 \SystemRoot\system32\drivers\NETIO.SYS
0x83204000 \SystemRoot\System32\drivers\tcpip.sys
0x832F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A80E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A91E000 \SystemRoot\system32\drivers\volsnap.sys
0x8A957000 \SystemRoot\System32\Drivers\spldr.sys
0x8A95F000 \SystemRoot\System32\Drivers\mup.sys
0x8A96E000 \SystemRoot\System32\drivers\ecache.sys
0x8A995000 \SystemRoot\system32\drivers\disk.sys
0x8A9A6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A9C7000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8A9CF000 \SystemRoot\system32\drivers\crcdisk.sys
0x8330C000 \SystemRoot\system32\DRIVERS\ahcix86s.sys
0x8334D000 \SystemRoot\system32\DRIVERS\storport.sys
0x8A9EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A800000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x833CF000 \SystemRoot\system32\DRIVERS\processr.sys
0x90406000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90B20000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90BC0000 \SystemRoot\System32\drivers\watchdog.sys
0x83172000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x90BCC000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x90BDC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x833DE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90BEA000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x831B3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x831F1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90E05000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90E92000 \SystemRoot\system32\DRIVERS\serial.sys
0x90EAC000 \SystemRoot\system32\DRIVERS\serenum.sys
0x90EB6000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x90ED5000 \SystemRoot\system32\DRIVERS\serscan.sys
0x90EDD000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90F0C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90F17000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90F2E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90F39000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90F5C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90F6B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90F7F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90F94000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90FA4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90FAF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90FBA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90FBC000 \SystemRoot\system32\DRIVERS\ks.sys
0x9120D000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x91248000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x91252000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9125F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91294000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9360A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9380B000 \SystemRoot\system32\drivers\portcls.sys
0x93838000 \SystemRoot\system32\drivers\drmk.sys
0x9385D000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x93884000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9388D000 \SystemRoot\System32\Drivers\Null.SYS
0x93894000 \SystemRoot\System32\Drivers\Beep.SYS
0x938A4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x938AB000 \SystemRoot\System32\drivers\vga.sys
0x938B7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x938D8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x938E0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x938E8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x938F3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x93901000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9390A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x93920000 \SystemRoot\system32\DRIVERS\smb.sys
0x93934000 \SystemRoot\system32\drivers\afd.sys
0x9397C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x93991000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x93993000 \SystemRoot\System32\DRIVERS\netbt.sys
0x939C5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x939DB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x939E9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x912A5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x93600000 \SystemRoot\system32\drivers\nsiproxy.sys
0x912E1000 \SystemRoot\System32\Drivers\dfsc.sys
0x912F8000 \SystemRoot\system32\DRIVERS\netr28u.sys
0x9138C000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x91396000 \SystemRoot\System32\Drivers\fastfat.SYS
0x913BE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9389B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x913D5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x913E5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x913EE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91200000 \SystemRoot\System32\Drivers\crashdmp.sys
0x913F6000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8338E000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys
0x9CAC0000 \SystemRoot\System32\win32k.sys
0x90FE6000 \SystemRoot\System32\drivers\Dxapi.sys
0x90FF0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9CCE0000 \SystemRoot\System32\TSDDD.dll
0x805CD000 \SystemRoot\system32\drivers\luafv.sys
0x9CD00000 \SystemRoot\System32\cdd.dll
0xA2406000 \SystemRoot\system32\drivers\spsys.sys
0xA24B6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA24C6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA24F0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA24FA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA250D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA2523000 \SystemRoot\system32\drivers\HTTP.sys
0xA2590000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA25AD000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA25C6000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA25DB000 \SystemRoot\system32\drivers\mrxdav.sys
0xA5407000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA5426000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA545F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA5477000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA549F000 \SystemRoot\System32\DRIVERS\srv.sys
0xA54EE000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xA6A03000 \SystemRoot\system32\drivers\peauth.sys
0xA6AE1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA6AEB000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0xA6AF5000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA6B01000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA6B16000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA6B28000 \??\C:\Program Files\HomeCinema\PlayMovie\000.fcl
0xA6B45000 \??\C:\Program Files\HomeCinema\PowerDVD\000.fcl
0xA6B62000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0xA6B77000 \??\C:\Windows\system32\drivers\mbam.sys
0xA6B7B000 \SystemRoot\system32\DRIVERS\udfs.sys
0xA6BB6000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA6BBF000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3CFEB9A-DF84-4231-AD9C-668D005270FE}\MpKsld95bc85b.sys
0x9CD10000 \SystemRoot\System32\ATMFD.DLL
0x77B20000 \Windows\System32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
536 csrss.exe
584 C:\Windows\System32\wininit.exe
596 csrss.exe
632 C:\Windows\System32\services.exe
644 C:\Windows\System32\lsass.exe
652 C:\Windows\System32\lsm.exe
808 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\nvvsvc.exe
892 C:\Windows\System32\svchost.exe
936 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1032 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\winlogon.exe
1108 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\audiodg.exe
1284 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\SLsvc.exe
1368 C:\Windows\System32\svchost.exe
1524 C:\Windows\System32\svchost.exe
1644 C:\Windows\System32\rundll32.exe
1940 C:\Windows\System32\spoolsv.exe
1968 C:\Windows\System32\svchost.exe
284 C:\Windows\System32\dwm.exe
336 C:\Windows\explorer.exe
272 C:\Windows\System32\taskeng.exe
796 C:\Windows\System32\taskeng.exe
1104 C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
820 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1328 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
2180 C:\Windows\System32\lxeacoms.exe
2236 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
2328 C:\Windows\System32\IoctlSvc.exe
2344 C:\Windows\System32\svchost.exe
2408 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2632 C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
2720 C:\Windows\System32\svchost.exe
2780 C:\Windows\System32\svchost.exe
2812 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2856 C:\Windows\System32\SearchIndexer.exe
3156 WUDFHost.exe
3312 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3344 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3636 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
3848 C:\Windows\System32\rundll32.exe
3912 C:\Windows\System32\atwtusb.exe
4000 C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
4024 C:\Program Files\Microsoft Security Client\msseces.exe
4084 C:\Windows\ehome\ehtray.exe
2200 C:\Program Files\CrossriderWebApps\Crossrider.exe
2264 C:\Program Files\DAEMON Tools Lite\DTLite.exe
2308 C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
1768 C:\Windows\ehome\ehmsas.exe
2564 C:\Windows\System32\WTMKM.exe
3720 C:\Windows\System32\wbem\unsecapp.exe
3080 WmiPrvSE.exe
1812 C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
3816 C:\Windows\System32\svchost.exe
3128 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
2544 C:\Windows\System32\wuauclt.exe
3532 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
3924 C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
5056 C:\Windows\System32\SearchProtocolHost.exe
5608 C:\Windows\System32\SearchFilterHost.exe
6028 C:\Program Files\Mozilla Firefox\firefox.exe
5672 C:\Program Files\Mozilla Firefox\plugin-container.exe
2336 C:\Users\Yvi\Desktop\MBRCheck.exe
4556 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000006f`70839c00 (FAT32)

PhysicalDrive0 Model Number: WDC WD5000AACS-00ZUB0, Rev: 1.10

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 RE: Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


Done!


dankeschön für die fixen antworten


Alt 09.09.2011, 22:14   #6
Swisstreasure
/// Malwareteam
 
smiley auf dunklem bildschirm, windows startete nicht mehr - Standard

smiley auf dunklem bildschirm, windows startete nicht mehr



Zitat:
Windows 98 MBR code detected
bei Vista??

Hast Du mehrere Betriebssyteme?

Alt 09.09.2011, 22:41   #7
glueckskind
 
smiley auf dunklem bildschirm, windows startete nicht mehr - Standard

smiley auf dunklem bildschirm, windows startete nicht mehr



hm.. soweit ich bis eben dachte, nein.
es ist zwar noch ein zweiter pc vorhanden, über den zwecks älterer spiele 98 läuft, aber hier sollte nichts davon zu finden sein.. ich bin mir gerade nicht sicher, ob ich vor einigen jahren mal bei diesem pc auf einer partition 98 installiert hatte, um mich beim booten für eins der beiden systeme entscheiden zu können, aber selbst wenn dem so wäre, sollte inzwischen nix mehr davon übrig sein.

wäre die meldung denn dann beunruhigend oder gleichgültig?

Alt 11.09.2011, 23:22   #8
Swisstreasure
/// Malwareteam
 
smiley auf dunklem bildschirm, windows startete nicht mehr - Standard

smiley auf dunklem bildschirm, windows startete nicht mehr



Melde mich Morgen, sorry.

Alt 12.09.2011, 17:52   #9
Swisstreasure
/// Malwareteam
 
smiley auf dunklem bildschirm, windows startete nicht mehr - Standard

smiley auf dunklem bildschirm, windows startete nicht mehr



MBR mit aswMBR von Avast wiederherstellen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop nicht woanders hin, falls noch nicht vorhanden.

Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! angezeigt wird, klicke auf FixMBR, um den MBR wiederherzustellen.

Alt 12.09.2011, 23:24   #10
glueckskind
 
smiley auf dunklem bildschirm, windows startete nicht mehr - Standard

smiley auf dunklem bildschirm, windows startete nicht mehr



nabend, alles nach plan durchgeführt. bereit für eventuelle nächste schritte (:

Alt 13.09.2011, 17:44   #11
Swisstreasure
/// Malwareteam
 
smiley auf dunklem bildschirm, windows startete nicht mehr - Standard

smiley auf dunklem bildschirm, windows startete nicht mehr



  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Alt 13.09.2011, 18:33   #12
glueckskind
 
smiley auf dunklem bildschirm, windows startete nicht mehr - Standard

smiley auf dunklem bildschirm, windows startete nicht mehr



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: MEDIONPC
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MEDIONPC
System Product Name: MS-7501
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 152):
0x82606000 \SystemRoot\system32\ntkrnlpa.exe
0x829C0000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\PSHED.dll
0x8041B000 \SystemRoot\system32\BOOTVID.dll
0x80423000 \SystemRoot\system32\CLFS.SYS
0x80464000 \SystemRoot\system32\CI.dll
0x80544000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80609000 \SystemRoot\system32\drivers\acpi.sys
0x8064F000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80658000 \SystemRoot\system32\drivers\msisadrv.sys
0x80660000 \SystemRoot\system32\drivers\pci.sys
0x80687000 \SystemRoot\System32\drivers\partmgr.sys
0x80696000 \SystemRoot\system32\drivers\volmgr.sys
0x806A5000 \SystemRoot\System32\drivers\volmgrx.sys
0x806EF000 \SystemRoot\system32\DRIVERS\amdide.sys
0x806F6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x80704000 \SystemRoot\System32\drivers\mountmgr.sys
0x80714000 \SystemRoot\system32\drivers\atapi.sys
0x8071C000 \SystemRoot\system32\drivers\ataport.SYS
0x8073A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8076C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8077C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83001000 \SystemRoot\system32\drivers\ndis.sys
0x8310C000 \SystemRoot\system32\drivers\msrpc.sys
0x83137000 \SystemRoot\system32\drivers\NETIO.SYS
0x83204000 \SystemRoot\System32\drivers\tcpip.sys
0x832F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A80E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A91E000 \SystemRoot\system32\drivers\volsnap.sys
0x8A957000 \SystemRoot\System32\Drivers\spldr.sys
0x8A95F000 \SystemRoot\System32\Drivers\mup.sys
0x8A96E000 \SystemRoot\System32\drivers\ecache.sys
0x8A995000 \SystemRoot\system32\drivers\disk.sys
0x8A9A6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A9C7000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8A9CF000 \SystemRoot\system32\drivers\crcdisk.sys
0x8330C000 \SystemRoot\system32\DRIVERS\ahcix86s.sys
0x8334D000 \SystemRoot\system32\DRIVERS\storport.sys
0x8A9EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A800000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x833CF000 \SystemRoot\system32\DRIVERS\processr.sys
0x90406000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90B20000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90BC0000 \SystemRoot\System32\drivers\watchdog.sys
0x83172000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x90BCC000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x90BDC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x833DE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90BEA000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x831B3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x831F1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90E05000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90E92000 \SystemRoot\system32\DRIVERS\serial.sys
0x90EAC000 \SystemRoot\system32\DRIVERS\serenum.sys
0x90EB6000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x90ED5000 \SystemRoot\system32\DRIVERS\serscan.sys
0x90EDD000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90F0C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90F17000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90F2E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90F39000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90F5C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90F6B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90F7F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90F94000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90FA4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90FAF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90FBA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90FBC000 \SystemRoot\system32\DRIVERS\ks.sys
0x9120D000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x91248000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x91252000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9125F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91294000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9360A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9380B000 \SystemRoot\system32\drivers\portcls.sys
0x93838000 \SystemRoot\system32\drivers\drmk.sys
0x9385D000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x93884000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9388D000 \SystemRoot\System32\Drivers\Null.SYS
0x93894000 \SystemRoot\System32\Drivers\Beep.SYS
0x938A4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x938AB000 \SystemRoot\System32\drivers\vga.sys
0x938B7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x938D8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x938E0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x938E8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x938F3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x93901000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9390A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x93920000 \SystemRoot\system32\DRIVERS\smb.sys
0x93934000 \SystemRoot\system32\drivers\afd.sys
0x9397C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x93991000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x93993000 \SystemRoot\System32\DRIVERS\netbt.sys
0x939C5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x939DB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x939E9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x912A5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x93600000 \SystemRoot\system32\drivers\nsiproxy.sys
0x912E1000 \SystemRoot\System32\Drivers\dfsc.sys
0x912F8000 \SystemRoot\system32\DRIVERS\netr28u.sys
0x9138C000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x91396000 \SystemRoot\System32\Drivers\fastfat.SYS
0x913BE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9389B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x913D5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x913E5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x913EE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91200000 \SystemRoot\System32\Drivers\crashdmp.sys
0x913F6000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8338E000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys
0x9CAC0000 \SystemRoot\System32\win32k.sys
0x90FE6000 \SystemRoot\System32\drivers\Dxapi.sys
0x90FF0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9CCE0000 \SystemRoot\System32\TSDDD.dll
0x805CD000 \SystemRoot\system32\drivers\luafv.sys
0x9CD00000 \SystemRoot\System32\cdd.dll
0xA2406000 \SystemRoot\system32\drivers\spsys.sys
0xA24B6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA24C6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA24F0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA24FA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA250D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA2523000 \SystemRoot\system32\drivers\HTTP.sys
0xA2590000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA25AD000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA25C6000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA25DB000 \SystemRoot\system32\drivers\mrxdav.sys
0xA5407000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA5426000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA545F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA5477000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA549F000 \SystemRoot\System32\DRIVERS\srv.sys
0xA54EE000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xA6A03000 \SystemRoot\system32\drivers\peauth.sys
0xA6AE1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA6AEB000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0xA6AF5000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA6B01000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA6B16000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA6B28000 \??\C:\Program Files\HomeCinema\PlayMovie\000.fcl
0xA6B45000 \??\C:\Program Files\HomeCinema\PowerDVD\000.fcl
0xA6B62000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0xA6B77000 \??\C:\Windows\system32\drivers\mbam.sys
0xA6B7B000 \SystemRoot\system32\DRIVERS\udfs.sys
0xA6BB6000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA6BBF000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3CFEB9A-DF84-4231-AD9C-668D005270FE}\MpKsld95bc85b.sys
0x9CD10000 \SystemRoot\System32\ATMFD.DLL
0x77B20000 \Windows\System32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
536 csrss.exe
584 C:\Windows\System32\wininit.exe
596 csrss.exe
632 C:\Windows\System32\services.exe
644 C:\Windows\System32\lsass.exe
652 C:\Windows\System32\lsm.exe
808 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\nvvsvc.exe
892 C:\Windows\System32\svchost.exe
936 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1032 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\winlogon.exe
1108 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\audiodg.exe
1284 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\SLsvc.exe
1368 C:\Windows\System32\svchost.exe
1524 C:\Windows\System32\svchost.exe
1644 C:\Windows\System32\rundll32.exe
1940 C:\Windows\System32\spoolsv.exe
1968 C:\Windows\System32\svchost.exe
284 C:\Windows\System32\dwm.exe
336 C:\Windows\explorer.exe
272 C:\Windows\System32\taskeng.exe
796 C:\Windows\System32\taskeng.exe
1104 C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
820 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1328 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
2180 C:\Windows\System32\lxeacoms.exe
2236 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
2328 C:\Windows\System32\IoctlSvc.exe
2344 C:\Windows\System32\svchost.exe
2408 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2632 C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
2720 C:\Windows\System32\svchost.exe
2780 C:\Windows\System32\svchost.exe
2812 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2856 C:\Windows\System32\SearchIndexer.exe
3156 WUDFHost.exe
3312 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3344 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3636 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
3848 C:\Windows\System32\rundll32.exe
3912 C:\Windows\System32\atwtusb.exe
4000 C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
4024 C:\Program Files\Microsoft Security Client\msseces.exe
4084 C:\Windows\ehome\ehtray.exe
2200 C:\Program Files\CrossriderWebApps\Crossrider.exe
2264 C:\Program Files\DAEMON Tools Lite\DTLite.exe
2308 C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
1768 C:\Windows\ehome\ehmsas.exe
2564 C:\Windows\System32\WTMKM.exe
3720 C:\Windows\System32\wbem\unsecapp.exe
3080 WmiPrvSE.exe
1812 C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
3816 C:\Windows\System32\svchost.exe
3128 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
2544 C:\Windows\System32\wuauclt.exe
3532 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
3924 C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
5056 C:\Windows\System32\SearchProtocolHost.exe
5608 C:\Windows\System32\SearchFilterHost.exe
6028 C:\Program Files\Mozilla Firefox\firefox.exe
5672 C:\Program Files\Mozilla Firefox\plugin-container.exe
2336 C:\Users\Yvi\Desktop\MBRCheck.exe
4556 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000006f`70839c00 (FAT32)

PhysicalDrive0 Model Number: WDC WD5000AACS-00ZUB0, Rev: 1.10

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 RE: Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


Done!

Alt 14.09.2011, 22:10   #13
Swisstreasure
/// Malwareteam
 
smiley auf dunklem bildschirm, windows startete nicht mehr - Standard

smiley auf dunklem bildschirm, windows startete nicht mehr



Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

Alt 15.09.2011, 08:28   #14
glueckskind
 
smiley auf dunklem bildschirm, windows startete nicht mehr - Standard

smiley auf dunklem bildschirm, windows startete nicht mehr



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-09-15.01 - Yvi 15.09.2011   9:17.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1979 [GMT 2:00]
ausgeführt von:: c:\users\Yvi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL80ED.tmp
c:\programdata\SPLA639.tmp
c:\programdata\SPLBCE8.tmp
c:\users\Yvi\AppData\Local\ApplicationHistory
c:\users\Yvi\AppData\Local\ApplicationHistory\EULA.exe.4fced5c1.ini
c:\users\Yvi\AppData\Local\ApplicationHistory\EULALauncher.exe.4df5db01.ini
c:\users\Yvi\AppData\Local\ApplicationHistory\GnabClient.exe.a8f69416.ini.inuse
c:\users\Yvi\AppData\Local\ApplicationHistory\GnabTray.exe.4aaf3909.ini.inuse
c:\users\Yvi\AppData\Local\ApplicationHistory\install.exe.b34347e0.ini
c:\users\Yvi\AppData\Local\ApplicationHistory\InstallUtil.exe.89c0d2f9.ini
c:\users\Yvi\AppData\Local\ApplicationHistory\RegAsm.exe.11f1da13.ini
c:\users\Yvi\AppData\Local\ApplicationHistory\shell-assoc.exe.92c8add.ini
c:\users\Yvi\AppData\Local\ApplicationHistory\uninstall-helper.exe.11771944.ini
c:\users\Yvi\hedgewars-win32.exe
c:\windows\IsUn0407.exe
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-15 bis 2011-09-15  ))))))))))))))))))))))))))))))
.
.
2011-09-15 07:24 . 2011-09-15 07:25	--------	d-----w-	c:\users\Yvi\AppData\Local\temp
2011-09-15 07:24 . 2011-09-15 07:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-09-14 09:06 . 2011-08-10 12:14	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-09-14 08:43 . 2011-08-12 02:44	7152464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85AFBCD1-C7CF-4845-8EE2-2C36A63B1517}\mpengine.dll
2011-09-09 09:13 . 2011-09-09 09:13	--------	d-----w-	c:\users\Yvi\AppData\Roaming\Malwarebytes
2011-09-09 09:13 . 2011-09-09 09:13	--------	d-----w-	c:\programdata\Malwarebytes
2011-09-08 11:55 . 2011-04-15 18:56	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0CA8B81-7919-4E6F-94FE-7B7BAA5B24DD}\gapaengine.dll
2011-09-06 07:35 . 2011-09-06 07:35	--------	d-----w-	c:\program files\Common Files\Deterministic Networks
2011-09-06 07:35 . 2011-09-06 07:35	--------	d-----w-	c:\program files\Cisco Systems
2011-09-05 17:04 . 2011-09-05 17:04	183696	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04	183696	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04	--------	d-----w-	c:\program files\Free PDF to Word Doc Converter
2011-08-29 19:55 . 2011-08-29 19:55	--------	d-----w-	c:\users\Yvi\atomix
2011-08-27 20:32 . 2011-09-08 11:44	--------	d-----w-	c:\program files\Common Files\Steam
2011-08-27 20:32 . 2011-09-08 11:44	--------	d-----w-	c:\program files\Steam
2011-08-24 16:47 . 2011-07-11 13:25	2048	----a-w-	c:\windows\system32\tzres.dll
2011-08-17 15:49 . 2011-09-04 10:43	--------	d-----w-	c:\users\Yvi\AppData\Local\Solid State Networks
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 02:44 . 2011-04-17 12:41	7152464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-05 15:47 . 2011-08-05 15:47	1138440	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-27 10:12 . 2011-07-27 10:12	218688	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-26 19:37 . 2011-07-25 20:41	444952	----a-w-	c:\windows\system32\wrap_oal.dll
2011-07-26 19:37 . 2011-07-25 20:41	109080	----a-w-	c:\windows\system32\OpenAL32.dll
2011-07-23 11:04 . 2011-08-10 16:10	916480	----a-w-	c:\windows\system32\wininet.dll
2011-07-23 11:00 . 2011-08-10 16:10	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-07-23 10:59 . 2011-08-10 16:10	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2011-07-23 10:59 . 2011-08-10 16:10	109056	----a-w-	c:\windows\system32\iesysprep.dll
2011-07-23 10:59 . 2011-08-10 16:10	71680	----a-w-	c:\windows\system32\iesetup.dll
2011-07-23 10:03 . 2011-08-10 16:10	385024	----a-w-	c:\windows\system32\html.iec
2011-07-23 09:27 . 2011-08-10 16:10	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2011-07-23 09:25 . 2011-08-10 16:10	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-13 03:39 . 2011-07-27 10:26	6881616	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-07 19:11 . 2011-07-07 19:11	0	---ha-w-	c:\users\Yvi\AppData\Local\BIT64AD.tmp
2011-07-06 15:31 . 2011-08-09 20:11	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-06-22 20:42 . 2011-05-19 06:24	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 08:54 . 2011-08-09 20:11	3602832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54 . 2011-08-09 20:11	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13 . 2011-08-09 20:11	913296	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-06-17 16:03 . 2011-08-09 20:11	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-06-17 13:31 . 2011-08-09 20:11	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-12-14 20:27 . 2008-09-24 21:02	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-08-16 19:35	799472	----a-w-	c:\program files\kikin\ie_kikin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"CrossRiderPlugin"="c:\program files\CrossriderWebApps\Crossrider.exe" [2011-05-15 478720]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"atwtusb"="atwtusb.exe" [2007-05-29 360096]
"hplampc"="c:\windows\system32\hplampc.exe" [2002-01-17 40448]
"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2010-05-05 148280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-5-18 1499136]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-9-6 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^w98Eject.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\w98Eject.lnk
backup=c:\windows\pss\w98Eject.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2008-01-30 07:32	91432	----a-w-	c:\program files\CyberLink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-14 20:27	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07	1828136	----a-w-	c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxeamon.exe]
2010-05-05 07:18	770728	----a-w-	c:\program files\Lexmark S300-S400 Series\lxeamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarTimer]
2008-07-14 13:18	126976	----a-w-	c:\program files\phonostar\ps_timer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-02-15 14:16	172032	----a-w-	c:\program files\HomeCinema\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-03-26 11:21	5369856	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-11 11:00	24095528	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 16:15	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-27 20:32	1242448	----a-w-	c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-25 10:07	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 13:54	16896	----a-w-	c:\program files\GoogleEULA\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVBroadcast]
2008-04-11 13:55	937984	----a-w-	c:\program files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 135664]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe [2010-04-14 193192]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-14 30192]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 135664]
R3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\DRIVERS\hp4200c.sys [2001-02-18 9312]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 utblfilt;utblfilt;c:\windows\system32\drivers\utblfilt.sys [2001-05-23 12084]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-27 218688]
S1 MpKslbda35929;MpKslbda35929;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85AFBCD1-C7CF-4845-8EE2-2C36A63B1517}\MpKslbda35929.sys [2011-09-15 28752]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\HomeCinema\PlayMovie\000.fcl [2008-02-15 41456]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-14 598696]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2008-02-28 1801216]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-11-21 569344]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLBDA35929
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-06 21:33]
.
2011-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 21:10]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 21:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.yodl.de/?&affid=1&uid=5ABE1BC3-76C2-4620-8ACC-E089E690C969
mSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Yvi\AppData\Roaming\Mozilla\Firefox\Profiles\luyqcj2o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.ninwiki.com/Special:Random
FF - prefs.js: keyword.URL - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Premiumplay Codec-C: crossriderapp435@crossrider.com - c:\programdata\CodecCheck\firefox
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-espaces - c:\premiumsoft\PhotoFun\photofun.exe
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-7-Zip - c:\users\Yvi\Desktop\Desktop\7-Zip\Uninstall.exe
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0407.exe
AddRemove-Die Sims - c:\windows\IsUn0407.exe
AddRemove-Pflanzen gegen Zombies - c:\users\Yvi\ZombiesVSplants\Plants vs. Zombies\PopUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-09-15 09:25
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD\000.fcl"
.
Zeit der Fertigstellung: 2011-09-15  09:27:08
ComboFix-quarantined-files.txt  2011-09-15 07:27
.
Vor Suchlauf: 15 Verzeichnis(se), 210.703.769.600 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 212.607.864.832 Bytes frei
.
- - End Of File - - 23892E331FEB6A23A23A7253E81A6607
         
--- --- ---

Alt 15.09.2011, 08:31   #15
Swisstreasure
/// Malwareteam
 
smiley auf dunklem bildschirm, windows startete nicht mehr - Standard

smiley auf dunklem bildschirm, windows startete nicht mehr



Und erscheint das smiley noch?

Antwort

Themen zu smiley auf dunklem bildschirm, windows startete nicht mehr
angezeigt, bildschirm, bli, empfehlen, essen, frage, gen, heute, hochfahren, microsoft, microsoft security, microsoft security essentials, neustart, nicht mehr, nichts, problem, problemlos, schwarzer bildschirm, security, smiley, starten, strg, thema, thread, vista, windows, wirklich



Ähnliche Themen: smiley auf dunklem bildschirm, windows startete nicht mehr


  1. Grauer Bildschirm mit traurig ausschauendem Smiley
    Plagegeister aller Art und deren Bekämpfung - 05.06.2015 (14)
  2. Windows 7 nach Anmelden Schwarzer Bildschirm mit Maus / nach einer Zeit Windows Funktioniert nicht mehr
    Alles rund um Windows - 09.02.2015 (1)
  3. Windows 7 grauer Bildschirm, lässt sich nicht mehr starten
    Log-Analyse und Auswertung - 21.01.2015 (33)
  4. Pc startete nicht/Passwort wurde nicht erkannt
    Plagegeister aller Art und deren Bekämpfung - 30.08.2014 (13)
  5. Windows 7 startet nicht mehr - Schwarzer Bildschirm mit Mauszeiger
    Log-Analyse und Auswertung - 19.08.2014 (25)
  6. Windows 7: Firefox startete nicht
    Log-Analyse und Auswertung - 19.07.2014 (3)
  7. Windows 7 startet nicht mehr, schwarzer Bildschirm
    Log-Analyse und Auswertung - 24.06.2014 (7)
  8. Windows 8: Verzerrung in grauen Linien, Bildschirm wird nicht mehr vollständig angezeigt
    Log-Analyse und Auswertung - 10.04.2014 (4)
  9. Nach download von Qtranslate startet Windows 7 nicht mehr- Bildschirm schwarz
    Log-Analyse und Auswertung - 29.01.2014 (15)
  10. Windows 7 bootet nicht mehr (schwarzer Bildschirm, weiße Maus)
    Plagegeister aller Art und deren Bekämpfung - 30.07.2013 (7)
  11. Weißer Bildschirm, Windows startet nicht mehr
    Log-Analyse und Auswertung - 07.07.2013 (11)
  12. Windows 7 startet nicht mehr, schwarzer Bildschirm beim Booten mit weißem Mauszeiger
    Log-Analyse und Auswertung - 19.03.2013 (0)
  13. Windows startet nicht mehr! Nur schwarzer Bildschirm mit Cursor oben links!
    Plagegeister aller Art und deren Bekämpfung - 19.10.2011 (11)
  14. Lustige Farben (Grafikfehler), Bildschirm tot (kein Signal), Windows tot (startet nicht mehr)
    Alles rund um Windows - 11.07.2011 (2)
  15. Windows XP startet nicht mehr->nur blauer Bildschirm
    Alles rund um Windows - 22.08.2009 (9)
  16. Windows Vista startet nicht mehr->nur blauer Bildschirm
    Alles rund um Windows - 24.05.2009 (1)
  17. Smiley + dunkler Bildschirm, Windows XP fährt nicht mehr hoch
    Plagegeister aller Art und deren Bekämpfung - 04.06.2007 (1)

Zum Thema smiley auf dunklem bildschirm, windows startete nicht mehr - hej, ich fand hier schon einen eintragmit scheinbar selbigem problem von 2007 http://www.trojaner-board.de/39607-s...mehr-hoch.html habe aber vorsichtshalber nicht in diesem thread weitergeschrieben, da ich nicht weiss, inwiefern mein thema als aktuell - smiley auf dunklem bildschirm, windows startete nicht mehr...
Archiv
Du betrachtest: smiley auf dunklem bildschirm, windows startete nicht mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.