Bundespolizei Virus

Zigarre · 13.06.2011, 14:03

Hallo,
habe auch den bundespolizei virus „gehabt“ ,habe hier nach eurer anleitung das System wieder hergestellt , auf das Datum von vor einem Monat.
Bin mir allerdings nicht sicher ob alles bereiningt ist oder Dateien noch befallen sind.

Dewegen im anfang otl und extras.

Windows Vista premium home 32 bitOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 13.06.2011 14:52:58 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Sinna\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,64% Memory free
6,19 Gb Paging File | 5,12 Gb Available in Paging File | 82,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,99 Gb Total Space | 272,68 Gb Free Space | 60,20% Space Free | Partition Type: NTFS
 
Computer Name: SINNA-PC | User Name: Sinna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sinna\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe (Acer)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\rstrui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Sinna\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_8675ab0.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (FPSensor) EgisTech-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\System32\drivers\FPSensor.sys (Egis)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_7738
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Sinna\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56162
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 06:12:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.17 22:51:10 | 000,000,000 | ---D | M]
 
[2010.08.22 16:45:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sinna\AppData\Roaming\mozilla\Extensions
[2011.05.24 07:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sinna\AppData\Roaming\mozilla\Firefox\Profiles\ifzj4yde.default\extensions
[2011.03.12 12:40:55 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\Sinna\AppData\Roaming\mozilla\Firefox\Profiles\ifzj4yde.default\extensions\elemhidehelper@adblockplus.org
[2011.03.15 13:21:54 | 000,000,931 | ---- | M] () -- C:\Users\Sinna\AppData\Roaming\Mozilla\Firefox\Profiles\ifzj4yde.default\searchplugins\conduit.xml
[2010.08.22 18:28:37 | 000,002,354 | ---- | M] () -- C:\Users\Sinna\AppData\Roaming\Mozilla\Firefox\Profiles\ifzj4yde.default\searchplugins\ecosia.xml
[2011.06.01 08:17:11 | 000,000,950 | ---- | M] () -- C:\Users\Sinna\AppData\Roaming\Mozilla\Firefox\Profiles\ifzj4yde.default\searchplugins\icqplugin-1.xml
[2010.11.10 21:03:14 | 000,000,950 | ---- | M] () -- C:\Users\Sinna\AppData\Roaming\Mozilla\Firefox\Profiles\ifzj4yde.default\searchplugins\icqplugin-2.xml
[2010.10.26 14:09:15 | 000,001,056 | ---- | M] () -- C:\Users\Sinna\AppData\Roaming\Mozilla\Firefox\Profiles\ifzj4yde.default\searchplugins\icqplugin.xml
[2010.10.11 20:50:16 | 000,002,062 | ---- | M] () -- C:\Users\Sinna\AppData\Roaming\Mozilla\Firefox\Profiles\ifzj4yde.default\searchplugins\qip-search.xml
[2011.04.17 22:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.01.24 22:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.11.16 12:00:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.03 12:04:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\SINNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IFZJ4YDE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SINNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IFZJ4YDE.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2010.08.24 12:11:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.05.03 06:12:04 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.24 18:38:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Sinna\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Users\Sinna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sinna\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sinna\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.05 19:09:20 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Documents\BlackBerry
[2011.06.05 18:53:38 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Desktop\bbbaby
[2011.06.05 18:40:05 | 000,000,000 | ---D | C] -- C:\Users\Sinna\AppData\Local\Research In Motion
[2011.06.05 18:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2011.06.05 18:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2011.06.04 21:52:00 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Desktop\mmumumusik
[2011.05.21 18:44:26 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Desktop\ausrucken
[2011.05.18 20:43:55 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Desktop\rot ist tot
[2011.05.18 11:52:07 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Desktop\Tatts
[2010.08.21 04:37:47 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.13 14:48:56 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.13 14:48:56 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.13 14:48:56 | 000,131,218 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.13 14:48:56 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.13 14:45:02 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{22417232-7499-4B1D-A54D-47F898DF70A7}.job
[2011.06.13 14:42:14 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.06.13 14:42:14 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.06.13 14:41:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.13 14:41:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.13 14:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.13 14:41:35 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.05 19:20:09 | 004,940,920 | ---- | M] () -- C:\Users\Sinna\Documents\LoaderBackup-(2011-06-05).ipd
[2011.05.31 06:53:03 | 000,037,081 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lc45jkM1qt1qczjnio1_500.jpg
[2011.05.29 22:05:57 | 000,306,940 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lb6056F5P61qbk3yjo1_500.png
[2011.05.29 22:02:53 | 000,050,491 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_leaqwcvmFx1qb1ewoo1_500.jpg
[2011.05.27 21:16:09 | 000,099,351 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_ldzay1ve5X1qaoueko1_500.jpg
[2011.05.27 21:11:26 | 000,074,121 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lgx9ztJHeW1qak673o1_500.jpg
[2011.05.27 16:09:44 | 000,072,011 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_ljijhnpSW11qzqvk9o1_500.jpg
[2011.05.27 11:32:47 | 000,503,890 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_ljjyd2wned1qic93ho1_500.gif
[2011.05.27 11:22:28 | 000,064,085 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lkajwuGc4I1qzayw1o1_500.jpg
[2011.05.27 10:43:59 | 000,225,335 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lgb1jfD3n81qze3z5o1_500.png
[2011.05.27 10:37:45 | 000,038,296 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_ll98y6A2aF1qfhmamo1_500.jpg
[2011.05.27 10:36:06 | 000,092,796 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lllwz9n0Gb1qcuykbo1_500.jpg
[2011.05.26 00:24:01 | 000,042,784 | ---- | M] () -- C:\Users\Sinna\Desktop\pikachu-41871.jpg
[2011.05.26 00:19:43 | 000,088,659 | ---- | M] () -- C:\Users\Sinna\Desktop\fish.jpg
[2011.05.22 19:48:46 | 000,160,594 | ---- | M] () -- C:\Users\Sinna\Desktop\232323232%7Fngo83(9)rdeduvgwu)8i;)6h;)h 6);7f)699)6(7)dg6)2( )e;e)2(c)84=ot1lsi.jpg
[2011.05.22 15:50:53 | 000,507,763 | ---- | M] () -- C:\Users\Sinna\Desktop\Foto.JPG
[2011.05.21 19:16:05 | 000,083,784 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_ll3ihc9eLF1qireobo1_500.jpg
[2011.05.21 08:00:54 | 000,101,777 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_l5r3cmrpFv1qa9eqho1_500.jpg
 
========== Files Created - No Company Name ==========
 
[2011.06.13 14:41:35 | 3215,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2011.06.05 19:20:09 | 004,940,920 | ---- | C] () -- C:\Users\Sinna\Documents\LoaderBackup-(2011-06-05).ipd
[2011.05.31 06:53:02 | 000,037,081 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lc45jkM1qt1qczjnio1_500.jpg
[2011.05.29 22:05:57 | 000,306,940 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lb6056F5P61qbk3yjo1_500.png
[2011.05.29 22:02:53 | 000,050,491 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_leaqwcvmFx1qb1ewoo1_500.jpg
[2011.05.27 21:16:09 | 000,099,351 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_ldzay1ve5X1qaoueko1_500.jpg
[2011.05.27 21:11:25 | 000,074,121 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lgx9ztJHeW1qak673o1_500.jpg
[2011.05.27 16:09:44 | 000,072,011 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_ljijhnpSW11qzqvk9o1_500.jpg
[2011.05.27 11:32:46 | 000,503,890 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_ljjyd2wned1qic93ho1_500.gif
[2011.05.27 11:22:27 | 000,064,085 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lkajwuGc4I1qzayw1o1_500.jpg
[2011.05.27 10:43:59 | 000,225,335 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lgb1jfD3n81qze3z5o1_500.png
[2011.05.27 10:37:45 | 000,038,296 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_ll98y6A2aF1qfhmamo1_500.jpg
[2011.05.27 10:36:05 | 000,092,796 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lllwz9n0Gb1qcuykbo1_500.jpg
[2011.05.26 00:24:01 | 000,042,784 | ---- | C] () -- C:\Users\Sinna\Desktop\pikachu-41871.jpg
[2011.05.26 00:19:43 | 000,088,659 | ---- | C] () -- C:\Users\Sinna\Desktop\fish.jpg
[2011.05.22 19:48:46 | 000,160,594 | ---- | C] () -- C:\Users\Sinna\Desktop\232323232%7Fngo83(9)rdeduvgwu)8i;)6h;)h 6);7f)699)6(7)dg6)2( )e;e)2(c)84=ot1lsi.jpg
[2011.05.22 15:50:52 | 000,507,763 | ---- | C] () -- C:\Users\Sinna\Desktop\Foto.JPG
[2011.05.21 19:16:04 | 000,083,784 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_ll3ihc9eLF1qireobo1_500.jpg
[2011.05.21 08:00:54 | 000,101,777 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_l5r3cmrpFv1qa9eqho1_500.jpg
[2011.02.04 17:40:36 | 000,001,814 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.01.17 23:17:22 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2011.01.17 23:17:21 | 000,040,129 | ---- | C] () -- C:\Windows\iccsigs.dat
[2011.01.17 23:17:21 | 000,000,048 | ---- | C] () -- C:\Windows\KPCMS.INI
[2011.01.16 14:28:14 | 000,006,204 | ---- | C] () -- C:\Users\Sinna\AppData\Roaming\1EBE.C7E
[2011.01.14 07:46:37 | 000,007,808 | ---- | C] () -- C:\Users\Sinna\AppData\Local\d3d9caps.dat
[2011.01.06 19:01:10 | 000,000,093 | ---- | C] () -- C:\Users\Sinna\AppData\Local\fusioncache.dat
[2010.12.04 00:09:23 | 000,000,469 | ---- | C] () -- C:\Users\Sinna\AppData\Roaming\Poladroid prefs.plist
[2010.09.28 15:06:25 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.09.07 23:46:01 | 000,022,528 | ---- | C] () -- C:\Users\Sinna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.25 11:54:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.25 11:54:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.08.22 18:01:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.20 20:11:50 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2010.08.20 20:11:50 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010.08.20 20:11:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010.08.20 20:11:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010.08.20 20:11:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010.08.20 20:11:50 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010.08.20 20:02:05 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.08.20 19:59:57 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.03.12 12:47:51 | 000,639,210 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.03.12 12:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.03.12 12:47:51 | 000,131,218 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.03.12 12:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.03.12 04:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.05.23 00:22:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.05.23 00:18:54 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,329,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,764 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,108,096 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.11.16 12:04:34 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\.minecraft
[2010.08.20 20:17:30 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Acer
[2010.08.22 16:00:42 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Acer GameZone Console
[2010.08.22 20:11:55 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Auslogics
[2010.09.19 11:27:42 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\BOM
[2011.03.31 10:38:28 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.18 21:00:56 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\ICQ
[2011.01.06 19:02:20 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Imaxel
[2010.09.19 16:38:06 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\OpenOffice.org
[2011.02.16 22:55:29 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Opera
[2010.08.22 17:20:57 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\QIP
[2011.06.05 18:41:11 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Research In Motion
[2010.09.01 07:39:41 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\SharePod
[2010.08.22 16:29:47 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\SoftDMA
[2011.05.13 00:11:46 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.06.13 14:45:02 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{22417232-7499-4B1D-A54D-47F898DF70A7}.job
 
========== Purity Check ==========
 
 
 
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 13.06.2011 14:52:58 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Sinna\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,64% Memory free
6,19 Gb Paging File | 5,12 Gb Available in Paging File | 82,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,99 Gb Total Space | 272,68 Gb Free Space | 60,20% Space Free | Partition Type: NTFS
 
Computer Name: SINNA-PC | User Name: Sinna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0582F458-CC8D-45D5-8DC3-8FB8736DCEBD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{19950E14-28EF-4456-95AA-35328FAF5AAF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{47F42FAF-A357-405D-9C9D-7F85F4708B5B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7B00F96F-4A88-489C-90D8-66D944A96068}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7DF2B726-28F1-4CC5-A12E-1752A0B732CB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{83323325-00D3-4685-9641-FE5352A2D08D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8B69B136-8751-470B-9621-F956D1E0740F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B217DC5E-EE06-47FD-AA22-6E3917783611}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C43C6586-3A2B-4BCB-A383-1FCB6B9AC5BE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{ECD6CB1A-B0EE-4F4C-91EA-482F785C4452}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E6E309A-B1C3-4957-8B81-F6B6BDAF5E92}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{111A16C7-82CD-4E91-8CCA-4A97ECBF96C7}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{18455F85-4622-4EB4-8715-A2BC95604C91}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2489816D-C533-43D8-9FC8-B581BFFD8242}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{3E2E4243-F2ED-4100-A176-D5DD35356B96}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{468951FA-6553-4F25-BF2F-C45DDBF35C79}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4DA45148-6971-4CB1-BD15-B8D7E8E99C9F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{5A1B401B-8A41-4B36-91C8-4CA2585515B5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{654D8CCD-D874-4AF3-98EF-63E07F245E22}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{85384E3B-C255-4BF4-A888-06A6273BE78C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{9BB72814-ED55-459D-80E5-5710C07794DA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{9D80E308-AB07-4C98-B1D1-315C95E0E334}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B5015BEB-E8B9-4076-9626-75FC7F8636BE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{BBD71475-4390-4167-85A6-B44EB609F2BE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{BD8943A2-AFBB-4AEF-8D14-9FA7E5CE8C31}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C4F5FA1F-F3B7-4ADF-8CF5-90EC9182427E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CCCD34C5-1933-4C0F-AAA4-1833340B80F3}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{F9B12EF9-A0F5-48BE-8920-84EB67034A41}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{FAFF2FAC-5DC8-4DCA-99A1-A8001883211F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"TCP Query User{B7C545DF-4B3E-4582-881D-C1F67DFA07E5}C:\program files\qq\africa2003\qq.exe" = protocol=6 | dir=in | app=c:\program files\qq\africa2003\qq.exe | 
"TCP Query User{BFA61B52-4B14-47A3-BE47-866D04E5D9B8}C:\users\sinna\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\sinna\appdata\local\temp\cprogram filesopera\operaupgrader.exe | 
"UDP Query User{7433F8C1-EBCA-4CFB-AFA2-7E3C0FCE5EB1}C:\users\sinna\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\sinna\appdata\local\temp\cprogram filesopera\operaupgrader.exe | 
"UDP Query User{BD1FA72B-5F0F-4B5C-8BB9-6FCE07D0D79B}C:\program files\qq\africa2003\qq.exe" = protocol=17 | dir=in | app=c:\program files\qq\africa2003\qq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}" = BlackBerry Device Software Updater
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD6892C-C9A8-404B-95ED-1CCE15324178}" = BlackBerry App World Browser Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Bamboo
"QQ2003" = QQ2003 SA
"Sandboxie" = Sandboxie 3.52
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 24.05.2011 12:27:33 | Computer Name = Sinna-pc | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.05.2011 15:22:02 | Computer Name = Sinna-pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 24.05.2011 15:23:18 | Computer Name = Sinna-pc | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.05.2011 16:36:45 | Computer Name = Sinna-pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 24.05.2011 16:38:02 | Computer Name = Sinna-pc | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.05.2011 01:41:16 | Computer Name = Sinna-pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.05.2011 01:42:24 | Computer Name = Sinna-pc | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.05.2011 05:43:40 | Computer Name = Sinna-pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.05.2011 05:44:52 | Computer Name = Sinna-pc | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.05.2011 05:45:47 | Computer Name = Sinna-pc | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 2.0.1.4120 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 620 Anfangszeit: 01cc1ac06d43d40e Zeitpunkt der Beendigung:
16
 
[ System Events ]
Error - 13.06.2011 08:32:58 | Computer Name = Sinna-pc | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 13.06.2011 08:32:58 | Computer Name = Sinna-pc | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 13.06.2011 08:34:20 | Computer Name = Sinna-pc | Source = DCOM | ID = 10005
Description = 
 
Error - 13.06.2011 08:42:13 | Computer Name = Sinna-pc | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "ACER" aus.
 
Error - 13.06.2011 08:42:22 | Computer Name = Sinna-pc | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "ACER" aus.
 
Error - 13.06.2011 08:42:31 | Computer Name = Sinna-pc | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "ACER" aus.
 
Error - 13.06.2011 08:43:16 | Computer Name = Sinna-pc | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.06.2011 08:43:16 | Computer Name = Sinna-pc | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.06.2011 08:49:56 | Computer Name = Sinna-pc | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 13.06.2011 08:56:17 | Computer Name = Sinna-pc | Source = WinDefend | ID = 2004
Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.
Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte
Signaturen: %%824 Fehlercode: 0x8050a001 Fehlerbeschreibung: Das Programm kann keine
Definitionsdateien finden, die dazu dienen, unerwünschte Software zu erkennen. 
Überprüfen Sie, ob aktualisierte Definitionsdateien vorhanden sind, und versuchen
Sie es dann erneut. Weitere Informationen zum Installieren von Updates finden Sie
unter "Hilfe und Support". Ladende Signaturen: %%825 Ladene Signaturversion: 1.105.929.0
 
    Ladende
Modulversion: 1.1.6802.0
 
 
< End of report >

--- --- ---

cosinus · 14.06.2011, 11:07

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL-Custom:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Zigarre · 14.06.2011, 21:06

Danke für die nette Antwort. Aber das Problem hat sich irgenwie verschlimmert.
Habe gestern Malewarebytes, Stinger und Antivir durchlaufen lassen und einen Neustart ausgeführt. Beim Hochfahren wurde dann eine Meldung gezeigt, die in etwa so lautete: x% fertiggestellt (eine sehr hohe Zahl) und irgendetwas von Datenträgerbereinigung. Nach jedem % Sprang die Meldung dann mit anderen Zahlen eine Zeile weiter. Als er dann fertig war wollte er normal hochfahren, doch nach diesem Ladebalken von Windows kommt ein Bluescreen und der rechner fährt wieder runter. Beim Abgesicherten Modus kommt der selbe Bluescreen.
Was nun ? Ich könnte das Recovery Programm ausführen, will aber meine Daten sichern :/

Ich hoffe Ihr könnt mir helfen.
Vielen Dank schonmal.

cosinus · 14.06.2011, 21:29

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

Zigarre · 16.06.2011, 12:05

So, habe mit hilfe der BootCD die OTLogs erstellen koennenOTL Logfile:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 6/16/2011 2:03:46 PM - Run 
OTLPE by OldTimer - Version 3.1.46.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452.99 Gb Total Space | 272.51 Gb Free Space | 60.16% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/06/13 08:42:18 | 003,435,096 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Akamai\netsession_win_8675ab0.dll -- (Akamai)
SRV - [2011/04/28 17:15:29 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/18 04:48:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/12 10:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) [Auto] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/10/21 04:38:32 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Auto] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010/10/21 04:38:32 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Auto] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2009/05/14 17:03:30 | 000,305,448 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008/03/18 15:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | Auto] --  -- (int15)
DRV - [2011/03/18 04:48:14 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/12 10:35:48 | 000,125,672 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/11/29 01:42:05 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/05 08:26:10 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/10/05 08:26:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010/10/05 08:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/06/23 12:11:00 | 009,774,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/01 01:43:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/02/22 22:18:06 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/12/24 09:57:00 | 000,026,928 | ---- | M] (Egis) [Kernel | Auto] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) EgisTech-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV - [2008/12/04 12:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/12/04 12:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/12/04 12:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/10/08 04:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim)
DRV - [2008/10/08 04:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV - [2008/09/25 11:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/09/04 00:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/02/29 19:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_7738
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Sinna_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKU\Sinna_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\Sinna_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Sinna_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\Sinna_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Sinna_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKU\Sinna_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Sinna_ON_C\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found
IE - HKU\Sinna_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKU\Sinna_ON_C\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Sinna\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\Sinna_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sinna_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56162
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 00:12:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/17 16:51:10 | 000,000,000 | ---D | M]
 
[2011/04/17 16:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/24 16:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/11/16 06:00:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/03 06:04:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/03 00:12:04 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 13:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/01/01 04:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/01/01 04:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/01/24 12:38:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Sinna\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKU\Sinna_ON_C\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\Sinna_ON_C..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Sinna_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/06/13 16:31:17 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/06/05 13:09:20 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Documents\BlackBerry
[2011/06/05 12:53:38 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Desktop\bbbaby
[2011/06/05 12:40:05 | 000,000,000 | ---D | C] -- C:\Users\Sinna\AppData\Local\Research In Motion
[2011/06/05 12:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2011/06/05 12:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2011/06/04 15:52:00 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Desktop\mmumumusik
[2011/05/21 12:44:26 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Desktop\ausrucken
[2011/05/18 14:43:55 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Desktop\rot ist tot
[2011/05/18 05:52:07 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Desktop\Tatts
[2010/08/20 22:37:47 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/06/14 15:59:40 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/14 15:59:38 | 118,968,288 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/14 15:59:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/13 16:28:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/13 16:28:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/13 12:43:16 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{22417232-7499-4B1D-A54D-47F898DF70A7}.job
[2011/06/13 08:48:56 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/06/13 08:48:56 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/13 08:48:56 | 000,131,218 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/06/13 08:48:56 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/13 08:42:14 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/06/13 08:42:14 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/06/05 13:20:09 | 004,940,920 | ---- | M] () -- C:\Users\Sinna\Documents\LoaderBackup-(2011-06-05).ipd
[2011/05/31 00:53:03 | 000,037,081 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lc45jkM1qt1qczjnio1_500.jpg
[2011/05/29 16:05:57 | 000,306,940 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lb6056F5P61qbk3yjo1_500.png
[2011/05/29 16:02:53 | 000,050,491 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_leaqwcvmFx1qb1ewoo1_500.jpg
[2011/05/27 15:16:09 | 000,099,351 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_ldzay1ve5X1qaoueko1_500.jpg
[2011/05/27 15:11:26 | 000,074,121 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lgx9ztJHeW1qak673o1_500.jpg
[2011/05/27 10:09:44 | 000,072,011 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_ljijhnpSW11qzqvk9o1_500.jpg
[2011/05/27 05:32:47 | 000,503,890 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_ljjyd2wned1qic93ho1_500.gif
[2011/05/27 05:22:28 | 000,064,085 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lkajwuGc4I1qzayw1o1_500.jpg
[2011/05/27 04:43:59 | 000,225,335 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lgb1jfD3n81qze3z5o1_500.png
[2011/05/27 04:37:45 | 000,038,296 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_ll98y6A2aF1qfhmamo1_500.jpg
[2011/05/27 04:36:06 | 000,092,796 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lllwz9n0Gb1qcuykbo1_500.jpg
[2011/05/25 18:24:01 | 000,042,784 | ---- | M] () -- C:\Users\Sinna\Desktop\pikachu-41871.jpg
[2011/05/25 18:19:43 | 000,088,659 | ---- | M] () -- C:\Users\Sinna\Desktop\fish.jpg
[2011/05/22 13:48:46 | 000,160,594 | ---- | M] () -- C:\Users\Sinna\Desktop\232323232%7Fngo83(9)rdeduvgwu)8i;)6h;)h 6);7f)699)6(7)dg6)2( )e;e)2(c)84=ot1lsi.jpg
[2011/05/22 09:50:53 | 000,507,763 | ---- | M] () -- C:\Users\Sinna\Desktop\Foto.JPG
[2011/05/21 13:16:05 | 000,083,784 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_ll3ihc9eLF1qireobo1_500.jpg
[2011/05/21 02:00:54 | 000,101,777 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_l5r3cmrpFv1qa9eqho1_500.jpg
 
========== Files Created - No Company Name ==========
 
[2011/06/14 15:59:40 | 3215,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/05 13:20:09 | 004,940,920 | ---- | C] () -- C:\Users\Sinna\Documents\LoaderBackup-(2011-06-05).ipd
[2011/05/31 00:53:02 | 000,037,081 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lc45jkM1qt1qczjnio1_500.jpg
[2011/05/29 16:05:57 | 000,306,940 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lb6056F5P61qbk3yjo1_500.png
[2011/05/29 16:02:53 | 000,050,491 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_leaqwcvmFx1qb1ewoo1_500.jpg
[2011/05/27 15:16:09 | 000,099,351 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_ldzay1ve5X1qaoueko1_500.jpg
[2011/05/27 15:11:25 | 000,074,121 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lgx9ztJHeW1qak673o1_500.jpg
[2011/05/27 10:09:44 | 000,072,011 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_ljijhnpSW11qzqvk9o1_500.jpg
[2011/05/27 05:32:46 | 000,503,890 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_ljjyd2wned1qic93ho1_500.gif
[2011/05/27 05:22:27 | 000,064,085 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lkajwuGc4I1qzayw1o1_500.jpg
[2011/05/27 04:43:59 | 000,225,335 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lgb1jfD3n81qze3z5o1_500.png
[2011/05/27 04:37:45 | 000,038,296 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_ll98y6A2aF1qfhmamo1_500.jpg
[2011/05/27 04:36:05 | 000,092,796 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lllwz9n0Gb1qcuykbo1_500.jpg
[2011/05/25 18:24:01 | 000,042,784 | ---- | C] () -- C:\Users\Sinna\Desktop\pikachu-41871.jpg
[2011/05/25 18:19:43 | 000,088,659 | ---- | C] () -- C:\Users\Sinna\Desktop\fish.jpg
[2011/05/22 13:48:46 | 000,160,594 | ---- | C] () -- C:\Users\Sinna\Desktop\232323232%7Fngo83(9)rdeduvgwu)8i;)6h;)h 6);7f)699)6(7)dg6)2( )e;e)2(c)84=ot1lsi.jpg
[2011/05/22 09:50:52 | 000,507,763 | ---- | C] () -- C:\Users\Sinna\Desktop\Foto.JPG
[2011/05/21 13:16:04 | 000,083,784 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_ll3ihc9eLF1qireobo1_500.jpg
[2011/05/21 02:00:54 | 000,101,777 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_l5r3cmrpFv1qa9eqho1_500.jpg
[2011/02/04 11:40:36 | 000,001,814 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/01/17 17:17:22 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2011/01/17 17:17:21 | 000,040,129 | ---- | C] () -- C:\Windows\iccsigs.dat
[2011/01/17 17:17:21 | 000,000,048 | ---- | C] () -- C:\Windows\KPCMS.INI
[2011/01/16 08:28:14 | 000,006,204 | ---- | C] () -- C:\Users\Sinna\AppData\Roaming\1EBE.C7E
[2011/01/14 01:46:37 | 000,007,808 | ---- | C] () -- C:\Users\Sinna\AppData\Local\d3d9caps.dat
[2011/01/06 13:01:10 | 000,000,093 | ---- | C] () -- C:\Users\Sinna\AppData\Local\fusioncache.dat
[2010/12/03 18:09:23 | 000,000,469 | ---- | C] () -- C:\Users\Sinna\AppData\Roaming\Poladroid prefs.plist
[2010/09/28 09:06:25 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/09/07 17:46:01 | 000,022,528 | ---- | C] () -- C:\Users\Sinna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 05:54:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/08/25 05:54:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/22 12:01:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/20 14:11:50 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2010/08/20 14:11:50 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010/08/20 14:11:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010/08/20 14:11:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010/08/20 14:11:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010/08/20 14:11:50 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010/08/20 14:02:05 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/20 13:59:57 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/03/12 06:47:51 | 000,639,210 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/03/12 06:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/03/12 06:47:51 | 000,131,218 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/03/12 06:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/03/12 06:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/03/11 22:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/11 16:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/02/11 16:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/02/11 16:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008/10/07 03:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 03:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/05/22 18:22:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/22 18:18:54 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,329,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,764 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,108,096 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010/11/16 06:04:34 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\.minecraft
[2010/08/20 14:17:30 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Acer
[2010/08/22 10:00:42 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Acer GameZone Console
[2010/08/22 14:11:55 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Auslogics
[2010/09/19 05:27:42 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\BOM
[2011/03/31 04:38:28 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/05/18 15:00:56 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\ICQ
[2011/01/06 13:02:20 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Imaxel
[2010/09/19 10:38:06 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\OpenOffice.org
[2011/02/16 16:55:29 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Opera
[2010/08/22 11:20:57 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\QIP
[2011/06/05 12:41:11 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Research In Motion
[2010/09/01 01:39:41 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\SharePod
[2010/08/22 10:29:47 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\SoftDMA
[2010/08/20 13:54:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2011/03/23 15:24:11 | 000,000,000 | ---D | M] -- C:\ProgramData\AppData
[2010/08/20 13:54:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2010/08/20 13:54:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/01/18 14:30:59 | 000,000,000 | ---D | M] -- C:\ProgramData\eBay
[2010/08/20 14:29:09 | 000,000,000 | ---D | M] -- C:\ProgramData\EgisTec
[2010/08/20 14:23:16 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2010/08/20 13:54:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2010/10/11 15:12:22 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2011/06/05 12:31:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Research In Motion
[2010/08/20 13:54:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/03/11 23:26:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2010/08/20 13:54:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/06/13 16:28:05 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/13 12:43:16 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{22417232-7499-4B1D-A54D-47F898DF70A7}.job
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 6/16/2011 2:03:46 PM - Run 
OTLPE by OldTimer - Version 3.1.46.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452.99 Gb Total Space | 272.51 Gb Free Space | 60.16% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}" = BlackBerry Device Software Updater
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD6892C-C9A8-404B-95ED-1CCE15324178}" = BlackBerry App World Browser Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Bamboo
"QQ2003" = QQ2003 SA
"Sandboxie" = Sandboxie 3.52
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinRAR archiver" = WinRAR
 
< End of report >

--- --- ---

cosinus · 16.06.2011, 12:31

Log ist unauffällig. Fährt Windows jetzt garnicht mehr hoch?

Zigarre · 16.06.2011, 12:36

Genau. Nach dem ladebalken von Windows kommt direkt ein Bluescreen.

cosinus · 16.06.2011, 12:48

Nach der Hochzählung bei Windowsstart zu beurteilen würde ich auf irgendeinen Updateprozess tippen. Geht auch kein anderer Modus wie abgesicherter Modus oder letzte als funktionierend bekannte Konfig?

Zigarre · 16.06.2011, 12:55

Nein, leider nicht. Bei allen Modi kommt der Bluescreen.

cosinus · 16.06.2011, 12:58

Dann folge mal dem zweiten Link in meiner Signatur zum Sichern der Daten. Prinzipiell kannst du auch mit der OTLPE-CD die Daten sichern.

Anschließend kannst du eine Reparatur- oder Neuinstallation von Windows vornehmen. Wenn die Reparatur nicht funktioniert musst du neu installieren. Du kannst auch gleich alles komplett neu installieren bzw. Recovern wenn du nur Recoverymedien hast.

Zigarre · 16.06.2011, 13:03

Alles Klar, vielen Dank. Dann werd ich mich mal der Scherung der Daten zuwenden.

16.06.2011, 12:31	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei Virus Log ist unauffällig. Fährt Windows jetzt garnicht mehr hoch? __________________ --> Bundespolizei Virus

16.06.2011, 12:48	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei Virus Nach der Hochzählung bei Windowsstart zu beurteilen würde ich auf irgendeinen Updateprozess tippen. Geht auch kein anderer Modus wie abgesicherter Modus oder letzte als funktionierend bekannte Konfig? __________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen

Bundespolizei Virus

Log-Analyse und Auswertung: Bundespolizei Virus