Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: roter Bildschirm mit der Warnung "Windows System blockiert"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.09.2011, 09:57   #1
Don92
 
roter Bildschirm mit der Warnung "Windows System blockiert" - Standard

roter Bildschirm mit der Warnung "Windows System blockiert"



Bei mir ist das gleiche Problem wie bei anderen.
Ein Trojaner Spendenboard, auf dem normalen Benutzerkonto.
Das Adminkonto funktioniert und ich habe Malewarebytes, Eset und OTL durchlaufen lassen.
die Logs schick ich später zu könnte mir bitte jemand damit helfen, da ich nicht vom Fach bin.

Danke im Voraus!

Alt 26.09.2011, 13:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
roter Bildschirm mit der Warnung "Windows System blockiert" - Standard

roter Bildschirm mit der Warnung "Windows System blockiert"



Zitat:
Ein Trojaner Spendenboard, auf dem normalen Benutzerkonto.


Zitat:
die Logs schick ich später zu könnte mir bitte jemand damit helfen, da ich nicht vom Fach bin.
ja bitte ALLES posten
__________________

__________________

Alt 26.09.2011, 13:57   #3
Don92
 
roter Bildschirm mit der Warnung "Windows System blockiert" - Standard

roter Bildschirm mit der Warnung "Windows System blockiert"



Mit dem Adminkonto war nichts halt nur das andere Benutzerkonto hat das Problem.
Kann die Logs erst nach 17:30 Uhr posten.

Bis dann und danke für das, dass du mir hilfst!
__________________

Alt 26.09.2011, 18:18   #4
Don92
 
roter Bildschirm mit der Warnung "Windows System blockiert" - Standard

roter Bildschirm mit der Warnung "Windows System blockiert"



Malwarebytes Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7796

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

25.09.2011 22:25:08
mbam-log-2011-09-25 (22-25-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 357542
Laufzeit: 1 Stunde(n), 51 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\AdVantage (Adware.Vomba) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\****\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
_______________________________________

Eset Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=49635db9d810264ba225a086ab9a1318
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-25 10:23:28
# local_time=2011-09-26 12:23:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777191 100 0 113627766 113627766 0 0
# compatibility_mode=5892 16776573 100 100 540 154515737 0 0
# compatibility_mode=8192 67108863 100 0 141 141 0 0
# scanned=201340
# found=2
# cleaned=0
# scan_time=6399
C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5N3A39T\guhmxvhuhofvguyryui[1].exe a variant of Win32/Kryptik.TDZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Mama\AppData\Roaming\Sun\Java\jqs.exe a variant of Win32/Kryptik.TDZ trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=49635db9d810264ba225a086ab9a1318
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-26 04:59:31
# local_time=2011-09-26 06:59:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777191 100 0 113651338 113651338 0 0
# compatibility_mode=5892 16776573 100 100 127 154539309 0 0
# compatibility_mode=8192 67108863 100 0 23713 23713 0 0
# scanned=201352
# found=2
# cleaned=0
# scan_time=6590
C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5N3A39T\guhmxvhuhofvguyryui[1].exe a variant of Win32/Kryptik.TDZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\****\AppData\Roaming\Sun\Java\jqs.exe a variant of Win32/Kryptik.TDZ trojan (unable to clean) 00000000000000000000000000000000 I

_________________________________________________


OTL Log 1:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.09.2011 07:17:52 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Papa\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 54,35% Memory free
3,72 Gb Paging File | 2,53 Gb Available in Paging File | 68,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,88 Gb Total Space | 62,60 Gb Free Space | 27,84% Space Free | Partition Type: NTFS
 
Computer Name: PAPA-PC | User Name: Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0959DA97-F872-42FB-A941-655503BEBBF3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{40E14298-65BC-4144-A0FD-354A7E1D7AA9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{48E62159-4B8B-4B22-81D9-3912A5B5344E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{6A221522-97FA-4677-88A3-E8CBBDB65ABF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8EDA3378-1763-4DDB-98A0-F001514E229C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A1167535-373E-4893-8139-91487C4B5B82}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B0ABF331-BF0E-4F30-A489-14075A232EDB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D2C22E33-C8D4-4DF8-9014-665993F74D68}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D44EEDBA-3ABD-44BC-9972-2B5A7B6A6039}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D61D1059-1DD5-4C17-8208-EB2DABFF8985}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D6D40510-B7B5-4D71-88CE-E2D76D19B95B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D91EC34C-2B45-47F7-AD82-8510FB31C7E1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{ED6B8C7A-85CF-4D63-8970-14C52CC6608B}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D62A27-962A-4A6F-BD86-290E243F3C92}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{0FEC750B-90E4-4B83-8694-3A1DB388C448}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{13E02943-F973-4142-A46B-EC21221C763D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{246CCB5D-850A-4B2F-A454-1FCB45C207E4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{444DEB3C-24A2-4D8D-925D-D7EEFFDCC144}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{4FC75546-37C1-4529-95E7-06A1B73BE636}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{65FBB6FC-5560-4826-B339-9D654E261E4E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{7626DAB2-8DB9-4C4E-AA8F-18D00C9D0794}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7C1CFE58-0B6B-40C6-9D6A-C550E020A9F6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{82343093-A8ED-4407-9105-2F07E33688AE}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{8BB424CD-E908-4F57-9F39-207138FE02C3}" = dir=in | app=c:\program files\cyberlink\magicsports\magicsports.exe | 
"{93D6632F-87EF-4A0B-8157-DF0AF5022810}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BD644DB1-6968-4B70-9488-F8D79368C961}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{CB8294A9-0643-4D51-B762-5691C70011E3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DABAC66D-B6F1-46FD-9275-C200C59B9B59}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E633D061-CBF7-475B-B309-967CBE432718}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{EA06284B-447A-4148-A073-CD8C4EEE4450}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{0E619006-5D6F-426D-951E-715DD148A0A6}C:\users\mama\appdata\roaming\icq\application\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\users\mama\appdata\roaming\icq\application\icq7.4\icq.exe | 
"TCP Query User{1A8ACC1D-BC48-4551-95D9-FA5BCEB3BB36}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 
"TCP Query User{2313DA7D-A825-4C05-B036-99EEE9B61534}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{299D9579-D788-49E2-9407-BBDAE7D046D9}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{41C4E568-EA1F-4B37-9A23-51292BBFB786}C:\users\mama\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\mama\appdata\roaming\icq\application\icq7.5\icq.exe | 
"TCP Query User{551FEE89-ECD7-48D9-8CDA-8758BA1AA22C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{605D3432-68C2-4B24-86D9-713A892ECBDF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{7B612AF5-5069-411C-9767-73B61BDEE6AB}C:\users\papa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=6 | dir=in | app=c:\users\papa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe | 
"TCP Query User{901A1037-09C4-4AC1-B3C6-2167BF512B8E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{A974F9BF-BA5F-4C43-A216-8C54433DA74A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{BC32E07B-FF92-4357-A974-5D46518D60F9}C:\users\papa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=6 | dir=in | app=c:\users\papa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe | 
"TCP Query User{E3064840-D591-4EEB-A9E0-5F0CE054C872}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{ECF6982D-93FC-4A3C-B9D1-68F7CBCE5D72}C:\users\mama\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\mama\appdata\roaming\icq\application\icq7.5\icq.exe | 
"TCP Query User{F110A00F-B1E1-4838-8D85-FFF2DDBB7C49}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{F474C4E3-174F-47A9-9DAC-187FD64BA507}C:\users\mama\appdata\roaming\icq\application\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\users\mama\appdata\roaming\icq\application\icq7.4\icq.exe | 
"UDP Query User{142BDFCC-FBD6-4B8C-8EF5-8F3FFDDC1900}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{1CA95333-4024-4175-A14D-27037E0C124F}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 
"UDP Query User{2020A747-C147-41D1-B92C-61C9F93FE19B}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{21BC193C-CB1A-4AB3-ABBF-1F4993F13776}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{32DC0EC5-227F-4B3C-9334-9CEBF9113804}C:\users\mama\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\mama\appdata\roaming\icq\application\icq7.5\icq.exe | 
"UDP Query User{39FA8390-AC1A-4E59-86F6-3854D6E76F43}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{6381EABB-3E77-407D-97DE-8C47FD2C3319}C:\users\papa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=17 | dir=in | app=c:\users\papa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe | 
"UDP Query User{6E15408B-158D-442E-9B44-56BE5C7B084A}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{75D7CC6B-5149-48F6-A653-6F07029D1291}C:\users\mama\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\mama\appdata\roaming\icq\application\icq7.5\icq.exe | 
"UDP Query User{A8574954-9E35-41A0-9673-FC9FC461D541}C:\users\mama\appdata\roaming\icq\application\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\users\mama\appdata\roaming\icq\application\icq7.4\icq.exe | 
"UDP Query User{E0913647-4007-4062-83D2-A728E8A77D17}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{EC241DCC-3BE4-4EDF-89F4-650C2B2790FC}C:\users\mama\appdata\roaming\icq\application\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\users\mama\appdata\roaming\icq\application\icq7.4\icq.exe | 
"UDP Query User{F20AEC65-F22E-4512-A06A-59176E5EA30E}C:\users\papa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=17 | dir=in | app=c:\users\papa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe | 
"UDP Query User{FB8ED550-4EB6-49BE-8C10-9178F366D923}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{FE80C73E-8CA1-4A2E-8B80-3156D43E5930}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{094C28D2-3FE2-417C-AF0B-425FE891F04A}" = Motorola Phone Tools
"{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5927AF0D-335C-41D6-937B-54587EBD6D2C}" = MagicSports 3.5
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B10D4952-97EA-401D-AF22-930BA7BE2A9B}" = UDISK Accessory
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Creator 9 LE
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}" = TP-LINK Driver Installation Program
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeReader" = Adobe Reader 8
"Aldi Foto Service" = Aldi Foto Service 4.6
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice 2.7
"ALDI Nord Online Druck Service" = ALDI Nord Online Druck Service 4.6
"ALICEDE" = Alice
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5413
"CCleaner" = CCleaner
"CREATOR9" = Creator 9
"DivX Setup.divx.com" = DivX-Setup
"Edco CD-Rom" = Edco CD-Rom
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FirefoxDE" = Firefox
"Flashplayer" = Flash Player 9 Internet Explorer
"Foxit PDF Editor" = Foxit PDF Editor
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GOOGLE_EARTH" = Google Earth
"GoogleBAE" = Google BAE
"GoogleDesktop" = Google Desktop
"GoogleToolbar" = Google Toolbar
"ICQToolbar" = ICQ Toolbar
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0
"LCDTest" = Packard Bell LCD Test
"MagicSports" = Magic Sports
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"McLoad Preinstaller" = McLoad Preinstaller
"METABOLI" = Metaboli
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"N360_2007_DE" = Norton 360
"Picasa 3" = Picasa 3
"Picasa_2" = Picasa2
"SETUPMYPC_DE" = SetUp My PC
"Shockwave" = Shockwave player 10
"SiS VGA Utilities" = SiS VGA Utilities
"SKYPE" = Skype 2.5.2.151
"Updator" = Packard Bell Updator
"VIDEO_SIS" = Video SIS V7.14.10.5053
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 24.09.2011 07:48:27 | Computer Name = Papa-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 24.09.2011 09:17:02 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 24.09.2011 10:16:11 | Computer Name = Papa-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 25.09.2011 04:21:12 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.09.2011 13:39:27 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.09.2011 14:27:15 | Computer Name = Papa-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 25.09.2011 16:29:29 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.09.2011 17:27:59 | Computer Name = Papa-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 25.09.2011 23:08:31 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.09.2011 00:07:44 | Computer Name = Papa-PC | Source = WerSvc | ID = 5007
Description = 
 
[ OSession Events ]
Error - 14.06.2009 13:50:06 | Computer Name = Papa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 150
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 27.10.2010 13:30:15 | Computer Name = Papa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 243
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25.09.2011 13:38:02 | Computer Name = Papa-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 31, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 25.09.2011 13:39:51 | Computer Name = Papa-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 25.09.2011 13:39:58 | Computer Name = Papa-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 25.09.2011 13:39:58 | Computer Name = Papa-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 25.09.2011 16:27:27 | Computer Name = Papa-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 6, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 25.09.2011 16:27:27 | Computer Name = Papa-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 7, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 25.09.2011 16:27:27 | Computer Name = Papa-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 31, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 25.09.2011 23:07:12 | Computer Name = Papa-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 6, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 25.09.2011 23:07:12 | Computer Name = Papa-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 7, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 25.09.2011 23:07:12 | Computer Name = Papa-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 31, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
 
< End of report >
         
--- --- ---
____________________________________________


den 2 OTL Log muss ich noch machen

Alt 27.09.2011, 17:59   #5
Don92
 
roter Bildschirm mit der Warnung "Windows System blockiert" - Standard

roter Bildschirm mit der Warnung "Windows System blockiert"



Ginge es auch, wenn ich die wichtigen Daten auf das Adminkonto rüber ziehe und dann den Benutzer lösche?

Danke im Voraus für Antwort!


Alt 27.09.2011, 19:59   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
roter Bildschirm mit der Warnung "Windows System blockiert" - Standard

roter Bildschirm mit der Warnung "Windows System blockiert"



Ich warte immer noch auf das andere OTL-Log.
Und nein, nur Userprofil löschen/ändern ist nicht genug
__________________
--> roter Bildschirm mit der Warnung "Windows System blockiert"

Alt 27.09.2011, 21:51   #7
Don92
 
roter Bildschirm mit der Warnung "Windows System blockiert" - Standard

roter Bildschirm mit der Warnung "Windows System blockiert"



Ich komme nicht auf das Benutzerkonto kann das Otl nicht machen.
Ist immer noch blockiert.


Alt 27.09.2011, 21:54   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
roter Bildschirm mit der Warnung "Windows System blockiert" - Standard

roter Bildschirm mit der Warnung "Windows System blockiert"



Und wie hast du das andere OTL-Log erstellt? Es müssen ja beide da gewesen sein!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.09.2011, 21:56   #9
Don92
 
roter Bildschirm mit der Warnung "Windows System blockiert" - Standard

roter Bildschirm mit der Warnung "Windows System blockiert"



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.09.2011 07:17:52 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Papa\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 54,35% Memory free
3,72 Gb Paging File | 2,53 Gb Available in Paging File | 68,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,88 Gb Total Space | 62,60 Gb Free Space | 27,84% Space Free | Partition Type: NTFS
 
Computer Name: PAPA-PC | User Name: Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.26 07:15:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Papa\Desktop\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 12:30:22 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008.10.24 12:30:21 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008.07.18 13:47:18 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2007.09.18 16:16:16 | 000,171,464 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2007.09.11 05:18:01 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.07.19 15:32:34 | 001,120,568 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
PRC - [2007.06.27 20:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.27 20:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.06.14 19:02:44 | 000,548,864 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Program Files\SiS VGA Utilities\SiSTray.exe
PRC - [2007.06.12 23:36:04 | 000,102,400 | ---- | M] () -- C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
PRC - [2007.05.10 17:10:00 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.01.11 11:40:22 | 000,232,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2007.01.11 11:40:18 | 000,017,656 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006.11.03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.06.20 14:33:11 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2009.10.15 09:58:55 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll
MOD - [2009.10.15 09:58:34 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll
MOD - [2009.10.15 09:58:22 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll
MOD - [2009.10.15 09:57:08 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll
MOD - [2009.10.15 09:56:55 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll
MOD - [2008.07.27 20:00:17 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.07.16 09:59:32 | 000,007,680 | ---- | M] () -- C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll
MOD - [2007.06.12 23:36:12 | 000,180,224 | ---- | M] () -- C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MediaObj.dll
MOD - [2007.06.12 23:36:06 | 000,208,896 | ---- | M] () -- C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\OptCVw7.dll
MOD - [2007.06.12 23:36:04 | 000,102,400 | ---- | M] () -- C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
MOD - [2007.03.06 11:47:28 | 000,028,672 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\richvideops.dll
MOD - [2007.01.11 11:02:14 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (CLTNetCnService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008.10.24 12:30:22 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008.10.24 12:30:21 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008.02.18 19:35:48 | 000,307,968 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.02.18 05:32:28 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007.09.11 05:18:01 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.05.27 22:53:36 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.05.27 22:53:32 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009.05.27 22:53:28 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008.04.15 12:08:40 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.02.20 14:04:44 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007.06.14 19:03:48 | 000,455,032 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2007.03.05 23:30:32 | 000,695,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.01.24 17:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2007.01.23 11:01:00 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.12.05 12:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google Toolbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yodl.de - die Suchmaschine fr alles!
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: ru@dictionaries.addons.mozilla.org:0.4.4
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:3.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.23 19:52:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.23 19:52:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.09 20:54:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.07 11:29:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{A89AED22-9133-424c-88E7-C8235C5FF302}: C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\
 
[2008.09.10 23:31:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Extensions
[2011.06.25 18:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions
[2011.02.23 22:07:57 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.09.03 11:41:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.12 12:31:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.06.25 18:10:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.02 09:09:20 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.05.09 17:16:08 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011.05.09 17:16:08 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.05.11 21:33:35 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\es-es@dictionaries.addons.mozilla.org
[2011.04.02 09:09:20 | 000,000,000 | ---D | M] (Russian spellchecking dictionary) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\ru@dictionaries.addons.mozilla.org
[2011.09.25 22:33:17 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-13.xml
[2010.10.31 09:21:44 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-14.xml
[2010.12.14 13:15:02 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-15.xml
[2011.03.13 11:14:37 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-16.xml
[2011.03.13 12:15:43 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-17.xml
[2011.05.04 18:45:32 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-18.xml
[2011.05.07 11:34:24 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-19.xml
[2010.01.06 14:43:56 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-2.xml
[2010.02.21 08:03:27 | 000,000,954 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-3.xml
[2010.03.27 22:11:06 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-4.xml
[2010.04.01 22:54:42 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-5.xml
[2010.04.07 18:27:08 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-6.xml
[2010.06.21 18:00:00 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-7.xml
[2010.06.30 18:23:04 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-8.xml
[2010.07.25 09:26:34 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-9.xml
[2010.01.03 15:00:03 | 000,000,944 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin.xml
[2011.08.12 22:32:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007.09.10 19:58:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.11.26 19:09:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.09 18:59:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.31 09:28:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.10 23:24:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.28 18:08:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.08.12 22:32:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.09.09 20:54:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.07 11:28:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.07 11:28:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009.11.26 19:20:36 | 000,001,779 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\clipfish.xml
[2009.11.26 19:20:36 | 000,001,013 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conrad.xml
[2009.11.26 19:20:36 | 000,002,487 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\discount24.xml
[2011.05.07 11:28:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.07 11:28:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.11.26 19:20:36 | 000,001,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\musicload.xml
[2009.11.26 19:20:36 | 000,002,120 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\myvideo.xml
[2009.11.26 19:20:36 | 000,002,023 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\otto.xml
[2009.11.26 19:20:36 | 000,000,758 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\quelle.xml
[2009.11.26 19:20:36 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\telefonbuch-de.xml
[2011.05.07 11:28:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.07 11:28:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2009.11.26 19:20:36 | 000,005,375 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yodl.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: ICQ Search ()
CHR - default_search_provider: search_url = hxxp://search.icq.com/search/results/?q={searchTerms}&ch_id=icq-fx-plug
CHR - default_search_provider: suggest_url = 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SiSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{499B7F63-C7D7-4402-B69B-AC2F8AD194F9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7512AB8-2C12-4B12-BFA3-412341B8FE23}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\php {B14E99E1-E87B-11d4-A698-00C04F4B21F0} - C:\Windows\System32\phpAPP.dll (Guidance bv)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Papa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Papa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ad67788b-dfac-11dc-9d09-001d7d252c69}\Shell - "" = AutoRun
O33 - MountPoints2\{ad67788b-dfac-11dc-9d09-001d7d252c69}\Shell\AutoRun\command - "" = K:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Adobe Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\CYBERL~1\MAGICS~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.26 07:15:08 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Papa\Desktop\OTL.exe
[2011.09.25 22:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.09.25 22:33:52 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Papa\Desktop\esetsmartinstaller_enu.exe
[2011.09.25 20:27:30 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Malwarebytes
[2011.09.25 20:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.25 20:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.25 20:27:15 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.25 20:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.25 20:25:13 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Papa\Desktop\mbam-setup-1.51.2.1300.exe
[2011.09.16 20:28:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.26 07:15:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Papa\Desktop\OTL.exe
[2011.09.26 07:09:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.09.26 07:07:44 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.26 07:07:44 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.26 07:00:02 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.09.26 07:00:01 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job
[2011.09.26 06:40:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.26 05:07:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.26 05:07:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.26 05:07:27 | 1878,581,248 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.25 22:33:53 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Papa\Desktop\esetsmartinstaller_enu.exe
[2011.09.25 20:27:20 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.25 20:25:24 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Papa\Desktop\mbam-setup-1.51.2.1300.exe
[2011.09.21 20:22:29 | 000,497,328 | ---- | M] () -- C:\Users\Papa\Desktop\Rechnung.jpg
[2011.09.20 19:47:07 | 000,088,576 | ---- | M] () -- C:\Users\Papa\Desktop\Untitled Attachment
[2011.09.19 18:55:50 | 000,651,112 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.19 18:55:50 | 000,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.19 18:55:50 | 000,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.19 18:55:49 | 000,120,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.11 18:59:43 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.25 20:27:20 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.21 20:22:29 | 000,497,328 | ---- | C] () -- C:\Users\Papa\Desktop\Rechnung.jpg
[2011.09.20 19:47:06 | 000,088,576 | ---- | C] () -- C:\Users\Papa\Desktop\Untitled Attachment
[2009.08.18 22:32:21 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7010.DAT
[2009.08.18 21:07:05 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008.12.11 21:39:32 | 000,000,680 | ---- | C] () -- C:\Users\Papa\AppData\Local\d3d9caps.dat
[2008.11.17 13:16:55 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.11.17 12:42:29 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini
[2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.05.23 14:30:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.02.20 14:16:14 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.02.18 19:39:02 | 000,055,808 | ---- | C] () -- C:\Users\Papa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.18 19:23:21 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.18 19:11:02 | 000,000,092 | ---- | C] () -- C:\Users\Papa\AppData\Local\fusioncache.dat
[2007.09.11 05:07:09 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.09.11 05:07:08 | 000,651,112 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.09.11 05:07:08 | 000,120,908 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.09.11 05:07:08 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.02.13 09:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,438,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,618,272 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,416 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2002.03.04 11:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll
 
========== LOP Check ==========
 
[2011.05.16 21:22:22 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\ICQ
[2009.11.26 19:20:25 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\McLoad
[2008.02.18 19:55:06 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Packard Bell
[2008.11.17 12:43:46 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\ScanSoft
[2008.02.18 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\TuneUp Software
[2011.09.26 07:00:02 | 000,000,498 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.09.26 07:00:01 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\Erweiterte Garantie.job
[2011.09.26 05:01:25 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.02.21 18:49:27 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Adobe
[2009.12.02 21:24:36 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Ahead
[2008.11.17 13:22:46 | 000,000,000 | R--D | M] -- C:\Users\Papa\AppData\Roaming\Brother
[2008.02.18 19:11:52 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\CyberLink
[2010.08.05 21:00:21 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\DivX
[2009.06.28 15:31:36 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Google
[2011.05.16 21:22:22 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\ICQ
[2008.02.18 19:10:08 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Identities
[2008.02.18 19:19:06 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Macromedia
[2011.09.25 20:27:30 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Malwarebytes
[2009.11.26 19:20:25 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\McLoad
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Media Center Programs
[2011.04.16 13:26:53 | 000,000,000 | --SD | M] -- C:\Users\Papa\AppData\Roaming\Microsoft
[2008.09.10 23:31:20 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Mozilla
[2008.02.18 19:55:06 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Packard Bell
[2008.02.18 19:56:13 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Roxio
[2008.11.17 12:43:46 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\ScanSoft
[2011.09.23 16:17:49 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Skype
[2011.09.23 16:00:22 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\skypePM
[2008.02.18 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Talkback
[2008.02.18 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\TuneUp Software
[2008.05.28 20:57:53 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\WinRAR
[2008.02.20 13:14:07 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2009.11.26 19:20:25 | 000,196,610 | ---- | M] (ThinkLABs-ltd.) -- C:\Users\Papa\AppData\Roaming\McLoad\Uninstall-Mcload.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.20 13:26:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008.02.20 13:26:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.20 13:26:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.20 13:26:52 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.09.11 05:16:53 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2007.09.11 05:16:53 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2007.09.11 05:16:53 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.02.20 14:04:44 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2006.11.02 11:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
 
========== Files - Unicode (All) ==========
[2011.03.28 19:55:44 | 002,737,154 | ---- | M] ()(C:\Users\Papa\Desktop\_???????.tiff) -- C:\Users\Papa\Desktop\_Паспорт.tiff
[2011.03.28 19:55:43 | 002,737,154 | ---- | C] ()(C:\Users\Papa\Desktop\_???????.tiff) -- C:\Users\Papa\Desktop\_Паспорт.tiff
[2011.03.20 15:12:59 | 013,348,972 | ---- | M] ()(C:\Users\Papa\Desktop\_?????????) -- C:\Users\Papa\Desktop\_Документы
[2011.03.20 15:09:28 | 013,348,972 | ---- | C] ()(C:\Users\Papa\Desktop\_?????????) -- C:\Users\Papa\Desktop\_Документы
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\oem\mp] -> Volume{222504cb-de41-11dc-94b9-806e6f6e6963}\ -> Mount Point
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Alex Bewerbung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Papa\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Papa\Documents\My Stationery:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Papa\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Papa\Documents\ICQ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Papa\Documents\Eigene PaperPort-Dokumente:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Papa\Documents\Eigene Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Papa\Documents\Eigene Datenquellen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Papa\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Papa\Desktop\weibert:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Papa\Desktop\Rechnung.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Papa\Desktop\Papas:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Papa\Desktop\MOV01195.MPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Papa\Desktop\Jakob:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Papa\Desktop\Alles mögliche:Roxio EMC Stream

< End of report >
         
--- --- ---

Alt 27.09.2011, 22:06   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
roter Bildschirm mit der Warnung "Windows System blockiert" - Standard

roter Bildschirm mit der Warnung "Windows System blockiert"



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yodl.de - die Suchmaschine fr alles!
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
[2011.02.23 22:07:57 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011.06.12 12:31:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.06.25 18:10:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.09.25 22:33:17 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-13.xml
[2010.10.31 09:21:44 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-14.xml
[2010.12.14 13:15:02 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-15.xml
[2011.03.13 11:14:37 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-16.xml
[2011.03.13 12:15:43 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-17.xml
[2011.05.04 18:45:32 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-18.xml
[2011.05.07 11:34:24 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-19.xml
[2010.01.06 14:43:56 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-2.xml
[2010.02.21 08:03:27 | 000,000,954 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-3.xml
[2010.03.27 22:11:06 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-4.xml
[2010.04.01 22:54:42 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-5.xml
[2010.04.07 18:27:08 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-6.xml
[2010.06.21 18:00:00 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-7.xml
[2010.06.30 18:23:04 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-8.xml
[2010.07.25 09:26:34 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-9.xml
[2010.01.03 15:00:03 | 000,000,944 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin.xml
[2009.11.26 19:09:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
CHR - default_search_provider: ICQ Search ()
CHR - default_search_provider: search_url = http://search.icq.com/search/results/?q={searchTerms}&ch_id=icq-fx-plug
CHR - default_search_provider: suggest_url =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ad67788b-dfac-11dc-9d09-001d7d252c69}\Shell - "" = AutoRun
O33 - MountPoints2\{ad67788b-dfac-11dc-9d09-001d7d252c69}\Shell\AutoRun\command - "" = K:\autorun.exe
O18 - Protocol\Handler\php {B14E99E1-E87B-11d4-A698-00C04F4B21F0} - C:\Windows\System32\phpAPP.dll (Guidance bv)
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.09.2011, 22:38   #11
Don92
 
roter Bildschirm mit der Warnung "Windows System blockiert" - Standard

roter Bildschirm mit der Warnung "Windows System blockiert"



Grad eben ist das Programm OTL abgestürzt musste den PC neu starten aber da sind 2 neue Logs auf dem Desktop

1.


[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799


2.


[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

Alt 27.09.2011, 23:09   #12
Don92
 
roter Bildschirm mit der Warnung "Windows System blockiert" - Standard

roter Bildschirm mit der Warnung "Windows System blockiert"



Jetzt hat es geklappt

Log:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" removed from browser.search.defaulturl
Prefs.js: "chr-greentree_ff&type=827316" removed from browser.search.param.yahoo-fr
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Folder C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\ not found.
Folder C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\ not found.
Folder C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\ not found.
File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-13.xml not found.
File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-14.xml not found.
File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-15.xml not found.
File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-16.xml not found.
File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-17.xml not found.
File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-18.xml not found.
File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-19.xml not found.
File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-2.xml not found.
File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-3.xml not found.
File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-4.xml not found.
File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-5.xml not found.
File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-6.xml not found.
File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-7.xml not found.
File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-8.xml not found.
File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-9.xml not found.
File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin.xml not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
File C:\Program Files\Google\Google_BAE\BAE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad67788b-dfac-11dc-9d09-001d7d252c69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad67788b-dfac-11dc-9d09-001d7d252c69}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad67788b-dfac-11dc-9d09-001d7d252c69}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad67788b-dfac-11dc-9d09-001d7d252c69}\ not found.
File K:\autorun.exe not found.
File C:\Windows\System32\phpAPP.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\php\ not found.
File C:\Windows\System32\phpAPP.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mama
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Papa
->Temp folder emptied: 48931 bytes
->Temporary Internet Files folder emptied: 146863710 bytes
->Java cache emptied: 3975342 bytes
->FireFox cache emptied: 845293165 bytes
->Google Chrome cache emptied: 7640792 bytes
->Flash cache emptied: 157815 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1083899 bytes
RecycleBin emptied: 3284065366 bytes

Total Files Cleaned = 4.090,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 09272011_225416

Files\Folders moved on Reboot...
C:\Windows\temp\JET4A0A.tmp moved successfully.

Registry entries deleted on Reboot...

Alt 27.09.2011, 23:24   #13
Don92
 
roter Bildschirm mit der Warnung "Windows System blockiert" - Standard

roter Bildschirm mit der Warnung "Windows System blockiert"



Ich kann wieder auf den Benutzer zugreifen
Habe gleich ein Quick Scan mit Malewarebytes gemacht.

Malewarebytes Log:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7809

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

27.09.2011 23:19:25
mbam-log-2011-09-27 (23-19-25).txt

Scan type: Quick scan
Objects scanned: 149045
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{01954524-DFE7-5E4C-1BD2-1EF82CDC37A8} (Trojan.ZbotR.Gen) -> Value: {01954524-DFE7-5E4C-1BD2-1EF82CDC37A8} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Trojan.Agent.WIMP) -> Value: NvCplDaemonTool -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Alt 27.09.2011, 23:35   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
roter Bildschirm mit der Warnung "Windows System blockiert" - Standard

roter Bildschirm mit der Warnung "Windows System blockiert"



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.09.2011, 08:02   #15
Don92
 
roter Bildschirm mit der Warnung "Windows System blockiert" - Standard

roter Bildschirm mit der Warnung "Windows System blockiert"



Soll ich Kaspersky auf dem infizierten Benutzerkonto staten?

Antwort

Themen zu roter Bildschirm mit der Warnung "Windows System blockiert"
adminkonto, andere, bildschirm, blockiert, board, eset, funktionier, funktioniert, hilfe virus!, malewarebytes, normale, normalen, problem, roter, roter bildschirm, spende, system, system blockiert, troja, trojaner, warnung, windows, windows system, windows system blockiert



Ähnliche Themen: roter Bildschirm mit der Warnung "Windows System blockiert"


  1. "Achtung! Ihr Windows System wurde blockiert" - Bildschirm nach der Anmeldung
    Log-Analyse und Auswertung - 01.03.2012 (15)
  2. "Windows wird aus Sicherheitsgründen blockiert"Virus blockiert System
    Log-Analyse und Auswertung - 22.12.2011 (4)
  3. schwarzer bildschirm mid dem satz "aus sicherheitsgründen wurde ihr windows system blockiert"
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (9)
  4. Schwarzer Bildschirm mit dem Satz "aus Sicherheitsgründen wurde ihr Windows system blockiert"
    Plagegeister aller Art und deren Bekämpfung - 14.12.2011 (2)
  5. roter Bildschirm "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" Hilfe
    Plagegeister aller Art und deren Bekämpfung - 01.12.2011 (18)
  6. roter Bildschirm "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 24.10.2011 (47)
  7. Roter Bildschirm mit der Warnung:Ihr Windows-System wurde gesperrt!
    Log-Analyse und Auswertung - 07.10.2011 (33)
  8. Roter Bildschirm "Aus Sicherheitsgründen"
    Log-Analyse und Auswertung - 05.10.2011 (7)
  9. Roter bildschirm "Windowssystem geblockt"
    Plagegeister aller Art und deren Bekämpfung - 22.09.2011 (3)
  10. roter Bildschirm "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 21.09.2011 (11)
  11. roter Bildschirm "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Mülltonne - 20.09.2011 (1)
  12. Roter Bildschirm mit einem Fenster "Aus sicherheitsgründen wurde Ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 14.09.2011 (1)
  13. Roter Bildschirm "System blockiert"
    Plagegeister aller Art und deren Bekämpfung - 06.09.2011 (15)
  14. habe auch "Roter Bildschirm: "Ihr System wurde aus Sicherheitsgründen blockiert" "
    Plagegeister aller Art und deren Bekämpfung - 26.08.2011 (3)
  15. Roter Bildschirm: "Ihr System wurde aus Sicherheitsgründen blockiert"
    Plagegeister aller Art und deren Bekämpfung - 21.08.2011 (7)
  16. roter Bildschirm "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 09.08.2011 (1)
  17. Meine OTL.txt zu Nach "Windows Start roter Bildschirm mit komischer Meldung"
    Plagegeister aller Art und deren Bekämpfung - 08.08.2011 (10)

Zum Thema roter Bildschirm mit der Warnung "Windows System blockiert" - Bei mir ist das gleiche Problem wie bei anderen. Ein Trojaner Spendenboard, auf dem normalen Benutzerkonto. Das Adminkonto funktioniert und ich habe Malewarebytes, Eset und OTL durchlaufen lassen. die Logs - roter Bildschirm mit der Warnung "Windows System blockiert"...
Archiv
Du betrachtest: roter Bildschirm mit der Warnung "Windows System blockiert" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.