| |
| |||||||
Log-Analyse und Auswertung: roter Bildschirm mit der Warnung "Windows System blockiert"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
26.09.2011, 08:57
| #1 |
 |  roter Bildschirm mit der Warnung "Windows System blockiert" Bei mir ist das gleiche Problem wie bei anderen. Ein Trojaner Spendenboard, auf dem normalen Benutzerkonto. Das Adminkonto funktioniert und ich habe Malewarebytes, Eset und OTL durchlaufen lassen. die Logs schick ich später zu könnte mir bitte jemand damit helfen, da ich nicht vom Fach bin. Danke im Voraus! |
|
26.09.2011, 12:43
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | roter Bildschirm mit der Warnung "Windows System blockiert"Zitat:
 Zitat:
__________________ |
|
26.09.2011, 12:57
| #3 |
| | roter Bildschirm mit der Warnung "Windows System blockiert" Mit dem Adminkonto war nichts halt nur das andere Benutzerkonto hat das Problem.
__________________Kann die Logs erst nach 17:30 Uhr posten. Bis dann und danke für das, dass du mir hilfst! |
|
26.09.2011, 17:18
| #4 |
| | roter Bildschirm mit der Warnung "Windows System blockiert" Malwarebytes Log: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 7796 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 25.09.2011 22:25:08 mbam-log-2011-09-25 (22-25-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|) Durchsuchte Objekte: 357542 Laufzeit: 1 Stunde(n), 51 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\AdVantage (Adware.Vomba) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\****\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully. _______________________________________ Eset Log: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=49635db9d810264ba225a086ab9a1318 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-25 10:23:28 # local_time=2011-09-26 12:23:28 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6000 NT # compatibility_mode=1792 16777191 100 0 113627766 113627766 0 0 # compatibility_mode=5892 16776573 100 100 540 154515737 0 0 # compatibility_mode=8192 67108863 100 0 141 141 0 0 # scanned=201340 # found=2 # cleaned=0 # scan_time=6399 C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5N3A39T\guhmxvhuhofvguyryui[1].exe a variant of Win32/Kryptik.TDZ trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Mama\AppData\Roaming\Sun\Java\jqs.exe a variant of Win32/Kryptik.TDZ trojan (unable to clean) 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=49635db9d810264ba225a086ab9a1318 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-26 04:59:31 # local_time=2011-09-26 06:59:31 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6000 NT # compatibility_mode=1792 16777191 100 0 113651338 113651338 0 0 # compatibility_mode=5892 16776573 100 100 127 154539309 0 0 # compatibility_mode=8192 67108863 100 0 23713 23713 0 0 # scanned=201352 # found=2 # cleaned=0 # scan_time=6590 C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5N3A39T\guhmxvhuhofvguyryui[1].exe a variant of Win32/Kryptik.TDZ trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\****\AppData\Roaming\Sun\Java\jqs.exe a variant of Win32/Kryptik.TDZ trojan (unable to clean) 00000000000000000000000000000000 I _________________________________________________ OTL Log 1:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.09.2011 07:17:52 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Papa\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 54,35% Memory free
3,72 Gb Paging File | 2,53 Gb Available in Paging File | 68,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,88 Gb Total Space | 62,60 Gb Free Space | 27,84% Space Free | Partition Type: NTFS
Computer Name: PAPA-PC | User Name: Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0959DA97-F872-42FB-A941-655503BEBBF3}" = rport=445 | protocol=6 | dir=out | app=system |
"{40E14298-65BC-4144-A0FD-354A7E1D7AA9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{48E62159-4B8B-4B22-81D9-3912A5B5344E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6A221522-97FA-4677-88A3-E8CBBDB65ABF}" = lport=445 | protocol=6 | dir=in | app=system |
"{8EDA3378-1763-4DDB-98A0-F001514E229C}" = lport=137 | protocol=17 | dir=in | app=system |
"{A1167535-373E-4893-8139-91487C4B5B82}" = rport=138 | protocol=17 | dir=out | app=system |
"{B0ABF331-BF0E-4F30-A489-14075A232EDB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D2C22E33-C8D4-4DF8-9014-665993F74D68}" = rport=137 | protocol=17 | dir=out | app=system |
"{D44EEDBA-3ABD-44BC-9972-2B5A7B6A6039}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D61D1059-1DD5-4C17-8208-EB2DABFF8985}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D6D40510-B7B5-4D71-88CE-E2D76D19B95B}" = lport=138 | protocol=17 | dir=in | app=system |
"{D91EC34C-2B45-47F7-AD82-8510FB31C7E1}" = rport=139 | protocol=6 | dir=out | app=system |
"{ED6B8C7A-85CF-4D63-8970-14C52CC6608B}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D62A27-962A-4A6F-BD86-290E243F3C92}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0FEC750B-90E4-4B83-8694-3A1DB388C448}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{13E02943-F973-4142-A46B-EC21221C763D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{246CCB5D-850A-4B2F-A454-1FCB45C207E4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{444DEB3C-24A2-4D8D-925D-D7EEFFDCC144}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{4FC75546-37C1-4529-95E7-06A1B73BE636}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{65FBB6FC-5560-4826-B339-9D654E261E4E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7626DAB2-8DB9-4C4E-AA8F-18D00C9D0794}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7C1CFE58-0B6B-40C6-9D6A-C550E020A9F6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{82343093-A8ED-4407-9105-2F07E33688AE}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{8BB424CD-E908-4F57-9F39-207138FE02C3}" = dir=in | app=c:\program files\cyberlink\magicsports\magicsports.exe |
"{93D6632F-87EF-4A0B-8157-DF0AF5022810}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BD644DB1-6968-4B70-9488-F8D79368C961}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CB8294A9-0643-4D51-B762-5691C70011E3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DABAC66D-B6F1-46FD-9275-C200C59B9B59}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{E633D061-CBF7-475B-B309-967CBE432718}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{EA06284B-447A-4148-A073-CD8C4EEE4450}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{0E619006-5D6F-426D-951E-715DD148A0A6}C:\users\mama\appdata\roaming\icq\application\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\users\mama\appdata\roaming\icq\application\icq7.4\icq.exe |
"TCP Query User{1A8ACC1D-BC48-4551-95D9-FA5BCEB3BB36}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe |
"TCP Query User{2313DA7D-A825-4C05-B036-99EEE9B61534}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{299D9579-D788-49E2-9407-BBDAE7D046D9}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{41C4E568-EA1F-4B37-9A23-51292BBFB786}C:\users\mama\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\mama\appdata\roaming\icq\application\icq7.5\icq.exe |
"TCP Query User{551FEE89-ECD7-48D9-8CDA-8758BA1AA22C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{605D3432-68C2-4B24-86D9-713A892ECBDF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{7B612AF5-5069-411C-9767-73B61BDEE6AB}C:\users\papa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=6 | dir=in | app=c:\users\papa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe |
"TCP Query User{901A1037-09C4-4AC1-B3C6-2167BF512B8E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{A974F9BF-BA5F-4C43-A216-8C54433DA74A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{BC32E07B-FF92-4357-A974-5D46518D60F9}C:\users\papa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=6 | dir=in | app=c:\users\papa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe |
"TCP Query User{E3064840-D591-4EEB-A9E0-5F0CE054C872}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{ECF6982D-93FC-4A3C-B9D1-68F7CBCE5D72}C:\users\mama\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\mama\appdata\roaming\icq\application\icq7.5\icq.exe |
"TCP Query User{F110A00F-B1E1-4838-8D85-FFF2DDBB7C49}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F474C4E3-174F-47A9-9DAC-187FD64BA507}C:\users\mama\appdata\roaming\icq\application\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\users\mama\appdata\roaming\icq\application\icq7.4\icq.exe |
"UDP Query User{142BDFCC-FBD6-4B8C-8EF5-8F3FFDDC1900}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{1CA95333-4024-4175-A14D-27037E0C124F}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe |
"UDP Query User{2020A747-C147-41D1-B92C-61C9F93FE19B}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{21BC193C-CB1A-4AB3-ABBF-1F4993F13776}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{32DC0EC5-227F-4B3C-9334-9CEBF9113804}C:\users\mama\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\mama\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{39FA8390-AC1A-4E59-86F6-3854D6E76F43}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{6381EABB-3E77-407D-97DE-8C47FD2C3319}C:\users\papa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=17 | dir=in | app=c:\users\papa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe |
"UDP Query User{6E15408B-158D-442E-9B44-56BE5C7B084A}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{75D7CC6B-5149-48F6-A653-6F07029D1291}C:\users\mama\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\mama\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{A8574954-9E35-41A0-9673-FC9FC461D541}C:\users\mama\appdata\roaming\icq\application\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\users\mama\appdata\roaming\icq\application\icq7.4\icq.exe |
"UDP Query User{E0913647-4007-4062-83D2-A728E8A77D17}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{EC241DCC-3BE4-4EDF-89F4-650C2B2790FC}C:\users\mama\appdata\roaming\icq\application\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\users\mama\appdata\roaming\icq\application\icq7.4\icq.exe |
"UDP Query User{F20AEC65-F22E-4512-A06A-59176E5EA30E}C:\users\papa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=17 | dir=in | app=c:\users\papa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe |
"UDP Query User{FB8ED550-4EB6-49BE-8C10-9178F366D923}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{FE80C73E-8CA1-4A2E-8B80-3156D43E5930}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{094C28D2-3FE2-417C-AF0B-425FE891F04A}" = Motorola Phone Tools
"{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5927AF0D-335C-41D6-937B-54587EBD6D2C}" = MagicSports 3.5
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B10D4952-97EA-401D-AF22-930BA7BE2A9B}" = UDISK Accessory
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Creator 9 LE
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}" = TP-LINK Driver Installation Program
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeReader" = Adobe Reader 8
"Aldi Foto Service" = Aldi Foto Service 4.6
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice 2.7
"ALDI Nord Online Druck Service" = ALDI Nord Online Druck Service 4.6
"ALICEDE" = Alice
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5413
"CCleaner" = CCleaner
"CREATOR9" = Creator 9
"DivX Setup.divx.com" = DivX-Setup
"Edco CD-Rom" = Edco CD-Rom
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FirefoxDE" = Firefox
"Flashplayer" = Flash Player 9 Internet Explorer
"Foxit PDF Editor" = Foxit PDF Editor
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GOOGLE_EARTH" = Google Earth
"GoogleBAE" = Google BAE
"GoogleDesktop" = Google Desktop
"GoogleToolbar" = Google Toolbar
"ICQToolbar" = ICQ Toolbar
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0
"LCDTest" = Packard Bell LCD Test
"MagicSports" = Magic Sports
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"McLoad Preinstaller" = McLoad Preinstaller
"METABOLI" = Metaboli
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"N360_2007_DE" = Norton 360
"Picasa 3" = Picasa 3
"Picasa_2" = Picasa2
"SETUPMYPC_DE" = SetUp My PC
"Shockwave" = Shockwave player 10
"SiS VGA Utilities" = SiS VGA Utilities
"SKYPE" = Skype 2.5.2.151
"Updator" = Packard Bell Updator
"VIDEO_SIS" = Video SIS V7.14.10.5053
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.09.2011 07:48:27 | Computer Name = Papa-PC | Source = WerSvc | ID = 5007
Description =
Error - 24.09.2011 09:17:02 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.09.2011 10:16:11 | Computer Name = Papa-PC | Source = WerSvc | ID = 5007
Description =
Error - 25.09.2011 04:21:12 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2011 13:39:27 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2011 14:27:15 | Computer Name = Papa-PC | Source = WerSvc | ID = 5007
Description =
Error - 25.09.2011 16:29:29 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2011 17:27:59 | Computer Name = Papa-PC | Source = WerSvc | ID = 5007
Description =
Error - 25.09.2011 23:08:31 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.09.2011 00:07:44 | Computer Name = Papa-PC | Source = WerSvc | ID = 5007
Description =
[ OSession Events ]
Error - 14.06.2009 13:50:06 | Computer Name = Papa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 150
seconds with 120 seconds of active time. This session ended with a crash.
Error - 27.10.2010 13:30:15 | Computer Name = Papa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 243
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 25.09.2011 13:38:02 | Computer Name = Papa-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
31, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 25.09.2011 13:39:51 | Computer Name = Papa-PC | Source = DCOM | ID = 10010
Description =
Error - 25.09.2011 13:39:58 | Computer Name = Papa-PC | Source = DCOM | ID = 10010
Description =
Error - 25.09.2011 13:39:58 | Computer Name = Papa-PC | Source = DCOM | ID = 10010
Description =
Error - 25.09.2011 16:27:27 | Computer Name = Papa-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
6, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 25.09.2011 16:27:27 | Computer Name = Papa-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
7, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 25.09.2011 16:27:27 | Computer Name = Papa-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
31, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 25.09.2011 23:07:12 | Computer Name = Papa-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
6, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 25.09.2011 23:07:12 | Computer Name = Papa-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
7, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 25.09.2011 23:07:12 | Computer Name = Papa-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
31, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
< End of report >
____________________________________________ den 2 OTL Log muss ich noch machen |
|
27.09.2011, 16:59
| #5 |
| | roter Bildschirm mit der Warnung "Windows System blockiert" Ginge es auch, wenn ich die wichtigen Daten auf das Adminkonto rüber ziehe und dann den Benutzer lösche? Danke im Voraus für Antwort! |
|
27.09.2011, 18:59
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | roter Bildschirm mit der Warnung "Windows System blockiert" Ich warte immer noch auf das andere OTL-Log. Und nein, nur Userprofil löschen/ändern ist nicht genug
__________________ --> roter Bildschirm mit der Warnung "Windows System blockiert" |
|
27.09.2011, 20:51
| #7 |
| | roter Bildschirm mit der Warnung "Windows System blockiert" Ich komme nicht auf das Benutzerkonto kann das Otl nicht machen. Ist immer noch blockiert.  |
|
27.09.2011, 20:54
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | roter Bildschirm mit der Warnung "Windows System blockiert" Und wie hast du das andere OTL-Log erstellt? Es müssen ja beide da gewesen sein!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.09.2011, 20:56
| #9 |
| | roter Bildschirm mit der Warnung "Windows System blockiert" OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.09.2011 07:17:52 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Papa\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 54,35% Memory free 3,72 Gb Paging File | 2,53 Gb Available in Paging File | 68,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 224,88 Gb Total Space | 62,60 Gb Free Space | 27,84% Space Free | Partition Type: NTFS Computer Name: PAPA-PC | User Name: Papa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.26 07:15:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Papa\Desktop\OTL.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.24 12:30:22 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe PRC - [2008.10.24 12:30:21 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe PRC - [2008.07.18 13:47:18 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe PRC - [2007.09.18 16:16:16 | 000,171,464 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe PRC - [2007.09.11 05:18:01 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.07.19 15:32:34 | 001,120,568 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe PRC - [2007.06.27 20:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007.06.27 20:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2007.06.14 19:02:44 | 000,548,864 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Program Files\SiS VGA Utilities\SiSTray.exe PRC - [2007.06.12 23:36:04 | 000,102,400 | ---- | M] () -- C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe PRC - [2007.05.10 17:10:00 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.01.11 11:40:22 | 000,232,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe PRC - [2007.01.11 11:40:18 | 000,017,656 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe PRC - [2006.11.03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe ========== Modules (No Company Name) ========== MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2010.06.20 14:33:11 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll MOD - [2009.10.15 09:58:55 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll MOD - [2009.10.15 09:58:34 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll MOD - [2009.10.15 09:58:22 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll MOD - [2009.10.15 09:57:08 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll MOD - [2009.10.15 09:56:55 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll MOD - [2008.07.27 20:00:17 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.07.16 09:59:32 | 000,007,680 | ---- | M] () -- C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll MOD - [2007.06.12 23:36:12 | 000,180,224 | ---- | M] () -- C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MediaObj.dll MOD - [2007.06.12 23:36:06 | 000,208,896 | ---- | M] () -- C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\OptCVw7.dll MOD - [2007.06.12 23:36:04 | 000,102,400 | ---- | M] () -- C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe MOD - [2007.03.06 11:47:28 | 000,028,672 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\richvideops.dll MOD - [2007.01.11 11:02:14 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2008.10.24 12:30:22 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2008.10.24 12:30:21 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2008.02.18 19:35:48 | 000,307,968 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2008.02.18 05:32:28 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2007.09.11 05:18:01 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009.05.27 22:53:36 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.05.27 22:53:32 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2009.05.27 22:53:28 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2008.04.15 12:08:40 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.02.20 14:04:44 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2007.06.14 19:03:48 | 000,455,032 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350) DRV - [2007.03.05 23:30:32 | 000,695,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.01.24 17:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SISAGPX.sys -- (SISAGP) DRV - [2007.01.23 11:01:00 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.12.05 12:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yodl.de - die Suchmaschine fr alles! IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: ru@dictionaries.addons.mozilla.org:0.4.4 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:3.0.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.23 19:52:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.23 19:52:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.09 20:54:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.07 11:29:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{A89AED22-9133-424c-88E7-C8235C5FF302}: C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\ [2008.09.10 23:31:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Extensions [2011.06.25 18:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions [2011.02.23 22:07:57 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009.09.03 11:41:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.12 12:31:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.06.25 18:10:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.04.02 09:09:20 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.05.09 17:16:08 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\en-GB@dictionaries.addons.mozilla.org [2011.05.09 17:16:08 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\en-US@dictionaries.addons.mozilla.org [2011.05.11 21:33:35 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\es-es@dictionaries.addons.mozilla.org [2011.04.02 09:09:20 | 000,000,000 | ---D | M] (Russian spellchecking dictionary) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\ru@dictionaries.addons.mozilla.org [2011.09.25 22:33:17 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-13.xml [2010.10.31 09:21:44 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-14.xml [2010.12.14 13:15:02 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-15.xml [2011.03.13 11:14:37 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-16.xml [2011.03.13 12:15:43 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-17.xml [2011.05.04 18:45:32 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-18.xml [2011.05.07 11:34:24 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-19.xml [2010.01.06 14:43:56 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-2.xml [2010.02.21 08:03:27 | 000,000,954 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-3.xml [2010.03.27 22:11:06 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-4.xml [2010.04.01 22:54:42 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-5.xml [2010.04.07 18:27:08 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-6.xml [2010.06.21 18:00:00 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-7.xml [2010.06.30 18:23:04 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-8.xml [2010.07.25 09:26:34 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-9.xml [2010.01.03 15:00:03 | 000,000,944 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin.xml [2011.08.12 22:32:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2007.09.10 19:58:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.11.26 19:09:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.07.09 18:59:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.31 09:28:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.10 23:24:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.28 18:08:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.08.12 22:32:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.09.09 20:54:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.05.07 11:28:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.07 11:28:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2009.11.26 19:20:36 | 000,001,779 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\clipfish.xml [2009.11.26 19:20:36 | 000,001,013 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conrad.xml [2009.11.26 19:20:36 | 000,002,487 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\discount24.xml [2011.05.07 11:28:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.07 11:28:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.11.26 19:20:36 | 000,001,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\musicload.xml [2009.11.26 19:20:36 | 000,002,120 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\myvideo.xml [2009.11.26 19:20:36 | 000,002,023 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\otto.xml [2009.11.26 19:20:36 | 000,000,758 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\quelle.xml [2009.11.26 19:20:36 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\telefonbuch-de.xml [2011.05.07 11:28:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.07 11:28:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml [2009.11.26 19:20:36 | 000,005,375 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yodl.xml ========== Chrome ========== CHR - default_search_provider: ICQ Search () CHR - default_search_provider: search_url = hxxp://search.icq.com/search/results/?q={searchTerms}&ch_id=icq-fx-plug CHR - default_search_provider: suggest_url = O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SiSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKCU..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{499B7F63-C7D7-4402-B69B-AC2F8AD194F9}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7512AB8-2C12-4B12-BFA3-412341B8FE23}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\php {B14E99E1-E87B-11d4-A698-00C04F4B21F0} - C:\Windows\System32\phpAPP.dll (Guidance bv) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Papa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Papa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ad67788b-dfac-11dc-9d09-001d7d252c69}\Shell - "" = AutoRun O33 - MountPoints2\{ad67788b-dfac-11dc-9d09-001d7d252c69}\Shell\AutoRun\command - "" = K:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Adobe Shockwave Director 10.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\CYBERL~1\MAGICS~1\Kernel\Burner\MKDMP3Enc.ACM File not found Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.26 07:15:08 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Papa\Desktop\OTL.exe [2011.09.25 22:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.09.25 22:33:52 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Papa\Desktop\esetsmartinstaller_enu.exe [2011.09.25 20:27:30 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Malwarebytes [2011.09.25 20:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.25 20:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.25 20:27:15 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.09.25 20:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.09.25 20:25:13 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Papa\Desktop\mbam-setup-1.51.2.1300.exe [2011.09.16 20:28:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.26 07:15:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Papa\Desktop\OTL.exe [2011.09.26 07:09:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.09.26 07:07:44 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.26 07:07:44 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.26 07:00:02 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2011.09.26 07:00:01 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job [2011.09.26 06:40:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.26 05:07:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.26 05:07:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.26 05:07:27 | 1878,581,248 | -HS- | M] () -- C:\hiberfil.sys [2011.09.25 22:33:53 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Papa\Desktop\esetsmartinstaller_enu.exe [2011.09.25 20:27:20 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.25 20:25:24 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Papa\Desktop\mbam-setup-1.51.2.1300.exe [2011.09.21 20:22:29 | 000,497,328 | ---- | M] () -- C:\Users\Papa\Desktop\Rechnung.jpg [2011.09.20 19:47:07 | 000,088,576 | ---- | M] () -- C:\Users\Papa\Desktop\Untitled Attachment [2011.09.19 18:55:50 | 000,651,112 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.19 18:55:50 | 000,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.19 18:55:50 | 000,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.19 18:55:49 | 000,120,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.11 18:59:43 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.25 20:27:20 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.21 20:22:29 | 000,497,328 | ---- | C] () -- C:\Users\Papa\Desktop\Rechnung.jpg [2011.09.20 19:47:06 | 000,088,576 | ---- | C] () -- C:\Users\Papa\Desktop\Untitled Attachment [2009.08.18 22:32:21 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7010.DAT [2009.08.18 21:07:05 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2008.12.11 21:39:32 | 000,000,680 | ---- | C] () -- C:\Users\Papa\AppData\Local\d3d9caps.dat [2008.11.17 13:16:55 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2008.11.17 12:42:29 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini [2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.05.23 14:30:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.02.20 14:16:14 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.02.18 19:39:02 | 000,055,808 | ---- | C] () -- C:\Users\Papa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.18 19:23:21 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.02.18 19:11:02 | 000,000,092 | ---- | C] () -- C:\Users\Papa\AppData\Local\fusioncache.dat [2007.09.11 05:07:09 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2007.09.11 05:07:08 | 000,651,112 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2007.09.11 05:07:08 | 000,120,908 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2007.09.11 05:07:08 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.02.13 09:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,438,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,618,272 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,416 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2002.03.04 11:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll ========== LOP Check ========== [2011.05.16 21:22:22 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\ICQ [2009.11.26 19:20:25 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\McLoad [2008.02.18 19:55:06 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Packard Bell [2008.11.17 12:43:46 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\ScanSoft [2008.02.18 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\TuneUp Software [2011.09.26 07:00:02 | 000,000,498 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2011.09.26 07:00:01 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\Erweiterte Garantie.job [2011.09.26 05:01:25 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.02.21 18:49:27 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Adobe [2009.12.02 21:24:36 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Ahead [2008.11.17 13:22:46 | 000,000,000 | R--D | M] -- C:\Users\Papa\AppData\Roaming\Brother [2008.02.18 19:11:52 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\CyberLink [2010.08.05 21:00:21 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\DivX [2009.06.28 15:31:36 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Google [2011.05.16 21:22:22 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\ICQ [2008.02.18 19:10:08 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Identities [2008.02.18 19:19:06 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Macromedia [2011.09.25 20:27:30 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Malwarebytes [2009.11.26 19:20:25 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\McLoad [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Media Center Programs [2011.04.16 13:26:53 | 000,000,000 | --SD | M] -- C:\Users\Papa\AppData\Roaming\Microsoft [2008.09.10 23:31:20 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Mozilla [2008.02.18 19:55:06 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Packard Bell [2008.02.18 19:56:13 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Roxio [2008.11.17 12:43:46 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\ScanSoft [2011.09.23 16:17:49 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Skype [2011.09.23 16:00:22 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\skypePM [2008.02.18 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Talkback [2008.02.18 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\TuneUp Software [2008.05.28 20:57:53 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\WinRAR [2008.02.20 13:14:07 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2009.11.26 19:20:25 | 000,196,610 | ---- | M] (ThinkLABs-ltd.) -- C:\Users\Papa\AppData\Roaming\McLoad\Uninstall-Mcload.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.20 13:26:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys [2008.02.20 13:26:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.20 13:26:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.20 13:26:52 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll < MD5 for: USER32.DLL > [2007.09.11 05:16:53 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2007.09.11 05:16:53 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2007.09.11 05:16:53 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.02.20 14:04:44 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2006.11.02 11:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll ========== Files - Unicode (All) ========== [2011.03.28 19:55:44 | 002,737,154 | ---- | M] ()(C:\Users\Papa\Desktop\_???????.tiff) -- C:\Users\Papa\Desktop\_Паспорт.tiff [2011.03.28 19:55:43 | 002,737,154 | ---- | C] ()(C:\Users\Papa\Desktop\_???????.tiff) -- C:\Users\Papa\Desktop\_Паспорт.tiff [2011.03.20 15:12:59 | 013,348,972 | ---- | M] ()(C:\Users\Papa\Desktop\_?????????) -- C:\Users\Papa\Desktop\_Документы [2011.03.20 15:09:28 | 013,348,972 | ---- | C] ()(C:\Users\Papa\Desktop\_?????????) -- C:\Users\Papa\Desktop\_Документы ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\oem\mp] -> Volume{222504cb-de41-11dc-94b9-806e6f6e6963}\ -> Mount Point ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Alex Bewerbung:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Papa\Documents\Updater5:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Papa\Documents\My Stationery:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Papa\Documents\Meine empfangenen Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Papa\Documents\ICQ:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Papa\Documents\Eigene PaperPort-Dokumente:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Papa\Documents\Eigene Google Gadgets:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Papa\Documents\Eigene Datenquellen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Papa\Documents\Downloads:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Papa\Desktop\weibert:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Papa\Desktop\Rechnung.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Papa\Desktop\Papas:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Papa\Desktop\MOV01195.MPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Papa\Desktop\Jakob:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Papa\Desktop\Alles mögliche:Roxio EMC Stream < End of report > |
|
27.09.2011, 21:06
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | roter Bildschirm mit der Warnung "Windows System blockiert" Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yodl.de - die Suchmaschine fr alles!
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
[2011.02.23 22:07:57 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011.06.12 12:31:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.06.25 18:10:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.09.25 22:33:17 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-13.xml
[2010.10.31 09:21:44 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-14.xml
[2010.12.14 13:15:02 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-15.xml
[2011.03.13 11:14:37 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-16.xml
[2011.03.13 12:15:43 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-17.xml
[2011.05.04 18:45:32 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-18.xml
[2011.05.07 11:34:24 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-19.xml
[2010.01.06 14:43:56 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-2.xml
[2010.02.21 08:03:27 | 000,000,954 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-3.xml
[2010.03.27 22:11:06 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-4.xml
[2010.04.01 22:54:42 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-5.xml
[2010.04.07 18:27:08 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-6.xml
[2010.06.21 18:00:00 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-7.xml
[2010.06.30 18:23:04 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-8.xml
[2010.07.25 09:26:34 | 000,000,943 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-9.xml
[2010.01.03 15:00:03 | 000,000,944 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin.xml
[2009.11.26 19:09:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
CHR - default_search_provider: ICQ Search ()
CHR - default_search_provider: search_url = http://search.icq.com/search/results/?q={searchTerms}&ch_id=icq-fx-plug
CHR - default_search_provider: suggest_url =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ad67788b-dfac-11dc-9d09-001d7d252c69}\Shell - "" = AutoRun
O33 - MountPoints2\{ad67788b-dfac-11dc-9d09-001d7d252c69}\Shell\AutoRun\command - "" = K:\autorun.exe
O18 - Protocol\Handler\php {B14E99E1-E87B-11d4-A698-00C04F4B21F0} - C:\Windows\System32\phpAPP.dll (Guidance bv)
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.09.2011, 21:38
| #11 |
| | roter Bildschirm mit der Warnung "Windows System blockiert" Grad eben ist das Programm OTL abgestürzt musste den PC neu starten aber da sind 2 neue Logs auf dem Desktop 1. [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799 2. [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769 IconResource=%SystemRoot%\system32\imageres.dll,-183 |
|
27.09.2011, 22:09
| #12 |
| | roter Bildschirm mit der Warnung "Windows System blockiert" Jetzt hat es geklappt  Log: All processes killed ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found. Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" removed from browser.search.defaulturl Prefs.js: "chr-greentree_ff&type=827316" removed from browser.search.param.yahoo-fr Prefs.js: "ICQ Search" removed from browser.search.selectedEngine Prefs.js: true removed from browser.search.useDBForOrder Folder C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\ not found. Folder C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\ not found. Folder C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\0x5j975u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\ not found. File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-13.xml not found. File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-14.xml not found. File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-15.xml not found. File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-16.xml not found. File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-17.xml not found. File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-18.xml not found. File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-19.xml not found. File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-2.xml not found. File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-3.xml not found. File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-4.xml not found. File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-5.xml not found. File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-6.xml not found. File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-7.xml not found. File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-8.xml not found. File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin-9.xml not found. File C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\searchplugins\icqplugin.xml not found. Folder C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found. Unable to fix default_search_provider items. Unable to fix default_search_provider items. Unable to fix default_search_provider items. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found. File C:\Program Files\Google\Google_BAE\BAE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found. File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File C:\autoexec.bat not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad67788b-dfac-11dc-9d09-001d7d252c69}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad67788b-dfac-11dc-9d09-001d7d252c69}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad67788b-dfac-11dc-9d09-001d7d252c69}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad67788b-dfac-11dc-9d09-001d7d252c69}\ not found. File K:\autorun.exe not found. File C:\Windows\System32\phpAPP.dll not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\php\ not found. File C:\Windows\System32\phpAPP.dll not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mama ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Papa ->Temp folder emptied: 48931 bytes ->Temporary Internet Files folder emptied: 146863710 bytes ->Java cache emptied: 3975342 bytes ->FireFox cache emptied: 845293165 bytes ->Google Chrome cache emptied: 7640792 bytes ->Flash cache emptied: 157815 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1083899 bytes RecycleBin emptied: 3284065366 bytes Total Files Cleaned = 4.090,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.29.1 log created on 09272011_225416 Files\Folders moved on Reboot... C:\Windows\temp\JET4A0A.tmp moved successfully. Registry entries deleted on Reboot... |
|
27.09.2011, 22:24
| #13 |
| | roter Bildschirm mit der Warnung "Windows System blockiert" Ich kann wieder auf den Benutzer zugreifen  Habe gleich ein Quick Scan mit Malewarebytes gemacht. Malewarebytes Log: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7809 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 27.09.2011 23:19:25 mbam-log-2011-09-27 (23-19-25).txt Scan type: Quick scan Objects scanned: 149045 Time elapsed: 5 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{01954524-DFE7-5E4C-1BD2-1EF82CDC37A8} (Trojan.ZbotR.Gen) -> Value: {01954524-DFE7-5E4C-1BD2-1EF82CDC37A8} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Trojan.Agent.WIMP) -> Value: NvCplDaemonTool -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
27.09.2011, 22:35
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | roter Bildschirm mit der Warnung "Windows System blockiert" Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2011, 07:02
| #15 |
| | roter Bildschirm mit der Warnung "Windows System blockiert" Soll ich Kaspersky auf dem infizierten Benutzerkonto staten? |
|
| Themen zu roter Bildschirm mit der Warnung "Windows System blockiert" |
| adminkonto, andere, bildschirm, blockiert, board, eset, funktionier, funktioniert, hilfe virus!, malewarebytes, normale, normalen, problem, roter, roter bildschirm, spende, system, system blockiert, troja, trojaner, warnung, windows, windows system, windows system blockiert |
Linear-Darstellung
