Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.12.2011, 11:15   #1
tafciam
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"



Hallo ihr Lieben,
ich habe mir wohl was eingefangen.

Nach einer Weile wird bei meinem Laptop (Windows Vista) der Bildschirm schwarz und es erscheint ein Fenster, mein Windowssystem wäre aus Sicherheitsgründen blockiert und ich solle bezahlen, damit es wieder freigeschaltet wird.
Dieses Problem haben wohl außer mir noch andere, also hoffe ich, dass ihr mir helfen könnt.

Ich habe wirklich keine Ahnung von sowas, also wären idiotensichere Anweisungen echt klasse. =)
Gibt es einen Weg das "Ding" zu entfernen, ohne dass alle meine Daten verloren gehen?

Bitte seid nachsichtig mit einer unwissenden Idiotin wie mir. =)
Tausend Dank schonmal im Voraus!

Alt 28.12.2011, 12:06   #2
markusg
/// Malware-holic
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"



hi,
pc neustarten, f8 drücken abgesicherter modus mit netzwerk wählen, dort solltest du inet haben.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 28.12.2011, 15:26   #3
tafciam
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"



Ganz herzlichen Dank für die schnelle Antwort! =)

Stimmt das so?

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.12.2011 15:47:36 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 83,42% Memory free
6,19 Gb Paging File | 5,87 Gb Available in Paging File | 94,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,46 Gb Total Space | 186,23 Gb Free Space | 64,79% Space Free | Partition Type: NTFS
Drive D: | 10,63 Gb Total Space | 1,79 Gb Free Space | 16,87% Space Free | Partition Type: NTFS
Drive E: | 6,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\19EBA\lvvm.exe ()
PRC - C:\Users\***\AppData\Roaming\07519\A7087.exe ()
PRC - C:\Programme\LP\8730\38B.exe ()
PRC - C:\Programme\Lavasoft\Ad-Aware\AWSC.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\19EBA\lvvm.exe ()
MOD - C:\Users\***\AppData\Roaming\07519\A7087.exe ()
MOD - C:\Programme\LP\8730\38B.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Norton Internet Security) --  File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Recovery Service for Windows) -- C:\Programme\SMINST\BLService.exe ()
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54869
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.10 19:56:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.10 10:21:48 | 000,000,000 | ---D | M]
 
[2009.06.20 18:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.12.24 12:11:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d63zfvki.default\extensions
[2010.10.08 14:57:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d63zfvki.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.19 21:58:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d63zfvki.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.25 15:26:30 | 000,000,000 | ---D | M] (Personas) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d63zfvki.default\extensions\personas@christopher.beard
[2011.12.19 18:44:17 | 000,000,933 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\11-suche.xml
[2011.12.19 18:44:17 | 000,002,419 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 18:44:17 | 000,010,525 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\gmx-suche.xml
[2011.12.27 03:05:47 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-1.xml
[2011.05.04 15:50:34 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-10.xml
[2011.05.27 15:33:35 | 000,000,656 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-11.xml
[2011.06.26 14:19:24 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-12.xml
[2011.07.27 12:20:31 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-13.xml
[2011.08.19 22:10:06 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-14.xml
[2011.08.20 22:42:20 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-15.xml
[2011.08.26 18:05:03 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-16.xml
[2011.09.03 10:24:07 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-17.xml
[2011.09.10 09:42:07 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-18.xml
[2011.10.02 14:07:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-19.xml
[2009.12.17 21:09:21 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-2.xml
[2011.10.09 18:52:14 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-20.xml
[2011.11.10 19:56:41 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-21.xml
[2011.11.14 19:26:29 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-22.xml
[2010.01.08 11:30:41 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-3.xml
[2010.02.21 12:30:43 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-4.xml
[2010.04.01 17:02:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-5.xml
[2011.03.04 15:05:22 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-6.xml
[2011.03.06 21:27:50 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-7.xml
[2011.03.24 20:30:06 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-8.xml
[2011.05.01 17:24:16 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-9.xml
[2011.12.18 13:29:14 | 000,000,168 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin.gif
[2011.12.18 13:29:14 | 000,000,618 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin.src
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin.xml
[2011.12.19 18:44:17 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\lastminute.xml
[2011.12.19 18:44:17 | 000,005,508 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\webde-suche.xml
[2011.11.10 19:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.09.17 18:43:45 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D63ZFVKI.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.11.10 19:56:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 16:06:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 16:06:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.03 16:06:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 16:06:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 16:06:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 16:06:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [38B.exe] C:\Programme\LP\8730\38B.exe ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [38B.exe] C:\Users\***\AppData\Roaming\Microsoft\8730\38B.exe ()
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [dxpctf] C:\ProgramData\dxpctf.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [iexploer.exe] C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe ()
O4 - HKCU..\Run: [Microsoft® Windows Manager] C:\Users\***\M-1-25-5432-6437-5685\winmgr.exe ()
O4 - HKCU..\Run: [netctf] C:\Users\***\AppData\Roaming\netctf.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
F3 - HKCU WinNT: Load - (C:\Users\***\AppData\Roaming\19EBA\lvvm.exe) -C:\Users\***\AppData\Roaming\19EBA\lvvm.exe ()
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.182 195.50.140.114
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2CDBAD0-CA5A-46D5-9D73-7BA248F4CE30}: DhcpNameServer = 195.50.140.182 195.50.140.114
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\***\AppData\Roaming\07519\A7087.exe) -C:\Users\***\AppData\Roaming\07519\A7087.exe ()
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.06.02 13:11:55 | 000,131,720 | R--- | M] (InstallShield Software Corporation) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.02.22 11:08:27 | 000,058,601 | R--- | M] () - E:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2008.02.22 11:08:27 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.02.22 11:08:44 | 000,000,382 | R--- | M] () - E:\autorun.ini -- [ UDF ]
O33 - MountPoints2\{63e1d61e-4d07-11de-b5c6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{63e1d61e-4d07-11de-b5c6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008.06.02 13:11:55 | 000,131,720 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{724ca32f-e5a7-11df-99f8-00238ba70873}\Shell - "" = AutoRun
O33 - MountPoints2\{724ca32f-e5a7-11df-99f8-00238ba70873}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{a0e3ea5e-3183-11df-aa84-00238ba70873}\Shell - "" = AutoRun
O33 - MountPoints2\{a0e3ea5e-3183-11df-aa84-00238ba70873}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{b903c519-6249-11de-90f6-00238ba70873}\Shell - "" = AutoRun
O33 - MountPoints2\{b903c519-6249-11de-90f6-00238ba70873}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C9BEB9E-8D33-12F7-FEE3-CBFDF515B385} - Browser Customizations
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F65D4887-FFC2-78CB-1EE7-2710D9F29D88} - Macromedia Shockwave Director 10.1
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CLMLServer for HP TouchSmart - hkey= - key= - C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: DVDAgent - hkey= - key= - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
MsConfig - StartUpReg: HPAdvisor - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: SmartMenu - hkey= - key= -  File not found
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: TSMAgent - hkey= - key= - C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
MsConfig - StartUpReg: TVAgent - hkey= - key= - C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdateLBPShortCut - hkey= - key= - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdateP2GoShortCut - hkey= - key= - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdatePDIRShortCut - hkey= - key= - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdatePSTShortCut - hkey= - key= - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.28 15:37:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.12.28 15:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\19EBA
[2011.12.27 13:01:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ubisoft
[2011.12.26 18:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011.12.26 18:27:44 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011.12.26 18:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2011.12.26 18:25:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield
[2011.12.26 18:23:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\19EBA
[2011.12.26 18:23:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\07519
[2011.12.25 22:21:51 | 000,000,000 | RHSD | C] -- C:\Users\***\M-1-25-5432-6437-5685
[2011.12.25 15:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2011.12.25 15:02:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sony Corporation
[2011.12.25 14:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Content Transfer
[2011.12.25 14:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2011.12.25 13:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WALKMAN Guide
[2011.12.25 13:58:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations
[2011.12.25 13:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.28 15:40:36 | 000,617,456 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.28 15:40:36 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.28 15:40:36 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.28 15:40:36 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.28 15:37:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.12.28 15:35:12 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011.12.28 15:35:12 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011.12.28 15:35:04 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.12.28 15:34:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.27 22:24:53 | 000,352,616 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011.12.27 22:24:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.27 22:24:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.27 03:01:45 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CB831F9B-525C-484F-9610-0C6131608B2D}.job
[2011.12.26 18:53:13 | 000,067,072 | ---- | M] () -- C:\Users\***\AppData\Roaming\netctf.exe
[2011.12.26 18:53:13 | 000,067,072 | ---- | M] () -- C:\ProgramData\dxpctf.exe
[2011.12.26 18:28:04 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011.12.26 18:27:09 | 000,290,816 | ---- | M] () -- C:\Users\***\AppData\Roaming\firefox.exe
[2011.12.26 15:08:29 | 292,683,193 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.25 14:01:34 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Content Transfer.lnk
[2011.12.25 13:59:21 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\NWZ-E450 WALKMAN Guide.lnk
[2011.12.25 13:52:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.12.19 18:34:18 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor***.job
[2011.12.17 10:00:20 | 002,252,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.09 20:54:41 | 000,000,924 | ---- | M] () -- C:\Users\***\Desktop\Die Dunkle Bedrohung spielen.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.28 15:35:04 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.12.26 18:53:19 | 000,067,072 | ---- | C] () -- C:\Users\***\AppData\Roaming\netctf.exe
[2011.12.26 18:53:19 | 000,067,072 | ---- | C] () -- C:\ProgramData\dxpctf.exe
[2011.12.26 18:27:46 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011.12.26 18:27:09 | 000,290,816 | ---- | C] () -- C:\Users\***\AppData\Roaming\firefox.exe
[2011.12.25 14:01:34 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Content Transfer.lnk
[2011.12.25 13:59:21 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\NWZ-E450 WALKMAN Guide.lnk
[2011.12.25 13:52:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.12.09 20:54:41 | 000,000,924 | ---- | C] () -- C:\Users\***\Desktop\Die Dunkle Bedrohung spielen.lnk
[2011.10.13 16:23:31 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.06.17 08:43:37 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.06.17 08:43:37 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.06.12 16:42:19 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.05.22 18:12:18 | 000,000,120 | ---- | C] () -- C:\Users\***\AppData\Local\Ddumosubukaqi.dat
[2011.05.22 18:12:18 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\Llifefogufa.bin
[2010.05.11 21:35:03 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.03.12 11:32:03 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.09.12 11:29:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.12 11:29:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.18 19:16:58 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.08.18 17:47:19 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2009.06.29 20:08:29 | 000,000,581 | ---- | C] () -- C:\Windows\eReg.dat
[2009.06.15 20:07:26 | 000,023,552 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.10 02:58:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.01.23 11:38:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.01.23 11:34:59 | 000,617,456 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.01.23 11:34:59 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.01.23 11:34:59 | 000,122,258 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.01.23 11:34:59 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.01.23 04:54:18 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008.12.31 13:36:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.12.31 12:55:34 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.10.30 10:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.10.21 13:40:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008.10.21 13:40:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 002,252,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,586,568 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,100,640 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.12.18 13:44:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.12.27 03:18:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\07519
[2011.12.26 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\19EBA
[2010.06.28 20:23:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Facebook
[2011.05.04 15:50:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2009.05.30 16:38:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\muvee Technologies
[2010.02.18 21:58:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2009.11.14 19:53:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg
[2011.05.03 20:15:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TIPP10
[2011.12.27 13:01:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2011.12.28 15:35:04 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.12.26 18:28:04 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011.12.27 22:27:09 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.27 03:01:45 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CB831F9B-525C-484F-9610-0C6131608B2D}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.05.30 13:55:09 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.05.27 16:10:45 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2011.09.04 11:41:17 | 000,000,000 | -HSD | M] -- C:\boot
[2011.10.26 15:04:05 | 000,000,000 | ---D | M] -- C:\Der Meisterdieb
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.05.30 13:48:21 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.05.30 13:50:19 | 000,000,000 | -H-D | M] -- C:\HP
[2009.01.23 04:39:48 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.28 15:35:44 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.27 22:25:24 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.05.30 13:48:21 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.05.30 13:50:51 | 000,000,000 | ---D | M] -- C:\SWSetup
[2011.12.27 05:06:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.05.30 13:50:51 | 000,000,000 | -H-D | M] -- C:\System.sav
[2009.05.30 13:48:41 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.27 03:17:51 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.01.23 11:56:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009.01.23 11:56:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009.01.23 11:56:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009.01.23 11:56:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.03.03 14:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) Unable to obtain MD5 -- C:\Windows\system32\drivers\vsdatant.sys
[1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2011.12.28 15:55:51 | 002,621,440 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2011.12.28 15:55:51 | 000,262,144 | -H-- | M] () -- C:\Users\***\ntuser.dat.LOG1
[2009.05.30 13:48:42 | 000,000,000 | -H-- | M] () -- C:\Users\***\ntuser.dat.LOG2
[2011.05.26 21:28:37 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{0d2fbc09-7124-11e0-90de-00238ba70873}.TM.blf
[2011.05.26 21:28:37 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{0d2fbc09-7124-11e0-90de-00238ba70873}.TMContainer00000000000000000001.regtrans-ms
[2011.04.28 00:14:51 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{0d2fbc09-7124-11e0-90de-00238ba70873}.TMContainer00000000000000000002.regtrans-ms
[2011.04.23 17:42:11 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011.04.23 17:42:11 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.05.30 21:02:31 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2011.12.27 22:27:08 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{a36218f7-886b-11e0-8e19-00238ba70873}.TM.blf
[2011.12.27 22:27:08 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{a36218f7-886b-11e0-8e19-00238ba70873}.TMContainer00000000000000000001.regtrans-ms
[2011.05.27 23:48:12 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{a36218f7-886b-11e0-8e19-00238ba70873}.TMContainer00000000000000000002.regtrans-ms
[2009.05.30 13:48:43 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---



OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.12.2011 15:47:36 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 83,42% Memory free
6,19 Gb Paging File | 5,87 Gb Available in Paging File | 94,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,46 Gb Total Space | 186,23 Gb Free Space | 64,79% Space Free | Partition Type: NTFS
Drive D: | 10,63 Gb Total Space | 1,79 Gb Free Space | 16,87% Space Free | Partition Type: NTFS
Drive E: | 6,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C1FB282-B72D-4F82-A76F-8FA065446CA1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{51BC1328-17F9-41B4-8364-9FF34D0C8558}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{6EF29E65-C506-4778-B9E0-A981821DF6B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{164AAE03-379C-4E02-802F-F70728298380}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{1665F4BB-7B08-492C-9D59-AB96CF75350B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{170FCBDB-34CC-4CF7-8785-601E53B336C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{46C7D331-40DB-49FC-86B8-CF12B6933CA4}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{4B28083F-0402-4D59-9F90-20B13FA61ADA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5B568EFA-3937-4827-BBA8-35BDBFFA3774}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{61460404-0C40-400F-9BE7-2AE8C74D30DC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{6BEAEB23-ECF4-4514-82F6-6E937945B3CA}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{6C4D1D60-F6EF-4CB1-8282-DE2DBE987E4F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{6FF88DCA-F100-47CE-9AF3-D70DD65D0FC2}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{847A25F3-5037-4F3C-90CB-3E670FD21139}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{8F707781-B175-4715-945B-BBB0458958A5}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{94C53CFE-F62D-4FCB-B7C9-555D31037BC2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{95968400-E246-4605-9E56-046453FCD383}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{95E3197A-207D-4E95-B20C-562A5B54DD20}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{99535468-2460-40EC-8B74-083EEAFCB102}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe | 
"{A4256945-AE2A-4087-86D0-8D7200A519A8}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{AFC93C96-AA10-4B56-B033-1B56D96AFF79}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{B29840FF-554B-4321-A2A0-080B2AD1ECB3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{B3562B49-86C9-40EF-9826-63EFCC578FF2}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe | 
"{B4AAF6CC-AD80-40BE-A4DE-F198EB7900F5}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{B8032C2C-AB3C-4646-AE8D-F45B57001A85}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{C169A3CD-BF6F-430A-AB2B-F453AC00DB4E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{DF8D54B5-F9F1-4F31-9D5B-CE15E9E3512A}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe | 
"{E2F656F5-0E63-428D-B459-C9349213881B}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{F3C61C77-297B-4C18-852E-76840D5B7B7C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"TCP Query User{034F9432-C20E-4FA2-8EAD-75AB2EC4EC8D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{B33A01B3-7C75-4698-B8EC-B2F117503122}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe | 
"TCP Query User{D64FF0A4-F9AB-48F4-A8FD-A1151AA8E013}C:\program files\hasbro interactive\rollercoaster tycoon\rct.icd" = protocol=6 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon\rct.icd | 
"UDP Query User{478A12B9-9628-4DD9-8696-D949E221E0E3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{52295190-A7B6-4524-910A-CE560EFDD137}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe | 
"UDP Query User{917AFE62-C777-450E-A88A-BCC17CF13AFE}C:\program files\hasbro interactive\rollercoaster tycoon\rct.icd" = protocol=17 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon\rct.icd | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A6C2811-AD29-473F-8086-F0B401276DEC}" = NWZ-E450 WALKMAN Guide
"{0C7F8FBE-435C-34D2-6813-2A632AAC0C92}" = Catalyst Control Center Localization Greek
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E1F58B6-39BF-23FC-B4E5-3A2B4A0FADEB}" = CCC Help Turkish
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0EEF3E07-3971-5080-2A3F-910691DA1135}" = Catalyst Control Center Graphics Previews Vista
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{114C14EE-652A-5EF6-59B8-3E5B33D6A4DF}" = Catalyst Control Center Graphics Full New
"{116C3B09-ADE0-1B8B-2F9F-C8B09A89F9AA}" = CCC Help Thai
"{12C11B2C-00F3-AF06-94D4-1AAF70616507}" = Catalyst Control Center Graphics Light
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1EC09CDB-0674-B3D6-FCB1-7B3CE2BFF3E8}" = Catalyst Control Center Localization Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{255C206B-4776-1D14-9EDD-2F9458847739}" = ccc-core-static
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34CFF761-7AD1-7C1A-4513-79B3E2F54290}" = CCC Help Greek
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36E90C09-EB23-4EAC-8B47-12C0CA5DBD3A}" = HP User Guides 0126
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6F3C3C-A83C-34D5-F80A-4FDA2FBBFE2F}" = Catalyst Control Center Localization Chinese Standard
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DFA31F1-4747-60E4-6CA9-0060CFB99E30}" = CCC Help Spanish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4198AAE5-A938-B0A0-9AD2-95C2F23ED677}" = Catalyst Control Center Localization Italian
"{46345EA6-1608-2E99-B47F-D83725A5C4D9}" = CCC Help Hungarian
"{46ACB9C1-6109-088B-931F-B7A5CE735504}" = CCC Help Italian
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{51B8CA01-3E68-9993-E6F3-7F8982A0F600}" = CCC Help Finnish
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{650A275F-75B8-B71E-4C9D-04E952A63E5F}" = Catalyst Control Center Graphics Previews Common
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6756A967-2904-DE46-3265-4BB80B934904}" = Catalyst Control Center Localization Chinese Traditional
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{735DAC68-3FF4-2895-83A2-DBF135AB9F44}" = CCC Help German
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DAD42E6-BBE7-C12B-C78D-8AC8C87F4055}" = Catalyst Control Center Localization German
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90EF242A-A2ED-FBBD-2F1F-A159DB0DDAC3}" = CCC Help Chinese Traditional
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9198CC8F-8B08-6F7B-BF7D-A6594526B5DF}" = Catalyst Control Center Localization Hungarian
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93DD8BC9-ADD5-D20B-22B5-1526E45CB6C8}" = CCC Help French
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{99AF6670-F557-F4D3-3069-AE62DA675A70}" = Catalyst Control Center Localization French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88930B-A7E7-03E5-1313-BED90FCCF72C}" = CCC Help Swedish
"{9BB5EF11-1770-4F19-B698-D59E94989B3D}" = Ad-Aware
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F19486B-B187-5A51-189F-FCCEBBB70E2E}" = Catalyst Control Center Localization Dutch
"{A019B329-BFA8-3F59-6F80-6A3714104CE9}" = CCC Help English
"{A107F928-EED3-28FC-857F-ED33FEDBA02A}" = Catalyst Control Center Localization Korean
"{A15B2786-6F7E-0B96-A222-141202F9CECC}" = CCC Help Japanese
"{A5D5CC36-6A42-6FB6-882F-90C6262C8DCA}" = CCC Help Korean
"{A70C9DB4-84BC-4761-BB55-7A738BFA5432}" = Groove Agent One for Cubase 5
"{A7AC8E69-01FF-494E-9A2C-423B82CEA604}" = HP MediaSmart SmartMenu
"{A9359BA2-B496-8E14-EDA9-923DBE8913CB}" = Catalyst Control Center Localization Thai
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3D11644-94AB-17E7-D9CF-52EF943D9F52}" = Catalyst Control Center Localization Spanish
"{B4B199E3-4D33-4F08-688A-9BCE5920AAF6}" = Catalyst Control Center Localization Japanese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDDB0932-2C7F-ABB3-ED54-6F045EEF14F7}" = Catalyst Control Center Localization Swedish
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C2E52B6F-E4F1-B9D6-D671-D7E2FC60C7C0}" = CCC Help Chinese Standard
"{C3BB5992-04BD-5A27-A8A5-5D976DF8E743}" = ATI Catalyst Install Manager
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C58AED82-0DD9-DF4B-1CE7-F7EE9B1BBB83}" = CCC Help Danish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C61D8EF2-D9BF-B36F-4887-ADE39C924F3F}" = Catalyst Control Center Localization Polish
"{C7D02E19-07F2-8EE5-7C18-1617A656AF74}" = Catalyst Control Center Localization Turkish
"{C91CC841-7B39-9454-4A16-91C7FF300EC8}" = CCC Help Portuguese
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CAAAB039-95E4-6F1C-36CC-2E6005E2540D}" = ccc-utility
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE60D4C0-86A7-52C8-7C8A-AFD2E99A1790}" = Catalyst Control Center Graphics Full Existing
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D6EA6018-0F5B-E4CC-C930-990412BED306}" = Catalyst Control Center Localization Czech
"{D80D6A7D-A6AA-019A-12D8-CA58F76FA313}" = Skins
"{DB7DE91F-AC23-7A23-B1A7-6FD3A05534E2}" = CCC Help Czech
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DFC21203-E063-A351-8027-F5D43162539D}" = CCC Help Norwegian
"{E0FE7850-04F8-D01A-971F-C7B00F8D003A}" = Catalyst Control Center Localization Russian
"{E18407AE-614D-5B0B-9C38-5A1853E8AB5D}" = Catalyst Control Center Core Implementation
"{E1B2BA63-4023-B582-0D88-ABB528E281D9}" = Catalyst Control Center InstallProxy
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E651B083-2904-8342-5C27-39800B39E03B}" = CCC Help Polish
"{E6695454-03CD-146E-4A10-75FCB5AFE3FB}" = Catalyst Control Center Localization Finnish
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E9D045D8-E31E-E3D6-004D-9AD4EE6C2747}" = CCC Help Russian
"{E9EEB277-B66C-9A72-9CF0-90AC7BFC2095}" = Catalyst Control Center Localization Norwegian
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F98DF01D-F1C3-3878-FCE6-F749729A8949}" = CCC Help Dutch
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDBA2850-0054-7733-527B-A6286D639345}" = Catalyst Control Center Localization Portuguese
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"AOL Toolbar" = AOL Toolbar 5.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"LucasArts' The Phantom Menace" = LucasArts Die Dunkle Bedrohung
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---
__________________

Alt 28.12.2011, 15:42   #4
markusg
/// Malware-holic
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"



hi
stimmt so :-)
bitte *** im script durch nutzernamen ersetzen damit es funktioniert


achtung!

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
F3 - HKCU WinNT: Load - (C:\Users\***\AppData\Roaming\19EBA\lvvm.exe) -C:\Users\***\AppData\Roaming\19EBA\lvvm.exe ()
O4 - HKCU..\Run: [netctf] C:\Users\***\AppData\Roaming\netctf.exe ()
O4 - HKCU..\Run: [Microsoft® Windows Manager] C:\Users\***\M-1-25-5432-6437-5685\winmgr.exe ()
O4 - HKCU..\Run: [iexploer.exe] C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe ()
O4 - HKCU..\Run: [dxpctf] C:\ProgramData\dxpctf.exe ()
O4 - HKCU..\Run: [38B.exe] C:\Users\***\AppData\Roaming\Microsoft\8730\38B.exe ()
O4 - HKLM..\Run: [38B.exe] C:\Programme\LP\8730\38B.exe ()
PRC - C:\Programme\19EBA\lvvm.exe ()
PRC - C:\Users\***\AppData\Roaming\07519\A7087.exe ()
PRC - C:\Programme\LP\8730\38B.exe ()
MOD - C:\Programme\19EBA\lvvm.exe ()
MOD - C:\Users\***\AppData\Roaming\07519\A7087.exe ()
MOD - C:\Programme\LP\8730\38B.exe ()
O20 - HKCU Winlogon: Shell - (C:\Users\***\AppData\Roaming\07519\A7087.exe) -C:\Users\***\AppData\Roaming\07519\A7087.exe ()
[2011.12.28 15:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\19EBA
[2011.12.26 18:23:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\19EBA
[2011.12.26 18:28:04 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011.12.26 18:27:09 | 000,290,816 | ---- | M] () -- C:\Users\***\AppData\Roaming\firefox.exe
 :Files
C:\Users\***\AppData\Roaming\19EBA
C:\Programme\LP
C:\Users\***\AppData\Roaming\07519
C:\Users\***\AppData\Roaming\netctf.exe
C:\Users\***\M-1-25-5432-6437-5685
C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe
C:\ProgramData\dxpctf.exe
C:\Users\***\AppData\Roaming\Microsoft\8730
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

öffne internet explorer, internet optionen verbindung, lan verbindung.
eintrag bei proxy server und port löschen, haken bei proxy verwenden raus.
übernehmen ok
öffne firefox, öffne extras öffne einstellungen, erweitert, netzwerk verbindung.
dann eintrag bei proxy löschen, keinen proxy verwenden wählen übernehmen ok
öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.12.2011, 16:55   #5
tafciam
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"



Okay! =)
Hier schonmal der Inhalt des Textdokuments:

Code:
ATTFilter
All processes killed
========== OTL ==========
File \Users\***\AppData\Roaming\19EBA\lvvm.exe) -C:\Users\***\AppData\Roaming\19EBA\lvvm.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\***\AppData\Roaming\19EBA\lvvm.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\netctf deleted successfully.
C:\Users\***\AppData\Roaming\netctf.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft® Windows Manager deleted successfully.
C:\Users\***\M-1-25-5432-6437-5685\winmgr.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\iexploer.exe deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dxpctf deleted successfully.
C:\ProgramData\dxpctf.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\38B.exe deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\8730\38B.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\38B.exe deleted successfully.
C:\Programme\LP\8730\38B.exe moved successfully.
No active process named lvvm.exe was found!
No active process named A7087.exe was found!
No active process named 38B.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\***\AppData\Roaming\07519\A7087.exe deleted successfully.
File \Users\***\AppData\Roaming\07519\A7087.exe) -C:\Users\***\AppData\Roaming\07519\A7087.exe not found.
C:\Program Files\19EBA folder moved successfully.
C:\Users\***\AppData\Roaming\19EBA folder moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
C:\Users\***\AppData\Roaming\firefox.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: ***
->Flash cache emptied: 284949 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 2158140529 bytes
->Temporary Internet Files folder emptied: 3348507415 bytes
->Java cache emptied: 612951 bytes
->FireFox cache emptied: 42814498 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 84582234 bytes
RecycleBin emptied: 26360282 bytes
 
Total Files Cleaned = 5.399,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12282011_172413

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Zum zweiten Teil:

Bei dem Textdokument muss ich auch wieder den Namen verändern, oder?

Zitat:
wähle zu moved files.rar oder zip hinzufügen.
Also bei mir steht da "Senden an" -> "ZIP-komprimierten Ordner".
Das ist das gleiche, oder?

Tschuldigung, aber ich frag lieber einmal zu oft nach, als dass ich es dann falsch mache.


Und noch was:
Ich hab jezt wieder im normalen Modus hochgefahren. Ist das okay, oder muss ich im abgesicherten Modus bleiben? =)


Alt 28.12.2011, 17:10   #6
markusg
/// Malware-holic
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"



ja ist das gleiche, ja normaler modus ist ok :-)
__________________
--> "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"

Alt 28.12.2011, 17:38   #7
tafciam
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"



Okay, hab ich gemacht! =)

Alt 28.12.2011, 18:15   #8
markusg
/// Malware-holic
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"



man dankt.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.12.2011, 19:39   #9
tafciam
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"



Voilà:

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-12-28.03 - *** 28.12.2011  20:17:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3068.1922 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\8730\3EB4.tmp
c:\program files\LP\8730\A006.tmp
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-28 bis 2011-12-28  ))))))))))))))))))))))))))))))
.
.
2011-12-28 19:25 . 2011-12-28 19:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-28 16:19 . 2011-12-28 17:28	--------	d-----w-	C:\_OTL
2011-12-27 12:01 . 2011-12-27 12:01	--------	d-----w-	c:\users\***\AppData\Roaming\Ubisoft
2011-12-26 17:53 . 2011-12-26 17:53	67072	----a-w-	c:\users\***\AppData\Roaming\Microsoft\8730\6316.exe
2011-12-26 17:43 . 2011-12-26 17:43	--------	d-----w-	c:\programdata\Ubisoft
2011-12-26 17:26 . 2011-12-26 17:26	--------	d-----w-	c:\program files\Ubisoft
2011-12-26 17:25 . 2011-12-26 17:25	--------	d-----w-	c:\users\***\AppData\Roaming\InstallShield
2011-12-26 17:23 . 2011-12-26 17:23	103424	----a-w-	c:\users\***\AppData\Roaming\Microsoft\8730\3FB1.tmp
2011-12-26 17:23 . 2011-12-27 02:18	--------	d-----w-	c:\users\***\AppData\Roaming\07519
2011-12-25 21:21 . 2011-12-28 16:24	--------	d-sh--r-	c:\users\***\M-1-25-5432-6437-5685
2011-12-25 14:02 . 2011-12-25 14:02	--------	d-----w-	c:\programdata\Sony Corporation
2011-12-25 14:02 . 2011-12-25 14:02	--------	d-----w-	c:\users\***\AppData\Roaming\Sony Corporation
2011-12-25 13:01 . 2011-12-25 13:01	--------	d-----w-	c:\program files\Common Files\Sony Shared
2011-12-25 12:58 . 2011-12-25 13:00	--------	d-----w-	c:\users\***\AppData\Local\Downloaded Installations
2011-12-25 12:56 . 2011-12-25 13:01	--------	d-----w-	c:\program files\Sony
2011-12-23 12:02 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{575A29D8-AC1B-4320-8140-D3388800E396}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 18:56 . 2011-05-28 10:35	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-11-16 172856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-10-26 450659]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38	34672	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]
2008-12-25 11:41	189736	------w-	c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2008-11-28 16:04	1148200	------w-	c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-11-18 09:57	966656	----a-w-	c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 08:16	2363392	----a-w-	c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-10-10 11:24	206128	----a-w-	c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2008-11-18 17:35	914224	----a-w-	c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-07-24 16:48	1348904	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent]
2008-12-25 11:41	1316136	------w-	c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]
2009-01-21 15:23	210216	----a-r-	c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-11-14 20:02	218408	------w-	c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-13 17:11	210216	------w-	c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-10-30 10:51	210216	------w-	c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-13 17:11	210216	------w-	c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-11-26 10:34	210216	------w-	c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-05-25 15232]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-05-25 64512]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/10 04:01];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 16:04 87536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe [2008-06-27 77824]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-30 136360]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-19 c:\windows\Tasks\HPCeeScheduleFor***.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-01-23 10:34]
.
2011-12-28 c:\windows\Tasks\User_Feed_Synchronization-{CB831F9B-525C-484F-9610-0C6131608B2D}.job
- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyServer = http=127.0.0.1:54869
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-DE\local\search.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.50.140.182 195.50.140.114
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.2&q=
FF - prefs.js: network.proxy.type - 0
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
AddRemove-LucasArts' The Phantom Menace - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-28 20:25
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{03af562d-ebcf-4b08-80af-302bde44b202}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a00238b
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{214d804d-99b8-4d5b-a99f-875361ef55db}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f0016d3
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d2cdbad0-ca5a-46d5-9d73-7ba248f4ce30}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:100022fa
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
Zeit der Fertigstellung: 2011-12-28  20:27:32
ComboFix-quarantined-files.txt  2011-12-28 19:27
.
Vor Suchlauf: 9 Verzeichnis(se), 201.977.675.776 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 201.911.574.528 Bytes frei
.
- - End Of File - - 194AE69B29470AD49D9AF39A83B033E1
         
--- --- ---

Alt 28.12.2011, 19:48   #10
markusg
/// Malware-holic
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
lösche nichts, nur log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.12.2011, 14:21   #11
tafciam
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"



Ich hoffe es stimmt so. =)

Code:
ATTFilter
15:15:27.0314 3916	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
15:15:29.0155 3916	============================================================
15:15:29.0155 3916	Current date / time: 2011/12/29 15:15:29.0155
15:15:29.0155 3916	SystemInfo:
15:15:29.0155 3916	
15:15:29.0155 3916	OS Version: 6.0.6002 ServicePack: 2.0
15:15:29.0155 3916	Product type: Workstation
15:15:29.0155 3916	ComputerName: ***-PC
15:15:29.0155 3916	UserName: ***
15:15:29.0155 3916	Windows directory: C:\Windows
15:15:29.0155 3916	System windows directory: C:\Windows
15:15:29.0155 3916	Processor architecture: Intel x86
15:15:29.0155 3916	Number of processors: 2
15:15:29.0155 3916	Page size: 0x1000
15:15:29.0155 3916	Boot type: Normal boot
15:15:29.0155 3916	============================================================
15:15:30.0543 3916	Initialize success
15:16:59.0571 6084	============================================================
15:16:59.0571 6084	Scan started
15:16:59.0571 6084	Mode: Manual; SigCheck; TDLFS; 
15:16:59.0571 6084	============================================================
15:17:00.0632 6084	Accelerometer   (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
15:17:00.0726 6084	Accelerometer - ok
15:17:00.0788 6084	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:17:00.0819 6084	ACPI - ok
15:17:01.0022 6084	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:17:01.0084 6084	adp94xx - ok
15:17:01.0225 6084	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:17:01.0240 6084	adpahci - ok
15:17:01.0443 6084	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:17:01.0459 6084	adpu160m - ok
15:17:01.0568 6084	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:17:01.0599 6084	adpu320 - ok
15:17:01.0740 6084	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:17:01.0818 6084	AFD - ok
15:17:02.0208 6084	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:17:02.0239 6084	agp440 - ok
15:17:02.0301 6084	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:17:02.0317 6084	aic78xx - ok
15:17:02.0364 6084	aliide          (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
15:17:02.0379 6084	aliide - ok
15:17:02.0473 6084	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:17:02.0488 6084	amdagp - ok
15:17:02.0488 6084	amdide          (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
15:17:02.0504 6084	amdide - ok
15:17:02.0535 6084	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:17:02.0582 6084	AmdK7 - ok
15:17:02.0691 6084	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:17:02.0722 6084	AmdK8 - ok
15:17:02.0863 6084	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:17:02.0878 6084	arc - ok
15:17:02.0925 6084	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:17:02.0941 6084	arcsas - ok
15:17:03.0034 6084	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:17:03.0081 6084	AsyncMac - ok
15:17:03.0128 6084	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:17:03.0144 6084	atapi - ok
15:17:03.0705 6084	atikmdag        (96f5eea88f9146f5f803ad20c4264565) C:\Windows\system32\DRIVERS\atikmdag.sys
15:17:03.0955 6084	atikmdag - ok
15:17:04.0048 6084	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
15:17:04.0064 6084	avgio - ok
15:17:04.0189 6084	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
15:17:04.0236 6084	avgntflt - ok
15:17:04.0282 6084	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
15:17:04.0298 6084	avipbb - ok
15:17:04.0438 6084	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:17:04.0454 6084	Beep - ok
15:17:04.0516 6084	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:17:04.0563 6084	blbdrive - ok
15:17:04.0688 6084	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:17:04.0766 6084	bowser - ok
15:17:04.0860 6084	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:17:04.0906 6084	BrFiltLo - ok
15:17:04.0984 6084	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:17:05.0031 6084	BrFiltUp - ok
15:17:05.0109 6084	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:17:05.0265 6084	Brserid - ok
15:17:05.0406 6084	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:17:05.0468 6084	BrSerWdm - ok
15:17:05.0515 6084	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:17:05.0577 6084	BrUsbMdm - ok
15:17:05.0686 6084	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:17:05.0749 6084	BrUsbSer - ok
15:17:05.0796 6084	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:17:05.0874 6084	BTHMODEM - ok
15:17:05.0967 6084	catchme - ok
15:17:06.0045 6084	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:17:06.0092 6084	cdfs - ok
15:17:06.0201 6084	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:17:06.0248 6084	cdrom - ok
15:17:06.0342 6084	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
15:17:06.0388 6084	circlass - ok
15:17:06.0544 6084	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:17:06.0576 6084	CLFS - ok
15:17:06.0669 6084	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:17:06.0732 6084	CmBatt - ok
15:17:06.0763 6084	cmdide          (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
15:17:06.0778 6084	cmdide - ok
15:17:06.0872 6084	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:17:06.0888 6084	Compbatt - ok
15:17:06.0919 6084	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:17:06.0919 6084	crcdisk - ok
15:17:06.0934 6084	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:17:06.0997 6084	Crusoe - ok
15:17:07.0137 6084	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:17:07.0184 6084	DfsC - ok
15:17:07.0324 6084	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:17:07.0340 6084	disk - ok
15:17:07.0418 6084	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:17:07.0465 6084	drmkaud - ok
15:17:07.0590 6084	DXGKrnl         (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
15:17:07.0652 6084	DXGKrnl - ok
15:17:07.0777 6084	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:17:07.0839 6084	E1G60 - ok
15:17:07.0917 6084	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:17:07.0948 6084	Ecache - ok
15:17:08.0073 6084	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:17:08.0136 6084	elxstor - ok
15:17:08.0229 6084	enecir          (004b2ea6cc2598ec5f0552e43ce29cef) C:\Windows\system32\DRIVERS\enecir.sys
15:17:08.0292 6084	enecir - ok
15:17:08.0401 6084	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:17:08.0432 6084	ErrDev - ok
15:17:08.0494 6084	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:17:08.0541 6084	exfat - ok
15:17:08.0635 6084	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:17:08.0682 6084	fastfat - ok
15:17:08.0713 6084	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:17:08.0791 6084	fdc - ok
15:17:08.0900 6084	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:17:08.0916 6084	FileInfo - ok
15:17:08.0947 6084	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:17:08.0978 6084	Filetrace - ok
15:17:09.0087 6084	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:17:09.0150 6084	flpydisk - ok
15:17:09.0228 6084	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:17:09.0259 6084	FltMgr - ok
15:17:09.0337 6084	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:17:09.0384 6084	Fs_Rec - ok
15:17:09.0415 6084	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:17:09.0430 6084	gagp30kx - ok
15:17:09.0586 6084	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
15:17:09.0649 6084	HdAudAddService - ok
15:17:09.0789 6084	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:17:09.0852 6084	HDAudBus - ok
15:17:09.0914 6084	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:17:10.0008 6084	HidBth - ok
15:17:10.0101 6084	HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
15:17:10.0148 6084	HidIr - ok
15:17:10.0210 6084	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:17:10.0273 6084	HidUsb - ok
15:17:10.0382 6084	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:17:10.0382 6084	HpCISSs - ok
15:17:10.0429 6084	hpdskflt        (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys
15:17:10.0444 6084	hpdskflt - ok
15:17:10.0476 6084	HpqKbFiltr      (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:17:10.0538 6084	HpqKbFiltr - ok
15:17:10.0632 6084	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:17:10.0725 6084	HTTP - ok
15:17:10.0803 6084	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:17:10.0819 6084	i2omp - ok
15:17:10.0881 6084	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:17:10.0928 6084	i8042prt - ok
15:17:11.0022 6084	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:17:11.0037 6084	iaStorV - ok
15:17:11.0100 6084	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:17:11.0115 6084	iirsp - ok
15:17:11.0178 6084	intelide        (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
15:17:11.0193 6084	intelide - ok
15:17:11.0224 6084	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:17:11.0271 6084	intelppm - ok
15:17:11.0380 6084	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:17:11.0443 6084	IpFilterDriver - ok
15:17:11.0443 6084	IpInIp - ok
15:17:11.0474 6084	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:17:11.0505 6084	IPMIDRV - ok
15:17:11.0536 6084	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:17:11.0568 6084	IPNAT - ok
15:17:11.0646 6084	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:17:11.0677 6084	IRENUM - ok
15:17:11.0692 6084	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:17:11.0708 6084	isapnp - ok
15:17:11.0770 6084	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:17:11.0786 6084	iScsiPrt - ok
15:17:11.0817 6084	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:17:11.0833 6084	iteatapi - ok
15:17:11.0926 6084	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:17:11.0926 6084	iteraid - ok
15:17:11.0973 6084	JMCR            (ab772e9cc29c29f59cb4b75f9d6f3f96) C:\Windows\system32\DRIVERS\jmcr.sys
15:17:12.0004 6084	JMCR - ok
15:17:12.0098 6084	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:17:12.0114 6084	kbdclass - ok
15:17:12.0176 6084	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:17:12.0207 6084	kbdhid - ok
15:17:12.0332 6084	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
15:17:12.0410 6084	KSecDD - ok
15:17:12.0519 6084	Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
15:17:12.0535 6084	Lavasoft Kernexplorer - ok
15:17:12.0675 6084	Lbd             (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
15:17:12.0691 6084	Lbd - ok
15:17:12.0722 6084	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:17:12.0769 6084	lltdio - ok
15:17:12.0894 6084	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:17:12.0909 6084	LSI_FC - ok
15:17:12.0909 6084	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:17:12.0925 6084	LSI_SAS - ok
15:17:12.0940 6084	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:17:12.0956 6084	LSI_SCSI - ok
15:17:12.0972 6084	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:17:13.0003 6084	luafv - ok
15:17:13.0050 6084	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:17:13.0065 6084	megasas - ok
15:17:13.0096 6084	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:17:13.0143 6084	MegaSR - ok
15:17:13.0237 6084	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:17:13.0299 6084	Modem - ok
15:17:13.0346 6084	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:17:13.0393 6084	monitor - ok
15:17:13.0424 6084	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:17:13.0440 6084	mouclass - ok
15:17:13.0518 6084	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:17:13.0533 6084	mouhid - ok
15:17:13.0549 6084	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:17:13.0564 6084	MountMgr - ok
15:17:13.0580 6084	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:17:13.0596 6084	mpio - ok
15:17:13.0627 6084	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:17:13.0674 6084	mpsdrv - ok
15:17:13.0767 6084	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:17:13.0798 6084	Mraid35x - ok
15:17:13.0845 6084	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:17:13.0923 6084	MRxDAV - ok
15:17:14.0017 6084	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:17:14.0048 6084	mrxsmb - ok
15:17:14.0095 6084	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:17:14.0126 6084	mrxsmb10 - ok
15:17:14.0235 6084	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:17:14.0282 6084	mrxsmb20 - ok
15:17:14.0360 6084	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:17:14.0376 6084	msahci - ok
15:17:14.0469 6084	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:17:14.0485 6084	msdsm - ok
15:17:14.0500 6084	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:17:14.0547 6084	Msfs - ok
15:17:14.0610 6084	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:17:14.0625 6084	msisadrv - ok
15:17:14.0703 6084	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:17:14.0750 6084	MSKSSRV - ok
15:17:14.0844 6084	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:17:14.0875 6084	MSPCLOCK - ok
15:17:14.0937 6084	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:17:15.0000 6084	MSPQM - ok
15:17:15.0031 6084	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:17:15.0046 6084	MsRPC - ok
15:17:15.0140 6084	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:17:15.0140 6084	mssmbios - ok
15:17:15.0171 6084	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:17:15.0218 6084	MSTEE - ok
15:17:15.0249 6084	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:17:15.0265 6084	Mup - ok
15:17:15.0374 6084	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:17:15.0405 6084	NativeWifiP - ok
15:17:15.0436 6084	NAVENG - ok
15:17:15.0452 6084	NAVEX15 - ok
15:17:15.0561 6084	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:17:15.0577 6084	NDIS - ok
15:17:15.0624 6084	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:17:15.0670 6084	NdisTapi - ok
15:17:15.0748 6084	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:17:15.0780 6084	Ndisuio - ok
15:17:15.0826 6084	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:17:15.0889 6084	NdisWan - ok
15:17:15.0936 6084	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:17:15.0967 6084	NDProxy - ok
15:17:16.0029 6084	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:17:16.0076 6084	NetBIOS - ok
15:17:16.0138 6084	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:17:16.0185 6084	netbt - ok
15:17:16.0357 6084	NETw3v32        (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
15:17:16.0513 6084	NETw3v32 - ok
15:17:16.0731 6084	NETw5v32        (ba420e8ebfcad35581fe8e4c64f71469) C:\Windows\system32\DRIVERS\NETw5v32.sys
15:17:17.0277 6084	NETw5v32 - ok
15:17:17.0418 6084	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:17:17.0433 6084	nfrd960 - ok
15:17:17.0574 6084	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:17:17.0620 6084	Npfs - ok
15:17:17.0667 6084	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:17:17.0714 6084	nsiproxy - ok
15:17:17.0854 6084	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:17:17.0901 6084	Ntfs - ok
15:17:17.0948 6084	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:17:17.0995 6084	ntrigdigi - ok
15:17:18.0073 6084	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:17:18.0104 6084	Null - ok
15:17:18.0120 6084	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:17:18.0135 6084	nvraid - ok
15:17:18.0166 6084	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:17:18.0182 6084	nvstor - ok
15:17:18.0198 6084	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:17:18.0213 6084	nv_agp - ok
15:17:18.0229 6084	NwlnkFlt - ok
15:17:18.0244 6084	NwlnkFwd - ok
15:17:18.0369 6084	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:17:18.0416 6084	ohci1394 - ok
15:17:18.0463 6084	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:17:18.0525 6084	Parport - ok
15:17:18.0634 6084	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:17:18.0650 6084	partmgr - ok
15:17:18.0681 6084	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:17:18.0744 6084	Parvdm - ok
15:17:18.0868 6084	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:17:18.0884 6084	pci - ok
15:17:18.0931 6084	pciide          (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
15:17:18.0946 6084	pciide - ok
15:17:19.0024 6084	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:17:19.0040 6084	pcmcia - ok
15:17:19.0102 6084	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:17:19.0180 6084	PEAUTH - ok
15:17:19.0305 6084	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:17:19.0368 6084	PptpMiniport - ok
15:17:19.0383 6084	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:17:19.0414 6084	Processor - ok
15:17:19.0492 6084	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:17:19.0539 6084	PSched - ok
15:17:19.0648 6084	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:17:19.0773 6084	ql2300 - ok
15:17:19.0882 6084	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:17:19.0898 6084	ql40xx - ok
15:17:19.0992 6084	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:17:20.0054 6084	QWAVEdrv - ok
15:17:20.0148 6084	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:17:20.0194 6084	RasAcd - ok
15:17:20.0241 6084	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:17:20.0272 6084	Rasl2tp - ok
15:17:20.0319 6084	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:17:20.0366 6084	RasPppoe - ok
15:17:20.0818 6084	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:17:20.0850 6084	RasSstp - ok
15:17:20.0974 6084	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:17:21.0006 6084	rdbss - ok
15:17:21.0037 6084	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:17:21.0084 6084	RDPCDD - ok
15:17:21.0146 6084	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:17:21.0193 6084	rdpdr - ok
15:17:21.0240 6084	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:17:21.0271 6084	RDPENCDD - ok
15:17:21.0333 6084	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:17:21.0380 6084	RDPWD - ok
15:17:21.0505 6084	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:17:21.0536 6084	rspndr - ok
15:17:21.0583 6084	RTL8169         (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:17:21.0645 6084	RTL8169 - ok
15:17:21.0739 6084	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:17:21.0754 6084	sbp2port - ok
15:17:21.0786 6084	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
15:17:21.0832 6084	sdbus - ok
15:17:21.0864 6084	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:17:21.0910 6084	secdrv - ok
15:17:22.0020 6084	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:17:22.0066 6084	Serenum - ok
15:17:22.0082 6084	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:17:22.0160 6084	Serial - ok
15:17:22.0191 6084	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:17:22.0238 6084	sermouse - ok
15:17:22.0347 6084	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:17:22.0378 6084	sffdisk - ok
15:17:22.0394 6084	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:17:22.0456 6084	sffp_mmc - ok
15:17:22.0488 6084	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:17:22.0534 6084	sffp_sd - ok
15:17:22.0628 6084	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:17:22.0690 6084	sfloppy - ok
15:17:22.0722 6084	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:17:22.0722 6084	sisagp - ok
15:17:22.0753 6084	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:17:22.0768 6084	SiSRaid2 - ok
15:17:22.0784 6084	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:17:22.0800 6084	SiSRaid4 - ok
15:17:22.0893 6084	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:17:22.0909 6084	Smb - ok
15:17:22.0956 6084	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:17:22.0971 6084	spldr - ok
15:17:22.0987 6084	SRTSP - ok
15:17:23.0002 6084	SRTSPX - ok
15:17:23.0049 6084	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:17:23.0080 6084	srv - ok
15:17:23.0205 6084	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:17:23.0236 6084	srv2 - ok
15:17:23.0283 6084	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:17:23.0330 6084	srvnet - ok
15:17:23.0424 6084	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
15:17:23.0439 6084	ssmdrv - ok
15:17:23.0502 6084	STHDA           (84c78b53838bdec2b0853adc782cd5de) C:\Windows\system32\DRIVERS\stwrt.sys
15:17:23.0580 6084	STHDA - ok
15:17:23.0673 6084	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:17:23.0689 6084	swenum - ok
15:17:23.0704 6084	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:17:23.0720 6084	Symc8xx - ok
15:17:23.0736 6084	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:17:23.0751 6084	Sym_hi - ok
15:17:23.0767 6084	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:17:23.0767 6084	Sym_u3 - ok
15:17:23.0876 6084	SynTP           (a94629c2c456a6d002556563d6b8ad1a) C:\Windows\system32\DRIVERS\SynTP.sys
15:17:23.0907 6084	SynTP - ok
15:17:23.0985 6084	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:17:24.0032 6084	Tcpip - ok
15:17:24.0126 6084	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:17:24.0157 6084	Tcpip6 - ok
15:17:24.0219 6084	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:17:24.0282 6084	tcpipreg - ok
15:17:24.0328 6084	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:17:24.0360 6084	TDPIPE - ok
15:17:24.0438 6084	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:17:24.0469 6084	TDTCP - ok
15:17:24.0516 6084	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:17:24.0547 6084	tdx - ok
15:17:24.0609 6084	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:17:24.0625 6084	TermDD - ok
15:17:24.0750 6084	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:17:24.0765 6084	tssecsrv - ok
15:17:24.0812 6084	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:17:24.0874 6084	tunnel - ok
15:17:24.0968 6084	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:17:24.0984 6084	uagp35 - ok
15:17:25.0030 6084	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:17:25.0062 6084	udfs - ok
15:17:25.0093 6084	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:17:25.0108 6084	uliagpkx - ok
15:17:25.0202 6084	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:17:25.0218 6084	uliahci - ok
15:17:25.0249 6084	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:17:25.0264 6084	UlSata - ok
15:17:25.0264 6084	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:17:25.0280 6084	ulsata2 - ok
15:17:25.0311 6084	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:17:25.0358 6084	umbus - ok
15:17:25.0467 6084	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:17:25.0514 6084	usbccgp - ok
15:17:25.0561 6084	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:17:25.0639 6084	usbcir - ok
15:17:25.0779 6084	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:17:25.0810 6084	usbehci - ok
15:17:25.0826 6084	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:17:25.0873 6084	usbhub - ok
15:17:25.0920 6084	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:17:25.0966 6084	usbohci - ok
15:17:26.0044 6084	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
15:17:26.0091 6084	usbprint - ok
15:17:26.0138 6084	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:17:26.0185 6084	USBSTOR - ok
15:17:26.0232 6084	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:17:26.0263 6084	usbuhci - ok
15:17:26.0341 6084	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:17:26.0403 6084	usbvideo - ok
15:17:26.0497 6084	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:17:26.0544 6084	vga - ok
15:17:26.0622 6084	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:17:26.0668 6084	VgaSave - ok
15:17:26.0731 6084	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:17:26.0762 6084	viaagp - ok
15:17:26.0840 6084	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:17:26.0887 6084	ViaC7 - ok
15:17:26.0934 6084	viaide          (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
15:17:26.0949 6084	viaide - ok
15:17:27.0012 6084	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:17:27.0027 6084	volmgr - ok
15:17:27.0074 6084	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:17:27.0090 6084	volmgrx - ok
15:17:27.0183 6084	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:17:27.0199 6084	volsnap - ok
15:17:27.0277 6084	Vsdatant        (c8f5455f43977580d489ce31178f4166) C:\Windows\system32\DRIVERS\vsdatant.sys
15:17:27.0292 6084	Vsdatant - ok
15:17:27.0386 6084	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:17:27.0417 6084	vsmraid - ok
15:17:27.0464 6084	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:17:27.0526 6084	WacomPen - ok
15:17:27.0620 6084	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:17:27.0651 6084	Wanarp - ok
15:17:27.0651 6084	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:17:27.0682 6084	Wanarpv6 - ok
15:17:27.0714 6084	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:17:27.0729 6084	Wd - ok
15:17:27.0760 6084	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:17:27.0792 6084	Wdf01000 - ok
15:17:27.0901 6084	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:17:27.0932 6084	WmiAcpi - ok
15:17:28.0010 6084	WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
15:17:28.0072 6084	WpdUsb - ok
15:17:28.0166 6084	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:17:28.0197 6084	ws2ifsl - ok
15:17:28.0260 6084	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:17:28.0275 6084	WUDFRd - ok
15:17:28.0400 6084	yukonwlh        (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
15:17:28.0478 6084	yukonwlh - ok
15:17:28.0572 6084	{55662437-DA8C-40c0-AADA-2C816A897A49} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
15:17:28.0587 6084	{55662437-DA8C-40c0-AADA-2C816A897A49} - ok
15:17:28.0603 6084	MBR (0x1B8)     (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
15:17:29.0461 6084	\Device\Harddisk0\DR0 - ok
15:17:29.0492 6084	Boot (0x1200)   (0715e651a19a54fa7561e489a309d7d9) \Device\Harddisk0\DR0\Partition0
15:17:29.0492 6084	\Device\Harddisk0\DR0\Partition0 - ok
15:17:29.0523 6084	Boot (0x1200)   (7e54eec1878cb440ec555748a5e4885b) \Device\Harddisk0\DR0\Partition1
15:17:29.0539 6084	\Device\Harddisk0\DR0\Partition1 - ok
15:17:29.0539 6084	============================================================
15:17:29.0539 6084	Scan finished
15:17:29.0539 6084	============================================================
15:17:29.0554 4120	Detected object count: 0
15:17:29.0554 4120	Actual detected object count: 0
         

Alt 29.12.2011, 14:57   #12
markusg
/// Malware-holic
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"



passt.

malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.12.2011, 01:33   #13
tafciam
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"



Voilà:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.29.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
*** :: ***-PC [Administrator]

29.12.2011 16:08:03
mbam-log-2011-12-29 (16-08-03).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 389096
Laufzeit: 1 Stunde(n), 38 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\***\M-1-25-5432-6437-5685 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 15
C:\Users\***\AppData\Roaming\07519\A7087.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\07519\BB2D5.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\Microsoft\8730\3FB1.tmp (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\Microsoft\8730\6316.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Downloads\IMG28057850.JPEG.scr (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Downloads\installer_divx_web_player_1_2_Deutsch_Deutsch.exe (PUP.SmsPay.pns) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\12282011_172413\C_Program Files\19EBA\lvvm.exe (Trojan.Downloader.BH) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\12282011_172413\C_ProgramData\dxpctf.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\12282011_172413\C_Programme\LP\8730\38B.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\12282011_172413\C_Users\user\AppData\Roaming\firefox.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\12282011_172413\C_Users\user\AppData\Roaming\netctf.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\12282011_172413\C_Users\user\AppData\Roaming\19EBA\lvvm.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\12282011_172413\C_Users\user\AppData\Roaming\Microsoft\8730\38B.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\12282011_172413\C_Users\user\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe (Trojan.Agent.BH) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\12282011_172413\C_Users\user\M-1-25-5432-6437-5685\winmgr.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 30.12.2011, 12:38   #14
markusg
/// Malware-holic
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"



lad mal bitte hitmanpro
http://www.trojaner-board.de/99424-c...o-scannen.html
doppelklicken, settings testlicense.
dann scannen, funde in quarantäne, log als xml datei exportieren und anhängen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.12.2011, 14:28   #15
tafciam
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"



Bitteschön:
Angehängte Dateien
Dateityp: txt log Name verändert.txt (20,0 KB, 134x aufgerufen)

Antwort

Themen zu "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
ahnung, andere, aus sicherheitsgründen wurde ihr windowssystem blockiert, bezahlen, bildschirm, bildschirm schwarz, blockiert, daten, entferne, entfernen, erscheint, fenster, hoffe, laptop, lieben, problem, schonmal, schwarz, sichere, unwissende, unwissenden, verloren, vista, windows, windows vista, windowssystem blockiert, wirklich, wurde ihr



Ähnliche Themen: "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"


  1. Kein Zugriff auf PC - "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (6)
  2. Virus: "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert", OTL ausgeführt, was nun?
    Log-Analyse und Auswertung - 08.04.2012 (5)
  3. Schwarzer Bildschirm, Deutschlandflagge, "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 04.04.2012 (9)
  4. Auch bei mir: "Achtung. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."
    Plagegeister aller Art und deren Bekämpfung - 18.03.2012 (2)
  5. Kein Zugriff auf PC - "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"
    Plagegeister aller Art und deren Bekämpfung - 08.03.2012 (24)
  6. Meldung: "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert", wie bei anderen.
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (2)
  7. BKA-Trojaner: "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 04.03.2012 (6)
  8. "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" - seltene Variante?
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (3)
  9. "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" - Virus, nun auch bei mir!
    Log-Analyse und Auswertung - 13.02.2012 (22)
  10. Zusatzproblem mit Virus: "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 09.02.2012 (5)
  11. "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert!" OTLogfile im Anhang
    Log-Analyse und Auswertung - 26.01.2012 (1)
  12. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem Blockiert, "Bezahlen nd Downloaden"
    Log-Analyse und Auswertung - 23.01.2012 (3)
  13. Windows 7 blockiert! Achtung! "Aus Sicherheitsgründen wurde ihr windowssystem blockiert"
    Log-Analyse und Auswertung - 17.01.2012 (8)
  14. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert ... "bezahlen und runterladen"
    Log-Analyse und Auswertung - 05.01.2012 (9)
  15. "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" logfile mbam-log-2011-12-08 (08-08-36).tx
    Log-Analyse und Auswertung - 08.12.2011 (1)
  16. roter Bildschirm "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" Hilfe
    Plagegeister aller Art und deren Bekämpfung - 01.12.2011 (18)
  17. roter Bildschirm "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 09.08.2011 (1)

Zum Thema "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" - Hallo ihr Lieben, ich habe mir wohl was eingefangen. Nach einer Weile wird bei meinem Laptop (Windows Vista) der Bildschirm schwarz und es erscheint ein Fenster, mein Windowssystem wäre aus - "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"...
Archiv
Du betrachtest: "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.