Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Blackscreen mit Windows Sicherheitswarnung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.04.2012, 19:20   #1
J_D133
 
Blackscreen mit Windows Sicherheitswarnung - Standard

Blackscreen mit Windows Sicherheitswarnung



Hallo,

habe mir leider vor kurzem einen Virus eingefangen in dem auf dem Bildschirm ein schwarzes Bild ist mit dem folgenden Text:

"ACHTUNG aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Durch das Besuchen von Seiten mit infizierten und pronografischen Seiten..."

Da ich selber nicht so fitt in Computer Angelegenheiten bin wollte ich euch fragen was ich denn am besten jetzt machen sollte.

Ich kann auch keine Desktop Symbole oder irgendwas an dem Computer verändern.
Danke schonmal für die Hilfe

Gruß J_D

Alt 02.04.2012, 20:02   #2
markusg
/// Malware-holic
 
Blackscreen mit Windows Sicherheitswarnung - Standard

Blackscreen mit Windows Sicherheitswarnung



hi
neustart, f8 drücken abgesicherter modus mit netzwerk wählen, im betroffenen konto anmelden, internet verbindung herstellen.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 02.04.2012, 20:53   #3
J_D133
 
Blackscreen mit Windows Sicherheitswarnung - Standard

Blackscreen mit Windows Sicherheitswarnung



Ich hatte währendessen noch auf einem anderen Benutzer an dem PC der auch Administrator ist einen Malwarebtis fullscan laufen der jetzt abgeschlossen ist. Der Blackscreen ist jetzt auch weg, muss ich OTL jetzt auch noch laufen lassen und wenn ja muss die dann auch im abgesicherten Modus geschehen oder kann ich das dann auch im normalen Modus machen?

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.02.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
hallo :: MASCHINE [administrator]

Protection: Enabled

02.04.2012 18:51:46
mbam-log-2012-04-02 (18-51-46).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 728591
Time elapsed: 1 hour(s), 52 minute(s), 58 second(s)

Memory Processes Detected: 1
C:\Users\J_D\AppData\Local\Skype\SkypePM.exe (Trojan.Ransom) -> 3656 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\J_D\AppData\Local\Skype\SkypePM.exe (Trojan.Ransom) -> Delete on reboot.
C:\Users\J_D\AppData\Local\Temp\ch8l0.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Users\J_D\AppData\Local\Temp\ch8l1.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Users\J_D\AppData\Local\Temp\ch8l2.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Users\J_D\AppData\Local\Temp\ch8l3.exe (Trojan.Ransom) -> Quarantined and deleted successfully.

(end)
         
__________________

Alt 02.04.2012, 20:57   #4
markusg
/// Malware-holic
 
Blackscreen mit Windows Sicherheitswarnung - Standard

Blackscreen mit Windows Sicherheitswarnung



ab jetzt werden nur noch die angeforderten scans gemacht.
otl logs posten bitte
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.04.2012, 21:41   #5
J_D133
 
Blackscreen mit Windows Sicherheitswarnung - Standard

Blackscreen mit Windows Sicherheitswarnung



OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.04.2012 21:05:40 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\J_D\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,76 Gb Available Physical Memory | 79,42% Memory free
11,98 Gb Paging File | 10,78 Gb Available in Paging File | 89,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,95 Gb Total Space | 144,83 Gb Free Space | 31,62% Space Free | Partition Type: NTFS
Drive D: | 458,46 Gb Total Space | 256,52 Gb Free Space | 55,95% Space Free | Partition Type: NTFS
 
Computer Name: MASCHINE | User Name: J_D | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.02 21:04:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\J_D\Desktop\OTL(1).exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.03.04 23:40:10 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.07.01 03:22:31 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.03 22:18:00 | 004,092,408 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.04.27 12:44:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Stopped] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.10.14 12:59:15 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.02.01 05:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.08.07 21:58:44 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.07.01 03:22:32 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.01 03:22:32 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.22 09:02:04 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.10.22 09:02:03 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.02.22 18:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010.02.22 18:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010.02.22 18:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.12.28 16:52:12 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.11.17 02:16:43 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009.07.14 18:46:48 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.22 05:05:58 | 000,273,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 18:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009.06.17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009.06.17 18:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009.06.17 18:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.02.03 18:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.02.05 13:13:22 | 000,272,768 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\etFilter64.sys -- (FiltUSBET)
DRV:64bit: - [2007.10.12 12:54:18 | 000,531,712 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\etDevice64.sys -- (DCamUSBET)
DRV:64bit: - [2007.09.07 16:24:00 | 000,009,216 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\etScan64.sys -- (ScanUSBET)
DRV - [2009.10.28 07:09:33 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173609102206p0345v1i5y4873027q
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173609102206p0345v1i5y4873027q
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173609102206p0345v1i5y4873027q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173609102206p0345v1i5y4873027q
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173609102206p0345v1i5y4873027q
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3EE69C97-6444-4B08-BB23-C8F72A129334}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - prefs.js..network.proxy.ftp: "proxy.hs-karlsruhe.de"
FF - prefs.js..network.proxy.ftp_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, .hs-karlsruhe.de"
FF - prefs.js..network.proxy.socks: "proxy.hs-karlsruhe.de"
FF - prefs.js..network.proxy.socks_port: 8888
FF - prefs.js..network.proxy.ssl: "proxy.hs-karlsruhe.de"
FF - prefs.js..network.proxy.ssl_port: 8888
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.01 18:00:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Firefox\components [2012.03.17 14:20:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Firefox\plugins [2012.02.14 14:56:19 | 000,000,000 | ---D | M]
 
[2010.09.17 19:42:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J_D\AppData\Roaming\mozilla\Extensions
[2012.04.02 21:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J_D\AppData\Roaming\mozilla\Firefox\Profiles\4g1vluvt.default\extensions
[2011.10.26 14:27:03 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\J_D\AppData\Roaming\mozilla\Firefox\Profiles\4g1vluvt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.02 21:02:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\J_D\AppData\Roaming\mozilla\Firefox\Profiles\4g1vluvt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.15 17:29:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\J_D\AppData\Roaming\mozilla\Firefox\Profiles\4g1vluvt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.09.19 19:28:12 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\J_D\AppData\Roaming\mozilla\Firefox\Profiles\4g1vluvt.default\extensions\firefox@tvunetworks.com
[2010.10.02 15:46:03 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\J_D\AppData\Roaming\mozilla\Firefox\Profiles\4g1vluvt.default\extensions\vshare@toolbar
[2012.03.27 00:19:27 | 000,001,056 | ---- | M] () -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\4g1vluvt.default\searchplugins\icqplugin.xml
[2012.03.17 14:20:45 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012.03.14 15:10:01 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
() (No name found) -- C:\USERS\J_D\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4G1VLUVT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\J_D\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4G1VLUVT.DEFAULT\EXTENSIONS\{D5EA4520-61A1-11DA-8CD6-0800200C9A66}.XPI
() (No name found) -- C:\USERS\J_D\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4G1VLUVT.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
() (No name found) -- C:\USERS\J_D\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4G1VLUVT.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
 
========== Chrome  ==========
 
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files (x86)\Firefox\plugins\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Firefox\plugins\npdeployJava1.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Firefox\plugins\npqtplugin7.dll
CHR - plugin: thriXXX WebLaunch (Enabled) = C:\Program Files (x86)\Firefox\plugins\npWebLaunch.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\J_D\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\J_D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [etMonitor] C:\Windows\etMon.exe (EMPIA Technology Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [3200 Scan2PC] C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [VoiceChum] C:\Program Files (x86)\VogueSystemsLLC\VoiceChum\VoiceChum.exe File not found
O4 - HKCU..\Run: [PokerStrategy.com SideKick] "C:\Users\J_D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com\PokerStrategy.com SideKick.appref-ms" File not found
O4 - HKCU..\Run: [SkypePM] C:\Users\J_D\AppData\Local\Skype\SkypePM.exe File not found
O4 - Startup: C:\Users\J_D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\J_D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\J_D\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\J_D\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\J_D\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\J_D\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{743053C8-1536-4B83-A8D9-30BA0A8F80C1}: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5dbc58af-db5a-11df-b48e-00016c71281b}\Shell - "" = AutoRun
O33 - MountPoints2\{5dbc58af-db5a-11df-b48e-00016c71281b}\Shell\AutoRun\command - "" = L:\Setup.exe
O33 - MountPoints2\{5dbc59e3-db5a-11df-b48e-00016c71281b}\Shell - "" = AutoRun
O33 - MountPoints2\{5dbc59e3-db5a-11df-b48e-00016c71281b}\Shell\AutoRun\command - "" = M:\autorun.exe
O33 - MountPoints2\{5dbc5ae6-db5a-11df-b48e-00016c71281b}\Shell - "" = AutoRun
O33 - MountPoints2\{5dbc5ae6-db5a-11df-b48e-00016c71281b}\Shell\AutoRun\command - "" = N:\Installer.exe
O33 - MountPoints2\{8f87e150-c38d-11df-98f8-00016c71281b}\Shell - "" = AutoRun
O33 - MountPoints2\{8f87e150-c38d-11df-98f8-00016c71281b}\Shell\AutoRun\command - "" = K:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe - ()
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: EA Core - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Global Registration - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: Packard Bell Photo Frame - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.02 21:04:32 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\J_D\Desktop\OTL(1).exe
[2012.03.28 11:54:45 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.03.27 19:11:26 | 000,000,000 | ---D | C] -- C:\Users\J_D\AppData\Roaming\Roaming
[2012.03.21 15:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerTracker 3
[2012.03.21 15:41:59 | 000,000,000 | ---D | C] -- C:\Users\J_D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 3
[2012.03.21 15:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerTracker 3
[2012.03.19 16:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2012.03.19 16:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2012.03.19 16:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2012.03.15 21:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2012.03.15 21:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2012.03.15 17:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.15 17:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.15 17:42:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.03.15 17:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.15 17:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.15 17:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.03.14 15:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.03.14 15:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2012.03.14 15:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.03.13 18:13:35 | 000,000,000 | ---D | C] -- C:\Users\J_D\Documents\Rockstar Games
[2012.03.13 17:36:43 | 000,000,000 | ---D | C] -- C:\Users\J_D\AppData\Local\Rockstar Games
[2012.03.13 17:26:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012.03.13 17:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2012.03.13 17:24:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012.03.13 17:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012.03.12 20:51:51 | 000,000,000 | ---D | C] -- C:\Users\J_D\AppData\Roaming\Telefónica
[2012.03.12 20:51:38 | 000,223,744 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zteusbnet.sys
[2012.03.12 20:51:38 | 000,121,344 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys
[2012.03.12 20:51:38 | 000,121,344 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmeaext2.sys
[2012.03.12 20:51:38 | 000,121,344 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys
[2012.03.12 20:51:38 | 000,121,344 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys
[2012.03.12 20:51:38 | 000,018,432 | ---- | C] (ZTE) -- C:\Windows\SysNative\drivers\ZTEusbccid.sys
[2012.03.12 20:51:38 | 000,012,800 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\massfilter_hs.sys
[2012.03.12 20:51:38 | 000,012,800 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys
[2012.03.12 20:51:37 | 000,000,000 | ---D | C] -- C:\Windows\massfilter
[2012.03.12 20:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\o2
[2012.03.12 20:51:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\o2
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.02 21:04:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\J_D\Desktop\OTL(1).exe
[2012.04.02 21:02:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.02 21:02:12 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.02 21:00:39 | 000,000,292 | -HS- | M] () -- C:\Windows\tasks\rucwbiwhi.job
[2012.04.02 20:55:20 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.02 20:55:20 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.02 18:50:09 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.02 18:50:09 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.02 18:50:09 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.02 18:50:09 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.02 18:50:09 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.28 15:35:33 | 000,000,341 | ---- | M] () -- C:\Users\J_D\Desktop\partition.cs
[2012.03.27 19:04:47 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\HoldemManager2.lnk
[2012.03.22 18:56:31 | 000,124,237 | ---- | M] () -- C:\Users\J_D\Desktop\PLO25 zoom.jpg
[2012.03.21 15:42:08 | 000,004,877 | ---- | M] () -- C:\ProgramData\bltofzsb.qlf
[2012.03.21 15:42:00 | 000,001,081 | ---- | M] () -- C:\Users\J_D\Desktop\PokerTracker 3.lnk
[2012.03.21 15:35:40 | 000,003,019 | ---- | M] () -- C:\Users\J_D\Desktop\TableNinja.lnk
[2012.03.19 16:34:43 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2012.03.19 16:34:43 | 000,000,666 | ---- | M] () -- C:\Users\J_D\Desktop\HsKA.pcf
[2012.03.19 16:26:20 | 000,005,541 | ---- | M] () -- C:\Users\J_D\Desktop\tan-liste HSKA.pdf
[2012.03.18 18:42:39 | 000,064,687 | ---- | M] () -- C:\Users\J_D\Desktop\uuuppsidaysiiee.jpg
[2012.03.18 15:38:13 | 000,091,395 | ---- | M] () -- C:\Users\J_D\Desktop\Schedule 18.3.12.jpg
[2012.03.18 15:28:45 | 000,067,612 | ---- | M] () -- C:\Users\J_D\Desktop\thisyear.jpg
[2012.03.18 15:26:16 | 000,054,797 | ---- | M] () -- C:\Users\J_D\Desktop\limitsmixedlol.jpg
[2012.03.18 15:18:38 | 000,077,852 | ---- | M] () -- C:\Users\J_D\Desktop\plo.jpg
[2012.03.15 23:11:18 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.15 17:42:24 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.15 04:20:10 | 000,463,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.14 15:43:48 | 000,000,878 | ---- | M] () -- C:\Users\J_D\AppData\Roaming\MPQEditor.ini
[2012.03.14 15:36:04 | 000,001,091 | ---- | M] () -- C:\Users\J_D\Dokumente - Verknüpfung.lnk
[2012.03.13 16:21:01 | 000,003,303 | ---- | M] () -- C:\Users\J_D\Desktop\Download.jpg
[2012.03.13 08:52:02 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Connection Manager.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.28 15:35:33 | 000,000,341 | ---- | C] () -- C:\Users\J_D\Desktop\partition.cs
[2012.03.27 19:04:47 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\HoldemManager2.lnk
[2012.03.22 18:56:31 | 000,124,237 | ---- | C] () -- C:\Users\J_D\Desktop\PLO25 zoom.jpg
[2012.03.21 15:42:08 | 000,004,877 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2012.03.21 15:42:00 | 000,001,081 | ---- | C] () -- C:\Users\J_D\Desktop\PokerTracker 3.lnk
[2012.03.19 16:34:42 | 000,000,666 | ---- | C] () -- C:\Users\J_D\Desktop\HsKA.pcf
[2012.03.19 16:33:58 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2012.03.19 16:26:20 | 000,005,541 | ---- | C] () -- C:\Users\J_D\Desktop\tan-liste HSKA.pdf
[2012.03.18 18:42:38 | 000,064,687 | ---- | C] () -- C:\Users\J_D\Desktop\uuuppsidaysiiee.jpg
[2012.03.18 16:58:07 | 000,003,019 | ---- | C] () -- C:\Users\J_D\Desktop\TableNinja.lnk
[2012.03.18 15:38:13 | 000,091,395 | ---- | C] () -- C:\Users\J_D\Desktop\Schedule 18.3.12.jpg
[2012.03.18 15:28:44 | 000,067,612 | ---- | C] () -- C:\Users\J_D\Desktop\thisyear.jpg
[2012.03.18 15:26:15 | 000,054,797 | ---- | C] () -- C:\Users\J_D\Desktop\limitsmixedlol.jpg
[2012.03.18 15:18:38 | 000,077,852 | ---- | C] () -- C:\Users\J_D\Desktop\plo.jpg
[2012.03.15 23:11:18 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.15 17:42:24 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.14 15:38:31 | 000,000,878 | ---- | C] () -- C:\Users\J_D\AppData\Roaming\MPQEditor.ini
[2012.03.14 15:36:04 | 000,001,091 | ---- | C] () -- C:\Users\J_D\Dokumente - Verknüpfung.lnk
[2012.03.13 16:21:01 | 000,003,303 | ---- | C] () -- C:\Users\J_D\Desktop\Download.jpg
[2012.03.12 20:51:51 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Connection Manager.lnk
[2011.12.27 13:38:04 | 000,053,248 | ---- | C] () -- C:\Windows\etRunDLL.dll
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.07.04 17:07:04 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011.04.08 13:32:12 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.03.28 15:55:32 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.03.28 15:55:16 | 000,116,016 | ---- | C] () -- C:\Windows\Wiainst.exe
[2011.02.15 00:22:38 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.02.14 16:16:24 | 000,000,045 | ---- | C] () -- C:\Users\J_D\AppData\Local\machpro.dat
[2011.02.06 14:07:59 | 000,189,960 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.02.05 15:25:13 | 000,000,381 | ---- | C] () -- C:\Users\J_D\AppData\Local\postgresinstall.bat
[2011.02.05 15:21:07 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.02 01:01:30 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.19 20:03:59 | 000,087,108 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.10.14 12:59:08 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.10.05 13:13:27 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.09.21 18:16:53 | 000,000,554 | ---- | C] () -- C:\Windows\eReg.dat
[2010.09.18 16:43:01 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.09.18 16:43:01 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.17 19:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
 
========== LOP Check ==========
 
[2010.09.17 19:10:54 | 000,000,000 | -HSD | M] -- C:\Users\J_D\AppData\Roaming\.#
[2011.10.11 02:46:12 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\.minecraft
[2012.02.24 00:29:48 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\calibre
[2012.01.30 17:56:59 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\COW
[2010.10.21 20:42:20 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\DAEMON Tools Lite
[2010.09.18 16:02:08 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\DAEMON Tools Pro
[2011.12.04 15:00:24 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Day 1 Studios
[2012.04.02 20:48:36 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Dropbox
[2011.12.31 15:45:00 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\DVDVideoSoft
[2011.10.26 14:27:02 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.05 13:04:12 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Gutscheinmieze
[2011.05.19 16:35:11 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\HEM Data
[2012.03.31 03:17:18 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\HoldemManager
[2012.03.05 11:17:00 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\ICQ
[2010.10.24 10:15:53 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Kalypso Media
[2010.12.29 22:56:07 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Leadertech
[2011.01.06 23:46:47 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\LolClient
[2010.09.17 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\MAGIX
[2012.01.06 20:09:45 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Microgaming
[2010.09.30 16:45:59 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Miranda
[2011.05.18 00:15:39 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\MySQL
[2011.12.16 16:06:18 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\PacificPoker
[2011.09.15 17:33:38 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\pdfforge
[2010.10.24 10:14:20 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\ProtectDISC
[2012.03.27 19:11:26 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Roaming
[2011.09.28 14:04:03 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\SplitMediaLabs
[2011.03.01 02:05:12 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\TeamViewer
[2012.03.12 20:51:51 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Telefónica
[2010.11.24 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\thriXXX
[2012.02.06 13:08:25 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\TS3Client
[2011.11.10 23:34:03 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Ubisoft
[2012.04.02 21:00:39 | 000,000,292 | -HS- | M] () -- C:\Windows\Tasks\rucwbiwhi.job
[2012.02.21 04:19:34 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.03.15 19:17:39 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.09.17 18:58:43 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.07.10 15:35:03 | 000,000,000 | -HSD | M] -- C:\found.000
[2012.03.13 16:43:18 | 000,000,000 | ---D | M] -- C:\Games
[2011.11.16 12:39:53 | 000,000,000 | ---D | M] -- C:\Games)
[2012.03.27 19:06:00 | 000,000,000 | ---D | M] -- C:\HM2Archive
[2012.01.01 20:36:58 | 000,000,000 | ---D | M] -- C:\HMArchive
[2009.09.03 16:05:43 | 000,000,000 | ---D | M] -- C:\Intel
[2012.01.06 19:58:30 | 000,000,000 | ---D | M] -- C:\Microgaming
[2009.09.04 03:46:19 | 000,000,000 | R--D | M] -- C:\MSOCache
[2011.12.03 15:30:45 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2010.09.17 19:24:15 | 000,000,000 | ---D | M] -- C:\OEM
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.10 14:57:44 | 000,000,000 | ---D | M] -- C:\Poker
[2012.03.28 15:39:42 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.21 15:41:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.03.23 14:43:35 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.09.17 18:58:43 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.06.20 11:49:15 | 000,000,000 | ---D | M] -- C:\Programs (x86)
[2010.09.17 18:58:43 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.31 07:57:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.15 19:17:34 | 000,000,000 | R--D | M] -- C:\Users
[2010.12.19 20:07:07 | 000,000,000 | ---D | M] -- C:\WC3 US Converter
[2010.12.19 20:09:42 | 000,000,000 | ---D | M] -- C:\WC3 US Converter isntalled
[2010.12.19 20:08:16 | 000,000,000 | ---D | M] -- C:\WC3 US Fix 1
[2010.12.19 20:08:33 | 000,000,000 | ---D | M] -- C:\WC3 US Fix 2
[2012.04.02 21:02:14 | 000,000,000 | ---D | M] -- C:\Windows
[2011.05.18 00:12:32 | 000,000,000 | ---D | M] -- C:\xampp
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011.08.18 17:26:56 | 000,341,331 | ---- | M] () -- C:\Users\J_D\18.jpg
[2012.03.14 15:36:04 | 000,001,091 | ---- | M] () -- C:\Users\J_D\Dokumente - Verknüpfung.lnk
[2012.04.02 21:17:34 | 004,456,448 | -HS- | M] () -- C:\Users\J_D\NTUSER.DAT
[2012.04.02 21:17:34 | 000,262,144 | -HS- | M] () -- C:\Users\J_D\ntuser.dat.LOG1
[2010.09.17 18:58:59 | 000,000,000 | -HS- | M] () -- C:\Users\J_D\ntuser.dat.LOG2
[2010.09.17 19:24:21 | 000,065,536 | -HS- | M] () -- C:\Users\J_D\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.09.17 19:24:21 | 000,524,288 | -HS- | M] () -- C:\Users\J_D\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.09.17 19:24:21 | 000,524,288 | -HS- | M] () -- C:\Users\J_D\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.09.17 18:58:59 | 000,000,020 | -HS- | M] () -- C:\Users\J_D\ntuser.ini
[2012.03.15 21:57:14 | 000,016,384 | -HS- | M] () -- C:\Users\J_D\Thumbs.db
[2011.04.23 22:58:30 | 000,002,170 | ---- | M] () -- C:\Users\J_D\URPreferences.xml
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E1F04E8D

< End of report >
         
--- --- ---

[/CODE]

eine Extra.txt gabs bei mir nicht. Ich habe alles durchsucht aber nichts gefunden


Alt 03.04.2012, 13:24   #6
markusg
/// Malware-holic
 
Blackscreen mit Windows Sicherheitswarnung - Standard

Blackscreen mit Windows Sicherheitswarnung



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Blackscreen mit Windows Sicherheitswarnung

Alt 03.04.2012, 14:08   #7
J_D133
 
Blackscreen mit Windows Sicherheitswarnung - Standard

Blackscreen mit Windows Sicherheitswarnung



Code:
ATTFilter
ComboFix 12-04-02.01 - J_D 03.04.2012  13:49:36.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6135.3404 [GMT 2:00]
ausgeführt von:: c:\users\J_D\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\packardbell.ico
c:\users\J_D\18.jpg
c:\users\J_D\4.0
c:\users\J_D\AppData\Local\Skype\SkypePM.exe
c:\users\J_D\AppData\Roaming\.#
c:\users\J_D\AppData\Roaming\.#\MBX@BE4@3A2790.###
c:\users\J_D\AppData\Roaming\.#\MBX@BE4@3A27C0.###
c:\users\J_D\AppData\Roaming\mIRC\logs\status.log
c:\users\J_D\AppData\Roaming\Roaming
c:\users\J_D\AppData\Roaming\Roaming\HoldemManager\config\FTPRushTables.xml
c:\windows\SysWow64\swt-win32-3232.dll
c:\windows\SysWow64\tmp1492.tmp
c:\windows\SysWow64\tmp14B2.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-03 bis 2012-04-03  ))))))))))))))))))))))))))))))
.
.
2012-03-21 13:41 . 2012-03-26 11:55	--------	d-----w-	c:\program files (x86)\PokerTracker 3
2012-03-19 14:34 . 2012-03-19 14:34	--------	d-----w-	c:\program files\Common Files\Deterministic Networks
2012-03-19 14:34 . 2012-03-19 14:34	--------	d-----w-	c:\program files (x86)\Cisco Systems
2012-03-15 19:56 . 2012-03-15 19:56	--------	d-----w-	c:\program files (x86)\Safer Networking
2012-03-15 17:17 . 2012-03-15 17:17	--------	d-----w-	c:\users\hallo
2012-03-15 15:42 . 2012-03-15 15:42	--------	d-----w-	c:\program files\iTunes
2012-03-15 15:42 . 2012-03-15 15:42	--------	d-----w-	c:\program files (x86)\iTunes
2012-03-15 15:42 . 2012-03-15 15:42	--------	d-----w-	c:\program files\iPod
2012-03-15 15:33 . 2012-03-15 15:33	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-03-15 02:02 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-15 02:02 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 02:02 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 13:09 . 2012-03-14 13:09	--------	d-----w-	c:\program files (x86)\pdfforge Toolbar
2012-03-14 13:09 . 2012-03-14 13:09	--------	d-----w-	c:\program files (x86)\Common Files\Spigot
2012-03-14 13:09 . 2012-03-14 13:09	--------	d-----w-	c:\program files (x86)\Application Updater
2012-03-14 09:30 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 09:30 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 09:30 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-14 09:30 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 09:30 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:30 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:29 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 09:29 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:29 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:29 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-13 15:36 . 2012-03-13 15:36	--------	d-----w-	c:\users\J_D\AppData\Local\Rockstar Games
2012-03-13 15:26 . 2012-03-13 15:26	--------	d-sh--w-	c:\programdata\SecuROM
2012-03-13 15:24 . 2012-03-13 15:24	--------	d-----w-	c:\windows\SysWow64\xlive
2012-03-13 15:24 . 2012-03-13 15:24	--------	d-----w-	c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-03-12 18:51 . 2012-03-12 18:51	--------	d-----w-	c:\users\J_D\AppData\Roaming\Telefónica
2012-03-12 18:51 . 2010-02-22 17:25	18432	----a-w-	c:\windows\system32\drivers\ZTEusbccid.sys
2012-03-12 18:51 . 2010-02-22 16:41	121344	----a-w-	c:\windows\system32\drivers\ZTEusbser6k.sys
2012-03-12 18:51 . 2010-02-22 16:41	121344	----a-w-	c:\windows\system32\drivers\ZTEusbnmeaext2.sys
2012-03-12 18:51 . 2010-02-22 16:41	121344	----a-w-	c:\windows\system32\drivers\ZTEusbnmea.sys
2012-03-12 18:51 . 2010-02-22 16:41	121344	----a-w-	c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-03-12 18:51 . 2010-02-10 16:50	223744	----a-w-	c:\windows\system32\drivers\zteusbnet.sys
2012-03-12 18:51 . 2009-12-28 14:52	12800	----a-w-	c:\windows\system32\drivers\massfilter.sys
2012-03-12 18:51 . 2009-02-03 16:00	12800	----a-w-	c:\windows\system32\drivers\massfilter_hs.sys
2012-03-12 18:51 . 2012-03-12 18:51	--------	d-----w-	c:\windows\massfilter
2012-03-12 18:51 . 2012-03-12 18:51	--------	d-----w-	c:\program files (x86)\o2
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 14:52 . 2012-03-02 14:52	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2012-02-29 19:48 . 2011-08-09 09:35	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-30 10:59 . 2012-01-30 10:59	637848	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-01-30 10:59 . 2010-10-21 16:03	567184	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\J_D\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\J_D\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\J_D\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\J_D\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-04 618496]
"3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2010-05-18 1989120]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-03-04 934752]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\J_D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\J_D\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Control Center.lnk - c:\program files (x86)\VAD\Laplace Webcam\Tools\SystemTray.exe [2011-12-27 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 dump_wmimmc;dump_wmimmc;c:\games\Dragonica\Release\GameGuard\dump_wmimmc.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-03-04 748440]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-11-17 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-11-11 199600]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 DCamUSBET;VAD Laplace Webcam;c:\windows\system32\DRIVERS\etDevice64.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\J_D\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\J_D\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\J_D\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\J_D\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504]
"etMonitor"="c:\windows\etMon.exe" [2007-04-04 88576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173609102206p0345v1i5y4873027q
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\J_D\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.11.1
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\4g1vluvt.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-SkypePM - c:\users\J_D\AppData\Local\Skype\SkypePM.exe
Wow6432Node-HKLM-Run-VoiceChum - c:\program files (x86)\VogueSystemsLLC\VoiceChum\VoiceChum.exe
Notify-LBTWlgn - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2812613609-941386688-3819402148-1001\Software\SecuROM\License information*]
"datasecu"=hex:ed,86,27,03,54,6f,59,0e,6c,20,68,b3,3a,b3,36,93,1c,cf,2b,db,df,
   20,fd,b2,67,de,2f,7c,31,0e,66,29,0e,23,07,ff,f0,9f,15,74,9a,1f,c4,a8,2e,d7,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-03  14:05:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-03 12:05
.
Vor Suchlauf: 23 Verzeichnis(se), 155.112.697.856 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 157.960.335.360 Bytes frei
.
- - End Of File - - 3CE05B9112B31ECBC6907CBCB5A77133
         

Alt 03.04.2012, 20:26   #8
markusg
/// Malware-holic
 
Blackscreen mit Windows Sicherheitswarnung - Standard

Blackscreen mit Windows Sicherheitswarnung



lade den CCleaner standard:
CCleaner Download - CCleaner 3.17.1689
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.04.2012, 21:19   #9
J_D133
 
Blackscreen mit Windows Sicherheitswarnung - Standard

Blackscreen mit Windows Sicherheitswarnung



Code:
ATTFilter
888poker		15.12.2011															notwendig
Active@ ISO Burner	LSoft Technologies	06.08.2011												unbekannt
Adobe AIR	Adobe Systems Inc.	16.09.2010		2.0.3.13070										notwendig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	15.02.2012	6,00MB	11.1.102.62							notwendig
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	28.02.2012	6,00MB	11.1.102.62						notwendig
Adobe Reader 9.5.0 MUI	Adobe Systems Incorporated	21.01.2012	686MB	9.5.0 									notwendig
Adobe Shockwave Player	Adobe Systems, Inc.	24.09.2010		10.2.0.22									notwendig
Allods Online 2.0.06.42	gPotato	13.11.2011		2.0.06.42											unnötig
ANNO 1404	Ubisoft	28.05.2011		1.02.0000												notwendig
ANNO 1404 - Venedig	Ubisoft	28.05.2011		2.0.5008.0											notwendig
ANNO 2070 DEMO	Ubisoft	09.11.2011		1.0.0.0													unnötig
Apple Application Support	Apple Inc.	14.03.2012	61,0MB	2.1.7										unbekannt
Apple Mobile Device Support	Apple Inc.	14.03.2012	24,5MB	5.1.1.4										unbekannt
Apple Software Update	Apple Inc.	13.02.2012	2,38MB	2.1.3.127										unbekannt
Assassin's Creed II	Ubisoft	28.10.2010		1.01												unnötig
Avira AntiVir Personal - Free Antivirus	Avira GmbH	12.02.2012	61,8MB	10.2.0.707								notwendig
Battlefield: Bad Company™ 2	Electronic Arts	17.09.2010	5.869MB	1.0.0.0										unnötig
BDFL Manager 2005 Pro Edition	Codemasters	18.09.2010		1.00.0000									unnötig
Bonjour	Apple Inc.	13.02.2012	2,04MB	3.0.0.10												unbekannt
calibre	Kovid Goyal	22.02.2012	123,2MB	0.8.40													notwendig
CamStudio OSS Desktop Recorder	CamStudio Open Source Dev Team	30.12.2011	15,1MB	2.6 Beta r273							unnötig
Catan Online Welt	Catan GmbH	29.01.2012		3.909											unnötig
CCleaner	Piriform	02.04.2012		3.17												....
Cisco Systems VPN Client 5.0.07.0440		18.03.2012	10,6MB											notwendig
Commandos 3 - Destination Berlin		24.09.2010												unnötig
Compatibility Pack für 2007 Office System	Microsoft Corporation	20.02.2012	147,0MB	12.0.6612.1000						notwendig
Convert AVI to MP4 1.3	convertavitomp3.com	30.12.2011												unnötig
Counter-Strike	Valve	23.10.2010															unnötig
Die Siedler - Aufbruch der Kulturen		23.09.2010												unnötig
Die Siedler 7	Ubisoft	26.10.2010		1.02.1221												unnötig
Die Sims™ 3	Electronic Arts	17.02.2012		1.29.55												notwendig
DivX-Setup	DivX, LLC	31.12.2011		2.5.0.11											unbekannt
Dragonica(DE)	GALA Networks Europe Limited.	09.08.2011		9.5.8.0										unnötig
Dropbox	Dropbox, Inc.	28.02.2012		1.2.52													notwendig
DVD Shrink 3.2 deutsch (DeCSS-frei)	DVD Shrink	04.10.2010											unnötig
DYNASTY WARRIORS 6	Koei	23.11.2010	4.866MB	1.00.0000											unnötig
EA Download Manager	Electronic Arts, Inc.	16.09.2010		6.0.4.124									unnötig
EA Download Manager UI	Electronic Arts	16.09.2010		6.0.4.124										unnötig
EA SPORTS online 2008		24.09.2010														unnötig
ePub to PDF Converter 2.0.3	DONGSOFT Company, Inc.	17.02.2012											unnötig
Free Screen Video Recorder version 2.5.19.1117	DVDVideoSoft Ltd.	30.12.2011	37,9MB								unnötig
Free YouTube to MP3 Converter version 3.10.11.923	DVDVideoSoft Ltd.	25.10.2011	42,4MB							unnötig
Full Tilt Poker		15.04.2011		4.39.7.WIN.FullTilt.COM											unnötig
FUSSBALL MANAGER 11	Electronic Arts	09.11.2010													unnötig
Garena 2010	Garena Online Pte Ltd.	21.12.2010		2010											unnötig
Grand Theft Auto: Episodes From Liberty City	Rockstar Games	12.03.2012		1.1.0.0								unnötig
GUILD WARS		10.11.2011															unnötig
Holdem Manager		06.12.2011															NOTWENDIG
Holdem Manager 2		05.12.2011														NOTWENDIG
ICM Trainer	PokerStrategy	06.12.2011	46,4MB	1.0.0												notwendig
ICM Trainer Light	PokerStrategy	11.02.2011	18,7MB	1.1											notwendig
ICQ Toolbar	ICQ	27.07.2011		3.0.0													unnötig	
ICQ7.5	ICQ	27.07.2011		7.5														unnötig
iTunes	Apple Inc.	14.03.2012	158,9MB	10.6.0.40												notwendig
Java(TM) 6 Update 21 (64-bit)	Oracle	16.09.2010	90,5MB	6.0.210											notwendig
Java(TM) 6 Update 26	Sun Microsystems, Inc.	20.10.2010	94,5MB	6.0.260										notwendig
Java(TM) 7 Update 2	Oracle	29.01.2012	99,1MB	7.0.20												notwendig
JDownloader	AppWork UG (haftungsbeschränkt)	20.10.2010												notwendig
join.me	LogMeIn, Inc.	13.03.2012		1.3.1.426												notwendig
League of Legends	Riot Games	31.03.2011		1.02.0000										unnötig
Livestream Procaster	Procaster	25.05.2011	51,4MB	20.0.151										unnötig
Logitech SetPoint	Logitech	28.12.2010	17,00KB	4.80											unnötig
LogMeIn Hamachi	LogMeIn, Inc.	28.02.2012		2.1.0.166											unnötig
LOLReplay	www.leaguereplays.com	26.11.2011		0.7.3.4											unnötig
Madden NFL 08	Electronic Arts	24.09.2010														notwendig
Malwarebytes Anti-Malware Version 1.60.1.1000	Malwarebytes Corporation	14.03.2012	17,4MB	1.60.1.1000					notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	23.11.2010	38,8MB	4.0.30319						notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	23.11.2010	2,94MB	4.0.30319				notwendig
Microsoft .NET Framework 4 Extended	Microsoft Corporation	04.02.2011	52,0MB	4.0.30319							notwendig
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	04.02.2011	10,7MB	4.0.30319					notwendig
Microsoft Games for Windows - LIVE	Microsoft Corporation	12.03.2012	8,31MB	3.1.186.0							unbekannt
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	12.03.2012	32,3MB	3.1.99.0					unbekannt
Microsoft Office File Validation Add-In	Microsoft Corporation	14.09.2011	7,95MB	14.0.5130.5003							notwendig
Microsoft Office Home and Student 2007	Microsoft Corporation	20.02.2012		12.0.6612.1000							notwendig
Microsoft Office Language Pack 2007 - German/Deutsch	Microsoft Corporation	20.02.2012		12.0.6612.1000					notwendig
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	20.02.2012	62,8MB	12.0.6612.1000					notwendig
Microsoft Office Suite Activation Assistant	Microsoft Corporation	02.09.2009	8,37MB	2.9							notwendig
Microsoft Silverlight	Microsoft Corporation	15.02.2012	166,3MB	4.1.10111.0									unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	30.12.2010	0,25MB	8.0.50727.4053			unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	19.06.2011	0,29MB	8.0.56336						unbekannt
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	28.12.2010	0,68MB	8.0.61000						unbekannt
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175	Microsoft Corporation	27.05.2011	0,57MB	8.0.51011				unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	03.10.2010	0,21MB	9.0.30729.4148			unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	27.05.2011	0,77MB	9.0.30729.5570		unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	27.05.2011	0,58MB	9.0.30729.5570		unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	01.10.2010	0,77MB	9.0.30729				unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	19.06.2011	0,77MB	9.0.30729.6161				unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	21.10.2010	2,87MB	9.0.21022				unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	21.10.2010	0,23MB	9.0.30729				unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	16.09.2010	0,58MB	9.0.30729.4148				unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	19.06.2011	0,59MB	9.0.30729.6161				unbekannt
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	26.03.2012	13,7MB	10.0.30319				unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	16.11.2011	15,0MB	10.0.40219				unbekannt
Microsoft Works	Microsoft Corporation	15.12.2010	876MB	9.7.0621										unbekannt
Microsoft WSE 3.0 Runtime	Microsoft Corp.	16.09.2010	0,92MB	3.0.5305.0									unbekannt
Miranda IM 0.9.4		29.09.2010														unnötig
Mobile Connection Manager	Mobile Connection Manager	11.03.2012										unbekannt
MobileMe Control Panel	Apple Inc.	05.02.2011	12,0MB	3.1.5.0											unbekannt
Mozilla Firefox 11.0 (x86 de)	Mozilla	16.03.2012	40,6MB	11.0											notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	18.09.2010	1,28MB	4.20.9870.0								unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	18.09.2010	1,33MB	4.20.9876.0								unbekannt
MySQL Workbench 5.2 CE	Oracle Corporation	17.05.2011	64,1MB	5.2.33										notwendig
Need for Speed™ ProStreet	Electronic Arts	23.09.2010	8.025MB	1.0.1.0										unnötig
Nero Move it Essentials	Nero AG	21.12.2010														unnötig
NVIDIA 3D Vision Controller-Treiber 285.62	NVIDIA Corporation	02.12.2011		285.62							notwendig
NVIDIA 3D Vision Treiber 285.62	NVIDIA Corporation	02.12.2011		285.62									notwendig
NVIDIA Display Control Panel	NVIDIA Corporation	19.02.2011		6.14.12.5896								notwendig
NVIDIA Drivers	NVIDIA Corporation	02.12.2011	65,1MB	1.4											notwendig
NVIDIA Grafiktreiber 285.62	NVIDIA Corporation	02.12.2011		285.62									notwendig
NVIDIA HD-Audiotreiber 1.2.24.0	NVIDIA Corporation	02.12.2011		1.2.24.0								notwendig
NVIDIA PhysX-Systemsoftware 9.11.0621	NVIDIA Corporation	02.12.2011		9.11.0621							notwendig
NVIDIA Update 1.5.20	NVIDIA Corporation	02.12.2011		1.5.20										notwendig
Octoshape add-in for Adobe Flash Player		17.12.2010												unbekannt
OpenAL		24.09.2010																unbekannt
Packard Bell Recovery Management	Packard Bell	02.09.2009		4.05.3003								unbekannt
Packard Bell Updater	Packard Bell	02.09.2009		1.01.3014										unbekannt
Pando Media Booster	Pando Networks Inc.	05.01.2011	5,47MB	2.3.5.2										unbekannt
PartyPoker	PartyGaming	19.06.2011														notwendig
Patrizier 4	Kalypso Media	23.10.2010	2.738MB	1.0.0												unnötig
PDFCreator	Frank Heindörfer, Philip Chinery	14.09.2011		1.2.3									notwendig
pdfforge Toolbar v5.1	Spigot, Inc.	13.03.2012	10,9MB	5.1											unbekannt
PokerStars	PokerStars	06.09.2011														notwendig
PokerStars.net	PokerStars.net	06.01.2011														notwendig
PokerStrategy.com Elephant	PokerStrategy.com	04.02.2011	86,1MB	0.90.30913.03								unnötig
PokerStrategy.com Equilab - Omaha	PokerStrategy.com	09.01.2012	15,7MB	1.1.0.0								notwendig
PokerStrategy.com Equilator	PokerStrategy.com	06.02.2011	38,2MB	1.8.1.0									notwendig
PokerStrategy.com SideKick	PokerStrategy.com	27.03.2012		1.0.50319.2								unnötig
PokerTracker 3 (remove only)		20.03.2012													unnötig
PostgreSQL 8.3	PostgreSQL Global Development Group	04.02.2011	52,7MB	8.3									notwendig
Pro Evolution Soccer 2010	KONAMI	17.09.2010	7.486MB	1.00.0000										unnötig
ProtectDisc Driver, Version 11	ProtectDisc Software GmbH	21.10.2010		11.0.0.14							unbekannt
PunkBuster Services	Even Balance, Inc.	17.09.2010		0.988										unbekannt
QuickTime	Apple Inc.	13.02.2012	73,3MB	7.71.80.42											notwendig
Rage		03.12.2011																notwendig		
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	02.09.2010		6.0.1.5859						notwendig
RunAlyzer	Safer Networking Limited	14.03.2012		1.6.1.24									unbekannt
Saboteur™	Electronic Arts	01.10.2010	6.019MB	1.0.0.0												unnötig
Samsung SCX-3200 Series	Samsung Electronics Co., Ltd.	27.03.2011											unbekannt
Scan Assistant	Samsung Electronics Co., Ltd.	27.03.2011		1.01.014									unbekannt
SimCity 4 Rush Hour		01.10.2010														unnötig
Skype Click to Call	Skype Technologies S.A.	14.03.2012	20,2MB	5.9.9216									unbekannt
Skype™ 5.8	Skype Technologies S.A.	14.03.2012	19,0MB	5.8.158											notwendig
Spybot - Search & Destroy	Safer Networking Limited	09.07.2011		1.6.2								notwendig
Star Wars: The Old Republic	Electronic Arts, Inc.	21.11.2011	13,2MB	1.00									unnötig
Steam	Valve Corporation	21.10.2010	42,3MB	1.0.0.0												notwendig
TableNinja	ALXSoftware	20.03.2012	1,90MB	1.2.119												notwendig
TableNinjaFT	ALXSoftware	10.05.2011	1,40MB	1.1.34												unnötig
TableNinjaPP	ALXSoftware	20.01.2012	1,37MB	1.0.5												unnötig
TableScan Turbo RC4 build 8	Zandry, LLC	31.12.2011	5,83MB											unnötig
TeamSpeak 3 Client	TeamSpeak Systems GmbH	26.03.2011												notwendig
TeamViewer 6	TeamViewer GmbH	27.02.2011		6.0.10194											unnötig
TeamViewer 7	TeamViewer	09.01.2012		7.0.12313											notwendig
thriXXX 3DSexVilla2-058.002		23.11.2010													unnötig
thriXXX WebLaunch	thriXXX	23.11.2010		1.0												unnötig
Tiger Woods PGA TOUR 08	Electronic Arts	24.09.2010													unnötig
TVUPlayer 2.5.3.1	TVU networks	18.09.2010		2.5.3.1											unnötig
Ubisoft Game Launcher	UBISOFT	21.10.2010		1.0.0.0												unnötig
UltraISO Premium V9.36		07.08.2011														unnötig
Universal Replayer	Universal Replayer	20.04.2011												unnötig
VAD Laplace Webcam	EETI	26.12.2011		1.00												notwendig
Veetle TV 0.9.18	Veetle, Inc	06.11.2010		0.9.18											unnötig
Ventrilo Client for Windows x64	Flagship Industries, Inc.	03.07.2011	6,67MB	3.0.8.0								unnötig
VLC media player 1.1.4	VideoLAN	16.09.2010		1.1.4											notwendig
VoiceChum		01.01.2011															unbekannt
Warcraft III		18.12.2010															notwendig
Warcraft III: All Products		18.12.2010													notwendig
Warkeys 1.18.1.0b		01.01.2011		1.18.1.0b											unnötig
WBFS Manager 2.5	WBFS	29.09.2010	1,72MB	2.5												unbekannt
Wer wird Millionär	Eidos Interactive	25.11.2010	402MB	1.0.0.0000									unnötig
Windows Live Essentials	Microsoft Corporation	16.09.2010		14.0.8064.0206									unbekannt
WinRAR		17.09.2010																notwendig
XAMPP 1.7.4		17.05.2011															ntowendig
Xfire (remove only)		24.05.2011														unnötig
ZTE USB Driver	ZTE Corporation	11.03.2012		1.0.1.25_TME											unbekannt
         

Alt 04.04.2012, 14:15   #10
markusg
/// Malware-holic
 
Blackscreen mit Windows Sicherheitswarnung - Standard

Blackscreen mit Windows Sicherheitswarnung



deinstaliere:
Active@ ISO
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Allods
ANNO 2070
Assassin's
Battlefield:
BDFL
CamStudio
Catan
Commandos
Convert
Counter-Strike
Die Siedler : beide
DivX
Dragonica
DVD Shrink
DYNASTY
EA : alle
ePub
Free Screen
Free YouTube
Full Tilt
FUSSBALL
Garena
Grand Theft
GUILD
ICQ : beide
Java: alle
Download der kostenlosen Java-Software
downloade java jre, instalieren.

deinstaliere:
League
Livestream
LogMeIn
Logitech
LOLReplay
Microsoft Games : beide
Microsoft Silverlight
Miranda
Need for
Nero
Octoshape
Patrizier
pdfforge
PokerStrategy.com Elephant PokerStrategy
PokerStrategy.com SideKick
PokerTracker
Pro Evolution
RunAlyzer
Saboteur™
SimCity
Skype Click
Spybot : nutze lieber Malwarebytes von zeit zu zeit, ist besser.
Star Wars:
TableNinjaFT ALXSoftware
TableNinjaPP ALXSoftware
TableScan
TeamViewer 6
thriXXX : beide
Tiger Woods
TVUPlayer
UltraISO
Ubisoft
Universal
Veetle
Ventrilo
VoiceChum
Warkeys
WBFS
Wer wird
Windows Live
Xfire

öffne CCleaner analysieren, ccleaner starten.
pc neustarten testen wie das system läuft.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.04.2012, 11:10   #11
J_D133
 
Blackscreen mit Windows Sicherheitswarnung - Standard

Blackscreen mit Windows Sicherheitswarnung



So habe nun mal alle Programme runtergehauen und alle Sachen wie Java Flash etc. geupdated. System läuft ein bischen schneller.
Habe aber noch ein weiter großes Problem entdeckt.
Es sind ein paar meiner Ordner blockiert und es kommt immer ein Fehler, dass ich darauf nicht zugreifen kann. Desweiteren sind manche Programme die ich drauf habe nicht mehr zugängig, wo auch ein Fehler kommt. Ich habe davon mal ein Bild gemacht und das ganze im Anahng hochgeladen.
Das Problem ist erst aufgetreten als ich mit den von ihnen angegeben Schritten begonnen habe.
Miniaturansicht angehängter Grafiken
Blackscreen mit Windows Sicherheitswarnung-geblockte-ordner.jpg  

Alt 05.04.2012, 12:22   #12
markusg
/// Malware-holic
 
Blackscreen mit Windows Sicherheitswarnung - Standard

Blackscreen mit Windows Sicherheitswarnung



poste die fehlermeldung als text, außerdem welche ordner nicht mehr zugänglich sind.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.04.2012, 14:34   #13
J_D133
 
Blackscreen mit Windows Sicherheitswarnung - Standard

Blackscreen mit Windows Sicherheitswarnung



Fehlermeldung bei önnen von Documents and Settings:

Code:
ATTFilter
Der Pfrad ist nicht verfügbar.

 Auf C:\Documents and Settings kann nicht zugegriffen werden.

Zugriff verweigert
         
Liste der Ordner die nicht geöffnet werden können:
Code:
ATTFilter
C:\Documents and Settings
C:\Dokumente und Einstellungen
C:\Programme
C:\Users\Public\Documents\My Music
C:\Users\Public\Documents\My Pictures
C:\Users\Public\Documents\My Videos
C:\Users\Public\Documents\Eigene Bilder
C:\Users\Public\Documents\Eigene Musik
C:\Users\Public\Documents\Eigene Videos
C:\Program Files\Gemeinsame Datein
         
Ordner die das gleiche "Schloss" Symbol haben wie die gesperrten Ordner, die man aber öffnen kann:

Code:
ATTFilter
C:\Config.Msi
C:\found.000
C:\MSOCache
C:\Recovery
C:\System Volume Information
         

Alt 05.04.2012, 17:22   #14
markusg
/// Malware-holic
 
Blackscreen mit Windows Sicherheitswarnung - Standard

Blackscreen mit Windows Sicherheitswarnung



jo, manche sind ja auch schreibgeschützt, wie system volume information, recovery etc, damit man da als nutzer nicht rpfuscht
programme ist ja 2 mal vorhanden nehme ich an, einmal mit und einmal ohne schloss. ist also alles normal auf den ersten blick.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Blackscreen mit Windows Sicherheitswarnung
achtung, bildschirm, blackscreen, compu, computer, desktop, eingefangen, folge, folgende, folgenden, gefangen, gen, infizierte, infizierten, kurzem, schonmal, schwarzes, schwarzes bild, seite, seiten, sicherheitswarnung, symbole, virus, virus eingefangen, windows



Ähnliche Themen: Blackscreen mit Windows Sicherheitswarnung


  1. Windows bootet nur noch bis Blackscreen mit Mauszeiger - bootCD tut nicht
    Netzwerk und Hardware - 15.05.2015 (23)
  2. BlackScreen nach Windows 8 Update
    Alles rund um Windows - 15.11.2014 (10)
  3. Windows 7: Pc Startet sehr langsam mit langem Blackscreen
    Log-Analyse und Auswertung - 01.10.2014 (9)
  4. Windows XP Blackscreen der besonderen Art
    Alles rund um Windows - 18.07.2012 (23)
  5. Windows Xp Blackscreen nach Windows Logo
    Alles rund um Windows - 10.07.2012 (1)
  6. Blackscreen beim Starten von Windows 7 64-bit
    Alles rund um Windows - 03.05.2012 (1)
  7. Ebenfalls Blackscreen, angebliche Windows Sicherheitswarnung
    Log-Analyse und Auswertung - 12.04.2012 (11)
  8. Windows Blockiert Blackscreen und zahlungsaufforderung bei bestehender internetverbindung
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (7)
  9. Windows Sicherheitswarnung 50 Euro Virus
    Log-Analyse und Auswertung - 27.03.2012 (3)
  10. Windows Sicherheitswarnung, Zahlungsaufforderung, blackscreen
    Log-Analyse und Auswertung - 22.03.2012 (25)
  11. Windows Sicherheitswarnung mit 50 Euro Zahlungsaufforderung
    Plagegeister aller Art und deren Bekämpfung - 21.02.2012 (8)
  12. Blackscreen, "angebliche Windows Sicherheitswarnung" maleware?
    Log-Analyse und Auswertung - 05.02.2012 (1)
  13. Blackscreen, angebliche Windows Sicherheitswarnung
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (47)
  14. Virus Sicherheitswarnung Windows XP 50€
    Log-Analyse und Auswertung - 29.01.2012 (4)
  15. Windows - Blackscreen - 50 Euro zahlen
    Log-Analyse und Auswertung - 24.01.2012 (3)
  16. Skype Fehler, Windows Sicherheitswarnung und Trash.gen Fund
    Log-Analyse und Auswertung - 14.06.2011 (1)
  17. seltsame windows-sicherheitswarnung und ständig neue fenster
    Log-Analyse und Auswertung - 02.06.2008 (1)

Zum Thema Blackscreen mit Windows Sicherheitswarnung - Hallo, habe mir leider vor kurzem einen Virus eingefangen in dem auf dem Bildschirm ein schwarzes Bild ist mit dem folgenden Text: "ACHTUNG aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Durch - Blackscreen mit Windows Sicherheitswarnung...
Archiv
Du betrachtest: Blackscreen mit Windows Sicherheitswarnung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.