Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Noch eine Windows-Bockade - aus Sicherheitsgründen!

Noch eine Windows-Bockade - aus Sicherheitsgründen!


Log-Analyse und Auswertung: Noch eine Windows-Bockade - aus Sicherheitsgründen!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 13.12.2011, 21:10   #1
nads
 
Noch eine Windows-Bockade - aus Sicherheitsgründen! - Standard

Noch eine Windows-Bockade - aus Sicherheitsgründen!


Hallo, ich habe mir ebenfalls besagten Blockade-Virus eingefangen und wär hn gerne wieder los! Ich habe Antiir laufen lassen und den Spybot, danach lief mein Computer gar nicht mehr, nun habe ich ihn mit der Boot-Disk wieder hochfahren können, aber der Virus ist immer noch da! Mit OTL habe ich die folgenden Ergebnisse bekommen:
OTL.txt:
OTL logfile created on: 13.12.2011 20:45:20 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Benutzer\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 64,76% Memory free
4,24 Gb Paging File | 3,72 Gb Available in Paging File | 87,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 52,14 Gb Total Space | 8,52 Gb Free Space | 16,34% Space Free | Partition Type: NTFS
Drive D: | 51,84 Gb Total Space | 12,89 Gb Free Space | 24,87% Space Free | Partition Type: NTFS

Computer Name: BENUTZER-PC | User Name: Benutzer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.12.13 20:43:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Benutzer\Downloads\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 03:34:17 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.02.19 18:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009.05.06 22:15:00 | 002,785,582 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011.12.11 10:10:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.26 13:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.02.26 13:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.09.15 21:04:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.04.03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.03.03 08:23:08 | 000,015,872 | ---- | M] (DTV-DVB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UDTT2HID.sys -- (UDTT2HID)
DRV - [2005.01.01 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
DRV - [2004.10.08 10:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004.07.22 02:40:00 | 000,036,736 | ---- | M] (DTV-DVB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UDTT2BDA.sys -- (UDTT2BDA)
DRV - [2003.09.08 10:49:44 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.07.22 18:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.12.02 14:35:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.06.19 06:51:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.24 20:53:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2011.12.12 18:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 17:31:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.23 09:16:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.06.19 06:51:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008.12.06 13:44:33 | 000,000,000 | ---D | M]

[2010.06.09 13:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Extensions
[2010.06.09 13:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.12.13 15:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\evtscfkk.default\extensions
[2011.08.28 10:51:41 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\evtscfkk.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.05.06 17:30:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\evtscfkk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.03 13:05:55 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\evtscfkk.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.12.13 15:57:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\evtscfkk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.12.11 10:28:31 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\evtscfkk.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011.12.11 11:54:51 | 000,000,000 | ---D | M] (XING Deutsch Community Toolbar) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\evtscfkk.default\extensions\{c98be8db-5fd4-4455-9bb2-a3e1ae5a325b}
[2011.09.15 11:04:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\evtscfkk.default\extensions\engine@conduit.com
[2010.06.29 12:00:38 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\evtscfkk.default\extensions\maps@ovi.com
[2010.05.07 07:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\zh1b5isk.default\extensions
[2009.09.13 15:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\zh1b5isk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.09.13 15:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\zh1b5isk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.09.13 15:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\zh1b5isk.default\extensions\max@subfighter.com
[2010.06.14 09:43:49 | 000,002,252 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\evtscfkk.default\searchplugins\askcom.xml
[2011.08.29 16:48:18 | 000,000,923 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\evtscfkk.default\searchplugins\conduit.xml
[2011.11.09 17:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.05 08:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.07.17 09:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.07.16 14:58:43 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Benutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Benutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2011.12.12 20:37:56 | 000,438,109 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15094 more lines...
O2 - BHO: (1und1 Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C:\Program Files\Free Video Zilla\FVZilla.exe] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [firefox.exe] C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [winxumem] -autorun File not found
O4 - HKLM..\RunOnce: [SymInstallStub] C:\ProgramData\DivX\Symantec\SymInstallStub.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DC6E4F8-6F8D-492C-A8D2-2438EF6BD7FC}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011.12.12 20:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.12.12 18:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
[2011.12.12 18:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2011.11.24 20:58:28 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\DDMSettings
[2011.11.14 16:12:03 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Roaming\Avira
[2011.11.14 16:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.11.14 16:05:26 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.11.14 16:05:24 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.11.14 16:05:24 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.11.14 16:05:24 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.11.14 16:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.11.14 15:42:18 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[3 C:\Users\Benutzer\AppData\Local\*.tmp files -> C:\Users\Benutzer\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benutzer\*.tmp files -> C:\Users\Benutzer\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.12.13 20:26:10 | 000,001,356 | ---- | M] () -- C:\Users\Benutzer\AppData\Local\d3d9caps.dat
[2011.12.13 19:30:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.13 15:50:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc231f5453f56d.job
[2011.12.13 15:50:07 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Registry Reviver-Benutzer-Startup.job
[2011.12.13 15:50:07 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\RegistryDoktor.job
[2011.12.13 15:49:57 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.13 15:49:57 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.12 20:37:56 | 000,438,109 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.12.12 20:22:38 | 000,001,059 | ---- | M] () -- C:\Users\Benutzer\Desktop\Spybot - Search & Destroy.lnk
[2011.12.12 19:47:14 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.11 10:10:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.11.25 08:16:59 | 000,000,584 | ---- | M] () -- C:\Windows\tasks\SymInstallStub.job
[2011.11.24 20:53:31 | 000,001,401 | ---- | M] () -- C:\Users\Benutzer\Desktop\DivX Movies.lnk
[2011.11.15 17:13:59 | 000,131,711 | ---- | M] () -- C:\Users\Benutzer\Desktop\Groupon-69B3BBD765.pdf
[2011.11.15 17:02:32 | 000,033,792 | ---- | M] () -- C:\Users\Benutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.14 16:05:56 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[3 C:\Users\Benutzer\AppData\Local\*.tmp files -> C:\Users\Benutzer\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benutzer\*.tmp files -> C:\Users\Benutzer\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.12.12 20:22:38 | 000,001,059 | ---- | C] () -- C:\Users\Benutzer\Desktop\Spybot - Search & Destroy.lnk
[2011.11.24 20:53:03 | 000,001,965 | ---- | C] () -- C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SymInstallStub.lnk
[2011.11.24 20:53:03 | 000,000,584 | ---- | C] () -- C:\Windows\tasks\SymInstallStub.job
[2011.11.15 17:13:59 | 000,131,711 | ---- | C] () -- C:\Users\Benutzer\Desktop\Groupon-69B3BBD765.pdf
[2011.11.14 16:05:56 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.11.14 12:31:30 | 000,000,948 | ---- | C] () -- C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011.11.14 12:31:04 | 000,000,919 | ---- | C] () -- C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011.11.14 12:30:50 | 000,000,953 | ---- | C] () -- C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.11.12 04:46:33 | 000,000,000 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\{0DF8D1C2-22AF-453B-AB92-2CA1FFD12595}
[2011.11.12 04:44:33 | 000,000,000 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\{A3064F16-2142-46F4-9588-70A8AC9A3A05}
[2011.11.12 04:44:33 | 000,000,000 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\{2361D30A-CD31-4269-8761-ECF786F147CE}
[2011.11.11 16:51:26 | 000,000,000 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\{DE81C37C-AD67-432B-851A-24A74A9C0AAA}
[2011.11.11 16:51:26 | 000,000,000 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\{A0402A82-52FB-4C1F-8807-7F6B44F3B937}
[2011.11.09 19:44:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.18 18:28:35 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.06.05 10:14:34 | 000,000,552 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\d3d8caps.dat
[2010.07.19 13:44:14 | 000,000,052 | ---- | C] () -- C:\Windows\PonkyGezieltM34.ini
[2010.07.12 20:35:58 | 000,201,774 | ---- | C] () -- C:\Users\Benutzer\AppData\Roaming\mdbu.bin
[2010.02.04 18:16:25 | 000,000,028 | ---- | C] () -- C:\Windows\Msdevctl.ini
[2010.02.04 18:16:24 | 000,000,751 | ---- | C] () -- C:\Windows\Ulead32.ini
[2010.01.22 11:42:24 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2010.01.12 21:18:20 | 001,409,890 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010.01.12 21:18:18 | 000,882,688 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.01.12 21:18:18 | 000,556,491 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010.01.12 21:18:16 | 004,507,983 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010.01.12 21:18:10 | 000,877,385 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2010.01.12 21:18:10 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010.01.12 21:18:10 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010.01.12 21:18:10 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010.01.12 21:18:10 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010.01.12 21:18:10 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010.01.12 21:18:08 | 000,169,984 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010.01.12 21:18:08 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010.01.12 21:18:08 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2010.01.12 21:18:08 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010.01.12 21:12:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.01.01 01:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010.01.01 01:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009.11.29 18:43:59 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009.11.29 18:13:46 | 000,022,528 | ---- | C] () -- C:\Windows\zipsfx.bin
[2009.11.29 18:13:44 | 000,130,560 | ---- | C] () -- C:\Windows\Zipdll.dll
[2009.11.29 18:13:41 | 000,115,712 | ---- | C] () -- C:\Windows\Unzdll.dll
[2009.11.14 19:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009.11.14 19:33:40 | 000,357,888 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2009.11.14 19:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009.11.14 19:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009.11.14 19:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009.11.14 19:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009.11.14 19:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009.11.14 19:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009.11.14 19:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009.11.14 19:11:36 | 000,136,704 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2009.11.14 19:11:36 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2009.11.14 19:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009.11.14 19:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009.09.11 09:36:47 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.11 09:36:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.08 01:33:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.08.11 21:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009.07.14 18:13:47 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2009.07.12 21:01:16 | 000,000,096 | ---- | C] () -- C:\Windows\buhl.ini
[2009.04.14 12:24:37 | 000,164,255 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009.04.14 12:24:15 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009.03.30 21:26:23 | 000,001,004 | ---- | C] () -- C:\Windows\wiso.ini
[2009.02.26 12:02:28 | 000,000,096 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\fusioncache.dat
[2009.01.10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008.12.21 13:57:09 | 000,056,320 | ---- | C] () -- C:\Windows\System32\SODPPLM.DLL
[2008.12.03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.12.02 17:47:53 | 000,001,356 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\d3d9caps.dat
[2008.11.29 16:52:44 | 000,033,792 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.27 15:35:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.02.11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.01.21 09:21:25 | 000,674,672 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:21:25 | 000,146,324 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:44:53 | 000,273,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,634,490 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,120,054 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1999.07.17 01:02:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\wh2robo.dll

========== LOP Check ==========

[2010.11.16 08:27:51 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Amazon
[2010.09.09 17:40:17 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Ashampoo
[2009.03.04 19:34:29 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Buhl Data Service
[2011.09.20 11:35:57 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Canon
[2010.10.16 09:21:47 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\GARMIN
[2009.09.29 12:50:06 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\gtk-2.0
[2011.07.20 16:10:56 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Image Zone Express
[2010.04.15 09:33:44 | 000,000,000 | -HSD | M] -- C:\Users\Benutzer\AppData\Roaming\lowsec
[2010.08.20 18:50:19 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Nokia
[2010.06.19 14:53:32 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Nokia Ovi Suite
[2010.01.20 08:53:22 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\OpenOffice.org
[2010.06.19 14:51:05 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\PC Suite
[2011.07.18 14:54:29 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\PhotoScape
[2009.06.06 14:37:41 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Printer Info Cache
[2010.06.09 13:10:35 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\TomTom
[2011.11.14 16:24:31 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Ugxeu
[2011.11.14 16:23:57 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Uhujp
[2011.12.13 15:50:07 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Registry Reviver-Benutzer-Startup.job
[2011.12.13 15:50:07 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\RegistryDoktor.job
[2011.12.12 21:24:37 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.11.25 08:16:59 | 000,000,584 | ---- | M] () -- C:\Windows\Tasks\SymInstallStub.job
[2011.10.20 18:08:24 | 000,000,568 | ---- | M] () -- C:\Windows\Tasks\{56039B65-63EC-488B-9C93-5451D3F35276}.job
[2011.10.20 18:07:52 | 000,000,186 | ---- | M] () -- C:\Windows\Tasks\{95586B4F-7AD7-42FF-9535-77752261A8EA}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2011.03.01 21:08:44 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.01.22 11:47:37 | 000,000,000 | ---D | M] -- C:\Acer
[2006.12.05 04:59:46 | 000,000,000 | ---D | M] -- C:\Book
[2009.09.18 22:54:33 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.10.02 15:38:54 | 000,000,000 | ---D | M] -- C:\CFLog
[2010.02.26 18:11:28 | 000,000,000 | ---D | M] -- C:\Coktel
[2006.11.02 13:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.03.19 20:16:05 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.04.25 09:23:59 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.07.17 16:13:57 | 000,000,000 | ---D | M] -- C:\found.000
[2008.08.18 17:35:38 | 000,000,000 | ---D | M] -- C:\Intel
[2010.02.04 18:18:34 | 000,000,000 | ---D | M] -- C:\My Music
[2009.06.06 15:12:07 | 000,000,000 | ---D | M] -- C:\output
[2008.01.21 03:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.12 19:50:53 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.12 19:50:34 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.03.19 20:16:05 | 000,000,000 | -HSD | M] -- C:\Programme
[2008.11.27 13:31:30 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.09.20 18:29:54 | 000,000,000 | ---D | M] -- C:\Softwarenetz
[2011.12.12 14:16:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.11.27 15:03:58 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.12 15:13:16 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTORV.SYS >
[2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.21 03:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USER32.DLL >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

< MD5 for: USERINIT.EXE >
[2008.01.21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2008.01.21 03:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.01.21 04:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %USERPROFILE%\*.* >
[2008.06.24 19:12:35 | 000,501,725 | ---- | M] () -- C:\Users\Benutzer\.fonts.cache-1
[2009.07.17 09:52:47 | 000,000,000 | ---- | M] () -- C:\Users\Benutzer\.gtk-bookmarks
[2009.09.29 15:17:27 | 000,000,218 | ---- | M] () -- C:\Users\Benutzer\.recently-used.xbel
[2008.06.12 02:47:22 | 000,349,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Benutzer\AcroRd32.exe
[2008.04.26 10:13:33 | 022,322,568 | ---- | M] () -- C:\Users\Benutzer\antivir_workstation8_winu_de_h.exe
[2008.06.23 20:16:18 | 000,019,456 | ---- | M] () -- C:\Users\Benutzer\Bernd Kreidel Rechnun
[2009.09.01 06:13:19 | 000,000,375 | ---- | M] () -- C:\Users\Benutzer\Bilder - Verknüpfung.lnk
[2008.01.21 19:35:19 | 002,434,406 | ---- | M] () -- C:\Users\Benutzer\cdex_170b2_enu.exe
[2009.09.13 18:44:41 | 000,000,982 | ---- | M] () -- C:\Users\Benutzer\che.mcf
[2009.09.13 18:44:31 | 000,000,000 | ---- | M] () -- C:\Users\Benutzer\che.mcf~
[2007.06.07 09:19:21 | 000,000,104 | ---- | M] () -- C:\Users\Benutzer\Computer - Verknüpfung.lnk
[2008.02.17 13:50:18 | 050,531,672 | ---- | M] ( ) -- C:\Users\Benutzer\CyberLink.3118_EVR__DVD070604-04.exe
[2010.02.27 17:00:40 | 000,063,558 | ---- | M] () -- C:\Users\Benutzer\ffdshow.reg
[2008.12.16 19:35:31 | 000,035,441 | ---- | M] () -- C:\Users\Benutzer\Foto.de.mcf
[2008.12.16 19:35:30 | 000,000,000 | ---- | M] () -- C:\Users\Benutzer\Foto.de.mcf~
[2009.09.13 18:55:51 | 000,001,004 | ---- | M] () -- C:\Users\Benutzer\fotobookitem_1.mcf
[2009.09.13 18:55:50 | 000,000,000 | ---- | M] () -- C:\Users\Benutzer\fotobookitem_1.mcf~
[2011.09.12 09:18:23 | 000,031,785 | ---- | M] () -- C:\Users\Benutzer\Fotowelt-Datei.mcf
[2011.09.12 09:18:02 | 000,031,785 | ---- | M] () -- C:\Users\Benutzer\Fotowelt-Datei.mcf~
[2008.02.17 13:15:19 | 004,736,080 | ---- | M] (Gretech Corp.) -- C:\Users\Benutzer\GOMPLAYERENSETUP219.EXE
[2008.02.06 15:54:24 | 013,413,048 | ---- | M] () -- C:\Users\Benutzer\Google_Earth_BZXV.exe
[2008.04.20 21:36:26 | 033,271,890 | ---- | M] (George Zhu and AViegas ) -- C:\Users\Benutzer\iLibertySetup_1.3.0.113.exe
[2009.09.13 18:53:13 | 000,000,984 | ---- | M] () -- C:\Users\Benutzer\kids.mcf
[2009.09.13 18:49:40 | 000,000,982 | ---- | M] () -- C:\Users\Benutzer\kids.mcf~
[2009.09.13 18:54:35 | 000,000,983 | ---- | M] () -- C:\Users\Benutzer\kids2.mcf
[2009.09.13 18:54:33 | 000,000,000 | ---- | M] () -- C:\Users\Benutzer\kids2.mcf~
[2009.07.10 19:33:24 | 000,026,348 | ---- | M] () -- C:\Users\Benutzer\Mama.mcf
[2009.07.10 19:33:19 | 000,026,348 | ---- | M] () -- C:\Users\Benutzer\Mama.mcf~
[2011.07.26 14:22:27 | 000,003,073 | ---- | M] () -- C:\Users\Benutzer\Mein Geschenk.mcf
[2011.07.26 14:22:19 | 000,003,073 | ---- | M] () -- C:\Users\Benutzer\Mein Geschenk.mcf~
[2008.01.21 20:00:38 | 000,521,456 | ---- | M] () -- C:\Users\Benutzer\Norton.exe
[2011.12.13 20:43:41 | 009,175,040 | -HS- | M] () -- C:\Users\Benutzer\ntuser.dat
[2011.12.13 20:43:41 | 000,262,144 | -H-- | M] () -- C:\Users\Benutzer\ntuser.dat.LOG1
[2010.04.06 08:42:54 | 000,262,144 | -H-- | M] () -- C:\Users\Benutzer\ntuser.dat.LOG2
[2011.12.13 16:12:29 | 000,065,536 | -HS- | M] () -- C:\Users\Benutzer\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2011.12.13 16:12:29 | 000,524,288 | -HS- | M] () -- C:\Users\Benutzer\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2011.08.15 19:31:07 | 000,524,288 | -HS- | M] () -- C:\Users\Benutzer\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2008.11.27 15:04:00 | 000,000,020 | -HS- | M] () -- C:\Users\Benutzer\ntuser.ini
[2011.07.26 14:22:56 | 000,003,028 | ---- | M] () -- C:\Users\Benutzer\part.mcf
[2010.01.09 09:51:55 | 099,316,488 | ---- | M] ( ) -- C:\Users\Benutzer\photo_dose.exe
[2008.02.05 13:44:08 | 001,086,613 | ---- | M] () -- C:\Users\Benutzer\PowerISO39.exe
[2008.09.30 15:51:58 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Users\Benutzer\soffice.bin
[2007.04.16 14:48:52 | 000,121,344 | ---- | M] () -- C:\Users\Benutzer\text.doc
[2008.04.05 18:24:57 | 006,742,528 | ---- | M] () -- C:\Users\Benutzer\wz111gev.msi
[2008.04.20 21:09:49 | 004,709,994 | ---- | M] () -- C:\Users\Benutzer\yam-win17.zip
[1 C:\Users\Benutzer\*.tmp files -> C:\Users\Benutzer\*.tmp -> ]

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP1B5B4F1
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMPFC5A2B2

< End of report >



Extras konnte ich anhängen!

Ich hoffe sehr, dass mir jemand helfen kann! Tausend Dank im Voraus!

 

Themen zu Noch eine Windows-Bockade - aus Sicherheitsgründen!
alternate, antivir, avira, bho, bonjour, c:\windows\system32\rundll32.exe, computer, defender, desktop, error, explorer, firefox, format, helper, home, hängen, logfile, nvidia, nvstor.sys, plug-in, poweriso, registry, required, rundll, safer networking, scan, sched.exe, security, security update, software, symantec, temp, version=1.0, virus, vista, windows blockiert sicherheitswarnung, winlogon.exe


« Trojaner Dc13.exe, Dc14.exe in c:\Recycled .Welche Gefahr geht von diesen aus? | Trojaner TR/Spy.Croff.C und Erkennenungsmuster anderer Viren »


Ähnliche Themen: Noch eine Windows-Bockade - aus Sicherheitsgründen!


  1. Android: Und noch eine schwere Sicherheitslücke
    Nachrichten - 12.08.2015 (1)
  2. Und noch eine Rechnung mit Datei!
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (13)
  3. Noch einer: Achtung! Aus Sicherheitsgründen wurde ihr....
    Plagegeister aller Art und deren Bekämpfung - 28.03.2012 (1)
  4. Windows 7: Achtung Ihr Windows wurde aus Sicherheitsgründen gesperrt! Bezahlen und runterladen
    Log-Analyse und Auswertung - 17.02.2012 (2)
  5. Und noch einer: Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (25)
  6. Und noch einmal: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (4)
  7. Aus Sicherheitsgründen wurde Ihr System blockiert und noch ein fall
    Plagegeister aller Art und deren Bekämpfung - 08.02.2012 (6)
  8. Noch eine! Achtung! Ihr Computer wurde gesperrt! Windows Security
    Plagegeister aller Art und deren Bekämpfung - 06.02.2012 (6)
  9. Und noch einmal: Windows wird aus Sicherheitsgründen gesperrt...
    Log-Analyse und Auswertung - 06.02.2012 (9)
  10. Und noch einer: Achtung! Aus Sicherheitsgründen.. blockiert!
    Log-Analyse und Auswertung - 21.01.2012 (13)
  11. Achtung Aus Sicherheitsgründen wurde ihr Windows System blockiert Windows xp
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (7)
  12. Gehe zum ersten neuen Beitrag Aus Sicherheitsgründen wurde ihr windows System blockiert (auf Windows
    Log-Analyse und Auswertung - 16.12.2011 (16)
  13. Noch eine Metropolitan Police OTL.txt-Datei!
    Log-Analyse und Auswertung - 20.06.2011 (1)
  14. Und noch eine HDD low - geplagte ....
    Plagegeister aller Art und deren Bekämpfung - 03.01.2011 (68)
  15. und gleich noch eine Frage: activate_crack.exe
    Plagegeister aller Art und deren Bekämpfung - 10.10.2005 (1)
  16. Noch eine Frage zu: 'se.dll/sp.html'
    Log-Analyse und Auswertung - 26.04.2005 (1)
  17. problem noch mal eine frage
    Log-Analyse und Auswertung - 21.02.2005 (15)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Noch eine Windows-Bockade - aus Sicherheitsgründen! - Hallo, ich habe mir ebenfalls besagten Blockade-Virus eingefangen und wär hn gerne wieder los! Ich habe Antiir laufen lassen und den Spybot, danach lief mein Computer gar nicht mehr, nun - Noch eine Windows-Bockade - aus Sicherheitsgründen!...
Archiv
Du betrachtest: Noch eine Windows-Bockade - aus Sicherheitsgründen! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19