Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Windowssystem aus Sicherheitsgründen blockiert...bla

Windowssystem aus Sicherheitsgründen blockiert...bla


Plagegeister aller Art und deren Bekämpfung: Windowssystem aus Sicherheitsgründen blockiert...bla

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.03.2012, 23:00   #1
Crank-Tank
 
Windowssystem aus Sicherheitsgründen blockiert...bla - Standard

Windowssystem aus Sicherheitsgründen blockiert...bla


OTLTxt:

OTL logfile created on: 02.03.2012 22:35:21 - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Neu\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 74,96% Memory free
3,96 Gb Paging File | 3,63 Gb Available in Paging File | 91,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,93 Gb Total Space | 3,00 Gb Free Space | 4,35% Space Free | Partition Type: NTFS
Drive X: | 68,40 Gb Total Space | 4,12 Gb Free Space | 6,02% Space Free | Partition Type: NTFS

Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.03.02 22:08:33 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Neu\Desktop\OTL.exe
PRC - [2010.11.11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008.12.16 18:47:10 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006.11.02 13:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010.12.27 12:47:35 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.27 12:47:34 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008.12.16 18:47:10 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007.04.26 13:56:11 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.24 16:03:22 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005.11.24 15:57:44 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005.11.24 15:47:30 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2010.12.27 12:47:35 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.27 12:47:35 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007.08.03 11:20:53 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006.12.27 14:08:22 | 002,307,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.10.20 22:47:58 | 000,504,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.10.09 20:47:58 | 000,981,504 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.07.14 13:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvatabus.sys -- (nvatabus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{55FAF0F2-44D4-425f-B5F5-6B275B621EAB}: "URL" = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/result.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://search.avg.com/route/?d=4cc6ec5a&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "|hxxp://de.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="


FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.19 03:15:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.02 16:11:11 | 000,000,000 | ---D | M]

[2008.12.08 16:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions
[2012.03.01 19:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\6md3j02l.default\extensions
[2010.06.29 14:49:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\6md3j02l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.22 13:37:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\6md3j02l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.02.20 21:10:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\6md3j02l.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.10 18:04:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\6md3j02l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.29 21:10:56 | 000,001,056 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\6md3j02l.default\searchplugins\icqplugin.xml
[2012.03.02 22:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.07.14 16:48:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.02.07 13:02:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008.12.08 16:28:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2011.02.07 13:02:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.14 14:24:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.09.10 04:49:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.10 04:49:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.10 04:49:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.10 04:49:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.10 04:49:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========


O1 HOSTS File: ([2011.01.07 16:04:35 | 000,001,030 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O1 - Hosts: 127.0.0.1 coo0lnet.net
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] X:\Programme\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [{A319C53F-D460-1D57-2CF0-66D4B6199436}] C:\Users\Dennis\AppData\Roaming\regedit32.exe File not found
O4 - HKCU..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [RestorPoint.exe] C:\RestorPoint\RestorPoint.exe File not found
O4 - HKCU..\Run: [skhfushjflw.exe] C:\skhfushjflw\skhfushjflw.exe File not found
O4 - HKCU..\Run: [SkypeM] C:\Users\Dennis\AppData\Local\Skype\Skype.exe (Unizeto Sp. z o.o.)
O4 - HKCU..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [vasja] C:\Users\Dennis\AppData\Local\Temp\upd.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96CB8FCE-6AD0-41E9-8A5F-EE17CD4C3141}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e97ccb21-a275-11dd-8ee0-00030d6264c3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: ccc-core-static - msiexec /fums {1B91DBAF-C919-6A57-18E2-C7D7EF4FF08C} /qb

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012.03.02 21:57:48 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[239 C:\Users\Dennis\Desktop\*.tmp files -> C:\Users\Dennis\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.03.02 22:24:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.02 22:20:47 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.02 22:20:47 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.02 22:15:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5F7694C4-D02A-4C09-81DF-864056AD5A2E}.job
[2012.03.02 22:13:26 | 000,340,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.02 16:05:44 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.24 16:43:10 | 000,017,280 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012.02.24 15:54:40 | 010,595,304 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.24 15:54:40 | 003,733,172 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.24 15:54:40 | 003,104,650 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.24 15:54:39 | 003,408,048 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[239 C:\Users\Dennis\Desktop\*.tmp files -> C:\Users\Dennis\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.03.02 16:05:44 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.04.07 09:15:05 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.02 14:55:55 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2011.11.28 20:30:06 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2007.04.26 19:40:47 | 000,000,000 | ---D | M] -- C:\adaptec
[2007.06.22 17:20:08 | 000,000,000 | ---D | M] -- C:\ATI
[2007.04.03 12:13:12 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.04.26 13:12:36 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2007.04.03 12:05:19 | 000,000,000 | R--D | M] -- C:\DRIVER
[2007.04.03 12:14:03 | 000,000,000 | ---D | M] -- C:\ISP
[2007.04.03 12:05:19 | 000,000,000 | R--D | M] -- C:\MANUAL
[2007.04.03 12:12:41 | 000,000,000 | ---D | M] -- C:\MSWorks
[2011.03.12 10:23:13 | 000,000,000 | ---D | M] -- C:\Nokia
[2011.08.02 11:01:33 | 000,000,000 | ---D | M] -- C:\output
[2011.11.28 20:42:02 | 000,000,000 | -H-D | M] -- C:\pokiojkjnkj
[2012.03.02 22:05:11 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.28 20:36:40 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.04.26 13:12:36 | 000,000,000 | -HSD | M] -- C:\Programme
[2006.11.02 10:47:26 | 000,000,000 | -H-D | M] -- C:\RestorPoint
[2011.07.04 17:39:22 | 000,000,000 | ---D | M] -- C:\Sounds
[2012.03.02 19:40:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.09.22 22:03:55 | 000,000,000 | ---D | M] -- C:\TEMP
[2007.05.06 18:25:17 | 000,000,000 | ---D | M] -- C:\TMP
[2011.11.28 20:29:58 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.02 21:48:54 | 000,000,000 | ---D | M] -- C:\Windows
[2007.04.03 11:37:29 | 000,000,000 | ---D | M] -- C:\x86

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2007.04.03 11:43:21 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007.04.03 11:43:21 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007.04.03 11:43:21 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.04.03 11:52:19 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.04.03 11:52:19 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.02.14 14:49:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 14:49:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 14:49:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\drivers\atapi.sys
[2008.02.14 14:49:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.02.14 14:49:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.15 12:54:15 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.15 12:54:14 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

< MD5 for: IASTOR.SYS >
[2006.05.11 10:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\drivers\iaStor.sys
[2006.05.11 10:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_6c3369af\iaStor.sys
[2006.05.11 10:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_0d20ce62\iaStor.sys

< MD5 for: IASTORV.SYS >
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006.07.14 13:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=7D960340BE5B0E008BB94E4C3B991339 -- C:\Windows\System32\drivers\nvatabus.sys
[2006.07.14 13:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=7D960340BE5B0E008BB94E4C3B991339 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_27229839\nvatabus.sys

< MD5 for: NVSTOR.SYS >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

< MD5 for: SCECLI.DLL >
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: USER32.DLL >
[2007.04.26 13:54:36 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\System32\user32.dll
[2007.04.26 13:54:36 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.04.26 13:54:36 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

< MD5 for: USERINIT.EXE >
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: VIAMRAID.SYS >
[2006.03.31 01:18:30 | 000,100,992 | ---- | M] (VIA Technologies inc,.ltd) MD5=9F3F276C7300ED211129757A411B605F -- C:\Windows\System32\drivers\viamraid.sys
[2006.03.31 01:18:30 | 000,100,992 | ---- | M] (VIA Technologies inc,.ltd) MD5=9F3F276C7300ED211129757A411B605F -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_2d6a7e3a\viamraid.sys

< MD5 for: WINLOGON.EXE >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.10.24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
[2007.08.03 11:20:53 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2007.04.03 12:12:50 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.04.03 12:12:46 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.04.03 12:12:50 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.04.03 12:13:07 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.04.03 12:13:11 | 006,017,024 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %USERPROFILE%\*.* >
[2012.03.02 22:36:06 | 004,456,448 | -HS- | M] () -- C:\Users\Dennis\ntuser.dat
[2012.03.02 22:36:05 | 000,262,144 | -H-- | M] () -- C:\Users\Dennis\ntuser.dat.LOG1
[2011.03.21 14:11:42 | 000,262,144 | -H-- | M] () -- C:\Users\Dennis\ntuser.dat.LOG2
[2007.04.26 17:31:16 | 000,065,536 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2007.04.26 17:31:16 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007.04.26 17:31:16 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007.04.26 13:16:09 | 000,000,020 | -HS- | M] () -- C:\Users\Dennis\ntuser.ini

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B682472

< End of report >




Extras.Txt:

OTL Extras logfile created on: 02.03.2012 22:35:21 - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Neu\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 74,96% Memory free
3,96 Gb Paging File | 3,63 Gb Available in Paging File | 91,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,93 Gb Total Space | 3,00 Gb Free Space | 4,35% Space Free | Partition Type: NTFS
Drive X: | 68,40 Gb Total Space | 4,12 Gb Free Space | 6,02% Space Free | Partition Type: NTFS

Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "X:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "X:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "X:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09246011-EF6F-4D08-A1E2-115F3319FDE9}" = rport=138 | protocol=17 | dir=out | app=system |
"{0D06367F-8109-4437-BAF7-AFF1917B6C64}" = rport=445 | protocol=6 | dir=out | app=system |
"{12D327BE-1E2B-4609-BB8F-34BECCA98212}" = lport=10243 | protocol=6 | dir=in | app=system |
"{15CD3F12-8222-4988-8457-9052C3A8E9E9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1F9FE026-5682-4737-90EC-23C7F7BF05AA}" = rport=139 | protocol=6 | dir=out | app=system |
"{297BAA6B-6758-4D0F-BBF6-51BC05DEA179}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2CDD1573-381F-4EDD-B03A-254D0665884A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3D0AFCC9-6FEF-40AA-9B77-E7590F69A85A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E65C22F-8FB7-42DC-B408-04D8AEAC491E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E7D602C-0529-47DC-9BE1-CA0E2F770ADB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B48C613-383F-4367-A324-7632A9BABB60}" = lport=137 | protocol=17 | dir=in | app=system |
"{669FC7DF-47B3-4C20-9852-91372F92DEB2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6FF369CE-67F1-40BB-AC84-CA7F2E362B70}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{778449AD-82A5-4DAE-9C18-F3477E1A459D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7AAAC8E5-10A9-4998-9F0E-8411EFABC3F6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{85D86A54-891E-446A-9C7D-E649FEF86DB3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A6C080B-A6B1-4BD5-BA45-0DEC86A09416}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A15A21F9-4C8E-4C99-BDEF-72CA37837F53}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AE821036-4013-4D7B-8123-3E2A3EFAA44E}" = lport=139 | protocol=6 | dir=in | app=system |
"{C6A6C804-F5C7-440F-BA93-26CE290AFDAE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E5B856F3-B4DA-455C-A744-8EF560605F2E}" = lport=138 | protocol=17 | dir=in | app=system |
"{EA1413FE-2038-4A9D-BD20-0DC07D16193A}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9758C70-8E09-464E-88FC-06A37C0336E0}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A7343A-D56A-4BA0-A11F-7FF3FA01DE91}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{0FCFB197-46BE-448B-AF62-5918EB561902}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{15079B2D-A96D-4EDA-B87E-AFD695D9EA20}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{19981FFD-F8DD-4246-B92F-767C9942217C}" = protocol=6 | dir=out | app=system |
"{1ECF15B9-6F2C-48A2-B495-BFD1E10C94EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{22A53D53-1ABD-41A0-AC3E-29B2C9BE8CC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3614CB74-34AA-4619-8398-FBEB6EBDB58D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{54B2695F-D1DA-441C-901B-53A05951144B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{630937FD-064E-44E0-B4C6-06C4A4EEDC50}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{64754572-9740-4011-938B-EB19BD016AD7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{65FC776C-E622-4386-836D-9FE3C22D4ECD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{78055BE4-04B7-499D-9871-246C59EBCA44}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7C71460B-1938-454A-B44D-DAF4890C6A83}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7CD66A23-5D3F-47B3-92A2-B1B7AA8922B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FC7FA3F-464B-4A50-ADCE-56CCEFEEAF0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{95822C37-B337-4C29-91F4-4F9544A1E2E8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9D30CCA6-685A-4361-BDC7-6EFEB6EDAFAC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A54E9B65-E61A-46B1-B49C-185BC8930DA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AED8CE14-48F9-4E85-A897-601CDF455C20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CBFB6CA6-4390-4005-9E45-C298BFDAF17E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CED7082B-87AD-49A7-85AB-09546C5EC8C1}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{DC4A048E-1442-4016-B18B-AAA98A746513}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{E2532EEB-C387-42E4-8928-4A28BADFCE63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F6B0CEFD-2873-40D1-B663-0E793E50524F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF760387-0882-44A6-BA58-23DE4D98BD54}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0473D72F-E5D7-428A-B19E-5B5FA699ED13}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{192986B8-693A-4347-974E-0E7677E0C8C4}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{1DD867FE-F0DF-4864-A7FD-AE3E6169444B}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{354E9DF9-D887-473E-AEE2-836324713D01}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{3B2F0C71-C7F2-43FA-A1D1-AF02EFE634EF}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{4F6C4254-54F2-4EAA-856C-135E20C411F3}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{52D2B1A4-C082-4247-AE6B-566C544DA791}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{817EBA1F-13E2-4ECD-8AF8-E78A2060DC1D}C:\program files\ftp commander\ftpcomm.exe" = protocol=6 | dir=in | app=c:\program files\ftp commander\ftpcomm.exe |
"TCP Query User{84B525DB-E6BC-4D1C-B13E-2A75B69EEB09}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{911C33E1-2D1C-4CB4-9977-1F8F08B37E45}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{918A8C4C-5DAD-4DDE-B4ED-FE857493BEB1}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{982EA0F4-4323-40C5-88E1-4A6019E71A28}C:\program files\ftp commander\ftpcomm.exe" = protocol=6 | dir=in | app=c:\program files\ftp commander\ftpcomm.exe |
"TCP Query User{B0E0A3F1-5AA5-4EEC-88D3-54ECFFC2F078}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E0EBA124-48BD-481C-B056-9B4353AC8C0E}C:\program files\emule.de 0.48a v18\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule.de 0.48a v18\emule.exe |
"TCP Query User{E40EA2A1-5352-450E-BB6D-664510CE498D}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{E4D75638-A9BE-4FF3-A521-79308A77AA4F}X:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=x:\programme\winamp\winamp.exe |
"TCP Query User{E6139954-E694-4EA1-99A3-1E4F35BE90A6}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"UDP Query User{150EC9FB-D8A4-4F18-921B-EB42EF317634}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{254784E5-E2D2-4829-B74C-58F0D644C356}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{35E3242C-B9F5-4BAE-83C7-ACD7789EDE13}X:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=x:\programme\winamp\winamp.exe |
"UDP Query User{422194D8-CDF0-49D4-B4A6-7CC932306D88}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{4472E447-370A-43B0-B4F2-1A40A4F0682A}C:\program files\ftp commander\ftpcomm.exe" = protocol=17 | dir=in | app=c:\program files\ftp commander\ftpcomm.exe |
"UDP Query User{51E20BE0-FBC5-452F-9463-353C0ACC3FE5}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{545FDBCB-2AEB-4071-ACE9-B0C43578ACB1}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"UDP Query User{7E4D8463-4E93-4565-BA4F-BEB880F2AA78}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{81BFED25-DC98-44BD-8C16-2EDBBC7D6208}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{8BB291A1-93C5-41BA-A26A-DF6197378D6C}C:\program files\emule.de 0.48a v18\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule.de 0.48a v18\emule.exe |
"UDP Query User{98875441-6323-4B81-BDBA-2285D43B4CEC}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{A125657C-7046-4C90-9A55-98430D2ECAE2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A259033D-D681-43F9-A8F8-0C8B8347A639}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{C5C64537-7B10-44A3-82FB-2D97BB8D23FA}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{DE6AC242-BC5F-4EA1-9D4A-6E0C3CF0DEEF}C:\program files\ftp commander\ftpcomm.exe" = protocol=17 | dir=in | app=c:\program files\ftp commander\ftpcomm.exe |
"UDP Query User{E4F58E1D-0FF2-4229-A792-EB8EA6C72644}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{EE0D1C24-F1A8-4B2A-93E4-A9AD10D0B566}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{0950469D-E2FF-879B-61A4-516E48B0722F}" = Skins
"{12C7BA78-4C10-534C-84B7-2B2B2F878426}" = CCC Help Portuguese
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{1B91DBAF-C919-6A57-18E2-C7D7EF4FF08C}" = ccc-core-static
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"{2A3DBB04-9FD8-3C14-0AAE-431F4186656D}" = CCC Help German
"{30AFB3EC-DCF8-5763-616A-EDAD9C056182}" = Catalyst Control Center Localization German
"{32AFDE70-6890-478B-BC92-8F3C76B8A77B}" = Branding
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{42C59336-5DA0-1ACC-4A26-24124C744ADF}" = Catalyst Control Center Localization Arabic
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5362F245-F101-FDE4-EFA7-F4B10B902DEB}" = CCC Help Japanese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A867653-D11D-E667-7D72-1CBD18D0A62B}" = Catalyst Control Center Graphics Full New
"{5F8F0536-FCF7-25AD-7E74-09185008F8AA}" = Catalyst Control Center Localization Korean
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E8EFAB4-640E-4CD8-0C0E-537A0E2ACBC8}" = Catalyst Control Center Graphics Light
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{851FE4C4-F290-B5A8-A626-0CA09B96F31E}" = Catalyst Control Center Localization Italian
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{8807999F-A405-6612-80AC-EB41A613E7B2}" = CCC Help Chinese Standard
"{90D0061E-0EFD-C312-78C8-E221F4F3EEFC}" = Catalyst Control Center Localization Arabic
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E894E92-3303-9DD0-02A4-B91DC1AB079F}" = CCC Help Dutch
"{9F45E778-204B-C012-B32E-3DDE62F65A17}" = CCC Help Chinese Traditional
"{A4668F76-C163-1EB2-CFE2-C6DC3CCF444B}" = ccc-utility
"{A49D8D08-ED9A-FFDD-4FF6-4FB566E32FE7}" = CCC Help Spanish
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AECEF7B4-59FE-860F-FF40-92F7EE446C5D}" = Catalyst Control Center Localization Arabic
"{C06B2AA3-9B70-E390-FFC3-D8361A46E768}" = CCC Help Italian
"{C22F9EFE-CBE1-4A82-048D-08C8102CFCB0}" = Catalyst Control Center Localization Spanish
"{C2EB84E8-87D3-1620-4611-C8F394A517F6}" = CCC Help English
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"{D1333BBD-B92B-36D3-D7CA-1C246C65E6DC}" = CCC Help Swedish
"{D3AAB9E5-70C5-3355-E29F-0DEF2BE46151}" = CCC Help Korean
"{D9578A6D-FDFE-9E0B-6186-7987A427ACCB}" = CCC Help French
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E8A87D18-CC4A-C630-470A-66C252150323}" = Catalyst Control Center Graphics Previews Vista
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F66F016E-2600-AD75-1925-922174D5E76A}" = Catalyst Control Center Localization Chinese Standard
"{F965E2CA-142C-9F52-F0E2-E22A3C5E9C7C}" = Catalyst Control Center Core Implementation
"{FE313125-4325-6769-1C1B-C6928B823862}" = Catalyst Control Center Localization French
"{FE3868BC-0DB4-6433-6D6B-69F4670802BB}" = Catalyst Control Center Localization Chinese Traditional
"{FEB0D6B3-4FD7-7489-61C8-BF05592609ED}" = Catalyst Control Center Graphics Full Existing
"{FF323A39-978D-DC70-3F6F-F5AC68C92664}" = Catalyst Control Center Localization Japanese
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"ATI Uninstaller" = ATI Uninstaller
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804
"FTP Commander" = FTP Commander
"InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.27)" = Mozilla Firefox (3.6.27)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"OpenMG HotFix4.4-05-12-06-01" = OpenMG Limited Patch 4.4-06-13-19-01
"PhotoScape" = PhotoScape
"RealPlayer 6.0" = RealPlayer
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Winamp" = Winamp (remove only)
"WinRAR archiver" = WinRAR Archivierer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02.03.2012 11:07:51 | Computer Name = Dennis-PC | Source = System Restore | ID = 8193
Description =

Error - 02.03.2012 11:08:10 | Computer Name = Dennis-PC | Source = System Restore | ID = 8193
Description =

Error - 02.03.2012 15:30:08 | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002
Description = Programm update.exe, Version 10.0.0.39 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: e3c Anfangszeit: 01ccf8a4bf8296d9 Zeitpunkt der Beendigung:
60000

Error - 02.03.2012 16:45:25 | Computer Name = Dennis-PC | Source = EventSystem | ID = 4621
Description =

Error - 02.03.2012 16:59:52 | Computer Name = Dennis-PC | Source = VSS | ID = 8194
Description =

Error - 02.03.2012 17:00:09 | Computer Name = Dennis-PC | Source = System Restore | ID = 8193
Description =

Error - 02.03.2012 17:03:08 | Computer Name = Dennis-PC | Source = VSS | ID = 8194
Description =

Error - 02.03.2012 17:03:12 | Computer Name = Dennis-PC | Source = System Restore | ID = 8193
Description =

Error - 02.03.2012 17:30:34 | Computer Name = Dennis-PC | Source = EventSystem | ID = 4609
Description =

Error - 02.03.2012 17:37:17 | Computer Name = Dennis-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 02.03.2012 17:14:47 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 02.03.2012 17:21:44 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 02.03.2012 17:23:13 | Computer Name = Dennis-PC | Source = DCOM | ID = 10010
Description =

Error - 02.03.2012 17:24:32 | Computer Name = Dennis-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
4, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.

Error - 02.03.2012 17:26:24 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 02.03.2012 17:26:24 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 02.03.2012 17:30:26 | Computer Name = Dennis-PC | Source = DCOM | ID = 10005
Description =

Error - 02.03.2012 17:30:34 | Computer Name = Dennis-PC | Source = DCOM | ID = 10005
Description =

Error - 02.03.2012 17:30:37 | Computer Name = Dennis-PC | Source = DCOM | ID = 10005
Description =

Error - 02.03.2012 17:30:44 | Computer Name = Dennis-PC | Source = DCOM | ID = 10005
Description =


< End of report >

Alt 02.03.2012, 23:12   #2
Crank-Tank
 
Windowssystem aus Sicherheitsgründen blockiert...bla - Standard

Windowssystem aus Sicherheitsgründen blockiert...bla


Brauche dringend Hilfe. Habe alles getan, was beschrieben ist, in den anderen Beiträgen...
__________________
Alt 02.03.2012, 23:16   #3
Crank-Tank
 
Windowssystem aus Sicherheitsgründen blockiert...bla - Standard

Windowssystem aus Sicherheitsgründen blockiert...bla




Ich dreh voll durch. Kann mir jemand helfen?! Habe alles gatan, was so beschrieben war. Hoffe, dass mir jemand antwortet. Danke schon mal.
__________________
Alt 03.03.2012, 00:18   #4
Crank-Tank
 
Windowssystem aus Sicherheitsgründen blockiert...bla - Standard

Windowssystem aus Sicherheitsgründen blockiert...bla


Ich weiß gar nicht ob das so richtig war, was ich jetzt gemacht hab...

Hab den txt. aus einem anderen Beitrag genommen für den Scan.

Jetzt noch mal die Datei ohne Fixes:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.03.2012 00:13:01 - Run 2
OTL by OldTimer - Version 3.2.34.0     Folder = C:\Users\Neu\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 63,64% Memory free
3,96 Gb Paging File | 3,45 Gb Available in Paging File | 87,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,93 Gb Total Space | 2,97 Gb Free Space | 4,31% Space Free | Partition Type: NTFS
Drive X: | 68,40 Gb Total Space | 4,12 Gb Free Space | 6,02% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Neu\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\js3250.dll ()
MOD - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\6md3j02l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll ()
MOD - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\6md3j02l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (iPod Service) --  File not found
SRV - (CLTNetCnService) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{55FAF0F2-44D4-425f-B5F5-6B275B621EAB}: "URL" = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/result.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://search.avg.com/route/?d=4cc6ec5a&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "|hxxp://de.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.19 03:15:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.02 16:11:11 | 000,000,000 | ---D | M]
 
[2008.12.08 16:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions
[2012.03.02 23:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\6md3j02l.default\extensions
[2010.06.29 14:49:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\6md3j02l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.22 13:37:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\6md3j02l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.02.20 21:10:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\6md3j02l.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.10 18:04:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\6md3j02l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.29 21:10:56 | 000,001,056 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\6md3j02l.default\searchplugins\icqplugin.xml
[2012.03.02 23:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.07.14 16:48:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.02.07 13:02:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008.12.08 16:28:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2011.02.07 13:02:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.14 14:24:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.09.10 04:49:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.10 04:49:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.10 04:49:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.10 04:49:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.10 04:49:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2011.01.07 16:04:35 | 000,001,030 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O1 - Hosts: 127.0.0.1 coo0lnet.net
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] X:\Programme\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [{A319C53F-D460-1D57-2CF0-66D4B6199436}] C:\Users\Dennis\AppData\Roaming\regedit32.exe File not found
O4 - HKCU..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [RestorPoint.exe] C:\RestorPoint\RestorPoint.exe File not found
O4 - HKCU..\Run: [skhfushjflw.exe] C:\skhfushjflw\skhfushjflw.exe File not found
O4 - HKCU..\Run: [SkypeM] C:\Users\Dennis\AppData\Local\Skype\Skype.exe (Unizeto Sp. z o.o.)
O4 - HKCU..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [vasja] C:\Users\Dennis\AppData\Local\Temp\upd.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96CB8FCE-6AD0-41E9-8A5F-EE17CD4C3141}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e97ccb21-a275-11dd-8ee0-00030d6264c3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.02 21:57:48 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[239 C:\Users\Dennis\Desktop\*.tmp files -> C:\Users\Dennis\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.02 22:24:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.02 22:20:47 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.02 22:20:47 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.02 22:15:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5F7694C4-D02A-4C09-81DF-864056AD5A2E}.job
[2012.03.02 22:13:26 | 000,340,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.02 16:05:44 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.24 16:43:10 | 000,017,280 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012.02.24 15:54:40 | 010,595,304 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.24 15:54:40 | 003,733,172 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.24 15:54:40 | 003,104,650 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.24 15:54:39 | 003,408,048 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[239 C:\Users\Dennis\Desktop\*.tmp files -> C:\Users\Dennis\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.02 16:05:44 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.04.07 09:15:05 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.02 14:55:55 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B682472

< End of report >
--- --- ---
Alt 04.03.2012, 17:56   #5
Crank-Tank
 
Windowssystem aus Sicherheitsgründen blockiert...bla - Unglücklich

Windowssystem aus Sicherheitsgründen blockiert...bla


Bitte...Warum hilft mir denn keiner???


Antwort

Themen zu Windowssystem aus Sicherheitsgründen blockiert...bla
0x00000001, ad-aware, adobe, alternate, antivir, audacity, avira, bho, converter, defender, error, firefox, format, ftp, helper, home, install.exe, limewire, logfile, microsoft security, mp3, msiexec, nvstor.sys, plug-in, realtek, registry, required, rundll, scan, searchscopes, security, software, studio, svchost.exe, systweak, udp, vista


« schwarzer Bildschirm, Bibliotheksordner leer, Festplatte angeblich defekt.... | 50€ AKM Virus - mit zweitem Betriebssystem entfernen? »


Ähnliche Themen: Windowssystem aus Sicherheitsgründen blockiert...bla


  1. Ihr windowssystem wurde aus sicherheitsgründen blockiert
    Log-Analyse und Auswertung - 06.04.2012 (8)
  2. Windowssystem blockiert aus sicherheitsgründen
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (3)
  3. Ihr Windowssystem wurde aus Sicherheitsgründen blockiert
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (22)
  4. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Log-Analyse und Auswertung - 13.02.2012 (1)
  5. Windowssystem aus Sicherheitsgründen blockiert
    Log-Analyse und Auswertung - 27.01.2012 (47)
  6. Windowssystem aus Sicherheitsgründen blockiert
    Log-Analyse und Auswertung - 26.01.2012 (1)
  7. Aus sicherheitsgründen wurde Ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 24.01.2012 (27)
  8. Windowssystem aus Sicherheitsgründen blockiert die ..................
    Log-Analyse und Auswertung - 22.01.2012 (2)
  9. Windowssystem aus Sicherheitsgründen blockiert... 50€
    Plagegeister aller Art und deren Bekämpfung - 10.01.2012 (11)
  10. Windowssystem aus Sicherheitsgründen blockiert!
    Log-Analyse und Auswertung - 30.12.2011 (8)
  11. Windowssystem aus Sicherheitsgründen blockiert!
    Plagegeister aller Art und deren Bekämpfung - 25.12.2011 (7)
  12. Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 23.12.2011 (10)
  13. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 23.12.2011 (23)
  14. windowssystem aus sicherheitsgründen blockiert...zahlen sie 50€...
    Log-Analyse und Auswertung - 22.12.2011 (3)
  15. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.
    Log-Analyse und Auswertung - 18.12.2011 (19)
  16. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (3)
  17. Aus sicherheitsgründen ist ihr Windowssystem blockiert.
    Plagegeister aller Art und deren Bekämpfung - 22.11.2011 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windowssystem aus Sicherheitsgründen blockiert...bla - OTLTxt: OTL logfile created on: 02.03.2012 22:35:21 - Run 1 OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Neu\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = - Windowssystem aus Sicherheitsgründen blockiert...bla...
Archiv
Du betrachtest: Windowssystem aus Sicherheitsgründen blockiert...bla auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19