| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Blackscreen mit Windows SicherheitswarnungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.04.2012, 18:20
| #1 |
| |  Blackscreen mit Windows Sicherheitswarnung Hallo, habe mir leider vor kurzem einen Virus eingefangen in dem auf dem Bildschirm ein schwarzes Bild ist mit dem folgenden Text: "ACHTUNG aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Durch das Besuchen von Seiten mit infizierten und pronografischen Seiten..." Da ich selber nicht so fitt in Computer Angelegenheiten bin wollte ich euch fragen was ich denn am besten jetzt machen sollte. Ich kann auch keine Desktop Symbole oder irgendwas an dem Computer verändern. Danke schonmal für die Hilfe Gruß J_D |
|
02.04.2012, 19:02
| #2 |
| /// Malware-holic   | Blackscreen mit Windows Sicherheitswarnung hi
__________________neustart, f8 drücken abgesicherter modus mit netzwerk wählen, im betroffenen konto anmelden, internet verbindung herstellen. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
02.04.2012, 19:53
| #3 |
| | Blackscreen mit Windows Sicherheitswarnung Ich hatte währendessen noch auf einem anderen Benutzer an dem PC der auch Administrator ist einen Malwarebtis fullscan laufen der jetzt abgeschlossen ist. Der Blackscreen ist jetzt auch weg, muss ich OTL jetzt auch noch laufen lassen und wenn ja muss die dann auch im abgesicherten Modus geschehen oder kann ich das dann auch im normalen Modus machen?
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.02.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 hallo :: MASCHINE [administrator] Protection: Enabled 02.04.2012 18:51:46 mbam-log-2012-04-02 (18-51-46).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 728591 Time elapsed: 1 hour(s), 52 minute(s), 58 second(s) Memory Processes Detected: 1 C:\Users\J_D\AppData\Local\Skype\SkypePM.exe (Trojan.Ransom) -> 3656 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Users\J_D\AppData\Local\Skype\SkypePM.exe (Trojan.Ransom) -> Delete on reboot. C:\Users\J_D\AppData\Local\Temp\ch8l0.exe (Trojan.Ransom) -> Quarantined and deleted successfully. C:\Users\J_D\AppData\Local\Temp\ch8l1.exe (Trojan.Ransom) -> Quarantined and deleted successfully. C:\Users\J_D\AppData\Local\Temp\ch8l2.exe (Trojan.Ransom) -> Quarantined and deleted successfully. C:\Users\J_D\AppData\Local\Temp\ch8l3.exe (Trojan.Ransom) -> Quarantined and deleted successfully. (end) |
|
02.04.2012, 19:57
| #4 |
| /// Malware-holic | Blackscreen mit Windows Sicherheitswarnung ab jetzt werden nur noch die angeforderten scans gemacht. otl logs posten bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.04.2012, 20:41
| #5 |
| | Blackscreen mit Windows Sicherheitswarnung OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.04.2012 21:05:40 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\J_D\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,99 Gb Total Physical Memory | 4,76 Gb Available Physical Memory | 79,42% Memory free
11,98 Gb Paging File | 10,78 Gb Available in Paging File | 89,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,95 Gb Total Space | 144,83 Gb Free Space | 31,62% Space Free | Partition Type: NTFS
Drive D: | 458,46 Gb Total Space | 256,52 Gb Free Space | 55,95% Space Free | Partition Type: NTFS
Computer Name: MASCHINE | User Name: J_D | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.04.02 21:04:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\J_D\Desktop\OTL(1).exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - [2012.03.04 23:40:10 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.07.01 03:22:31 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.03 22:18:00 | 004,092,408 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.04.27 12:44:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Stopped] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.10.14 12:59:15 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.02.01 05:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.12.10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.08.07 21:58:44 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.07.01 03:22:32 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.01 03:22:32 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.22 09:02:04 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.10.22 09:02:03 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.02.22 18:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010.02.22 18:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010.02.22 18:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.12.28 16:52:12 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.11.17 02:16:43 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009.07.14 18:46:48 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.22 05:05:58 | 000,273,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 18:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009.06.17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009.06.17 18:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009.06.17 18:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.02.03 18:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.02.05 13:13:22 | 000,272,768 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\etFilter64.sys -- (FiltUSBET)
DRV:64bit: - [2007.10.12 12:54:18 | 000,531,712 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\etDevice64.sys -- (DCamUSBET)
DRV:64bit: - [2007.09.07 16:24:00 | 000,009,216 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\etScan64.sys -- (ScanUSBET)
DRV - [2009.10.28 07:09:33 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173609102206p0345v1i5y4873027q
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173609102206p0345v1i5y4873027q
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173609102206p0345v1i5y4873027q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173609102206p0345v1i5y4873027q
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173609102206p0345v1i5y4873027q
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3EE69C97-6444-4B08-BB23-C8F72A129334}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - prefs.js..network.proxy.ftp: "proxy.hs-karlsruhe.de"
FF - prefs.js..network.proxy.ftp_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, .hs-karlsruhe.de"
FF - prefs.js..network.proxy.socks: "proxy.hs-karlsruhe.de"
FF - prefs.js..network.proxy.socks_port: 8888
FF - prefs.js..network.proxy.ssl: "proxy.hs-karlsruhe.de"
FF - prefs.js..network.proxy.ssl_port: 8888
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.01 18:00:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Firefox\components [2012.03.17 14:20:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Firefox\plugins [2012.02.14 14:56:19 | 000,000,000 | ---D | M]
[2010.09.17 19:42:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J_D\AppData\Roaming\mozilla\Extensions
[2012.04.02 21:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J_D\AppData\Roaming\mozilla\Firefox\Profiles\4g1vluvt.default\extensions
[2011.10.26 14:27:03 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\J_D\AppData\Roaming\mozilla\Firefox\Profiles\4g1vluvt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.02 21:02:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\J_D\AppData\Roaming\mozilla\Firefox\Profiles\4g1vluvt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.15 17:29:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\J_D\AppData\Roaming\mozilla\Firefox\Profiles\4g1vluvt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.09.19 19:28:12 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\J_D\AppData\Roaming\mozilla\Firefox\Profiles\4g1vluvt.default\extensions\firefox@tvunetworks.com
[2010.10.02 15:46:03 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\J_D\AppData\Roaming\mozilla\Firefox\Profiles\4g1vluvt.default\extensions\vshare@toolbar
[2012.03.27 00:19:27 | 000,001,056 | ---- | M] () -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\4g1vluvt.default\searchplugins\icqplugin.xml
[2012.03.17 14:20:45 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012.03.14 15:10:01 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
() (No name found) -- C:\USERS\J_D\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4G1VLUVT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\J_D\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4G1VLUVT.DEFAULT\EXTENSIONS\{D5EA4520-61A1-11DA-8CD6-0800200C9A66}.XPI
() (No name found) -- C:\USERS\J_D\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4G1VLUVT.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
() (No name found) -- C:\USERS\J_D\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4G1VLUVT.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
========== Chrome ==========
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files (x86)\Firefox\plugins\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Firefox\plugins\npdeployJava1.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Firefox\plugins\npqtplugin7.dll
CHR - plugin: thriXXX WebLaunch (Enabled) = C:\Program Files (x86)\Firefox\plugins\npWebLaunch.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\J_D\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\J_D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [etMonitor] C:\Windows\etMon.exe (EMPIA Technology Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [3200 Scan2PC] C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [VoiceChum] C:\Program Files (x86)\VogueSystemsLLC\VoiceChum\VoiceChum.exe File not found
O4 - HKCU..\Run: [PokerStrategy.com SideKick] "C:\Users\J_D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com\PokerStrategy.com SideKick.appref-ms" File not found
O4 - HKCU..\Run: [SkypePM] C:\Users\J_D\AppData\Local\Skype\SkypePM.exe File not found
O4 - Startup: C:\Users\J_D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\J_D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\J_D\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\J_D\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\J_D\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\J_D\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{743053C8-1536-4B83-A8D9-30BA0A8F80C1}: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5dbc58af-db5a-11df-b48e-00016c71281b}\Shell - "" = AutoRun
O33 - MountPoints2\{5dbc58af-db5a-11df-b48e-00016c71281b}\Shell\AutoRun\command - "" = L:\Setup.exe
O33 - MountPoints2\{5dbc59e3-db5a-11df-b48e-00016c71281b}\Shell - "" = AutoRun
O33 - MountPoints2\{5dbc59e3-db5a-11df-b48e-00016c71281b}\Shell\AutoRun\command - "" = M:\autorun.exe
O33 - MountPoints2\{5dbc5ae6-db5a-11df-b48e-00016c71281b}\Shell - "" = AutoRun
O33 - MountPoints2\{5dbc5ae6-db5a-11df-b48e-00016c71281b}\Shell\AutoRun\command - "" = N:\Installer.exe
O33 - MountPoints2\{8f87e150-c38d-11df-98f8-00016c71281b}\Shell - "" = AutoRun
O33 - MountPoints2\{8f87e150-c38d-11df-98f8-00016c71281b}\Shell\AutoRun\command - "" = K:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe - ()
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Global Registration - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: Packard Bell Photo Frame - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2012.04.02 21:04:32 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\J_D\Desktop\OTL(1).exe
[2012.03.28 11:54:45 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.03.27 19:11:26 | 000,000,000 | ---D | C] -- C:\Users\J_D\AppData\Roaming\Roaming
[2012.03.21 15:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerTracker 3
[2012.03.21 15:41:59 | 000,000,000 | ---D | C] -- C:\Users\J_D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 3
[2012.03.21 15:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerTracker 3
[2012.03.19 16:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2012.03.19 16:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2012.03.19 16:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2012.03.15 21:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2012.03.15 21:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2012.03.15 17:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.15 17:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.15 17:42:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.03.15 17:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.15 17:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.15 17:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.03.14 15:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.03.14 15:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2012.03.14 15:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.03.13 18:13:35 | 000,000,000 | ---D | C] -- C:\Users\J_D\Documents\Rockstar Games
[2012.03.13 17:36:43 | 000,000,000 | ---D | C] -- C:\Users\J_D\AppData\Local\Rockstar Games
[2012.03.13 17:26:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012.03.13 17:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2012.03.13 17:24:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012.03.13 17:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012.03.12 20:51:51 | 000,000,000 | ---D | C] -- C:\Users\J_D\AppData\Roaming\Telefónica
[2012.03.12 20:51:38 | 000,223,744 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zteusbnet.sys
[2012.03.12 20:51:38 | 000,121,344 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys
[2012.03.12 20:51:38 | 000,121,344 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmeaext2.sys
[2012.03.12 20:51:38 | 000,121,344 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys
[2012.03.12 20:51:38 | 000,121,344 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys
[2012.03.12 20:51:38 | 000,018,432 | ---- | C] (ZTE) -- C:\Windows\SysNative\drivers\ZTEusbccid.sys
[2012.03.12 20:51:38 | 000,012,800 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\massfilter_hs.sys
[2012.03.12 20:51:38 | 000,012,800 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys
[2012.03.12 20:51:37 | 000,000,000 | ---D | C] -- C:\Windows\massfilter
[2012.03.12 20:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\o2
[2012.03.12 20:51:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\o2
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.04.02 21:04:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\J_D\Desktop\OTL(1).exe
[2012.04.02 21:02:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.02 21:02:12 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.02 21:00:39 | 000,000,292 | -HS- | M] () -- C:\Windows\tasks\rucwbiwhi.job
[2012.04.02 20:55:20 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.02 20:55:20 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.02 18:50:09 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.02 18:50:09 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.02 18:50:09 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.02 18:50:09 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.02 18:50:09 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.28 15:35:33 | 000,000,341 | ---- | M] () -- C:\Users\J_D\Desktop\partition.cs
[2012.03.27 19:04:47 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\HoldemManager2.lnk
[2012.03.22 18:56:31 | 000,124,237 | ---- | M] () -- C:\Users\J_D\Desktop\PLO25 zoom.jpg
[2012.03.21 15:42:08 | 000,004,877 | ---- | M] () -- C:\ProgramData\bltofzsb.qlf
[2012.03.21 15:42:00 | 000,001,081 | ---- | M] () -- C:\Users\J_D\Desktop\PokerTracker 3.lnk
[2012.03.21 15:35:40 | 000,003,019 | ---- | M] () -- C:\Users\J_D\Desktop\TableNinja.lnk
[2012.03.19 16:34:43 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2012.03.19 16:34:43 | 000,000,666 | ---- | M] () -- C:\Users\J_D\Desktop\HsKA.pcf
[2012.03.19 16:26:20 | 000,005,541 | ---- | M] () -- C:\Users\J_D\Desktop\tan-liste HSKA.pdf
[2012.03.18 18:42:39 | 000,064,687 | ---- | M] () -- C:\Users\J_D\Desktop\uuuppsidaysiiee.jpg
[2012.03.18 15:38:13 | 000,091,395 | ---- | M] () -- C:\Users\J_D\Desktop\Schedule 18.3.12.jpg
[2012.03.18 15:28:45 | 000,067,612 | ---- | M] () -- C:\Users\J_D\Desktop\thisyear.jpg
[2012.03.18 15:26:16 | 000,054,797 | ---- | M] () -- C:\Users\J_D\Desktop\limitsmixedlol.jpg
[2012.03.18 15:18:38 | 000,077,852 | ---- | M] () -- C:\Users\J_D\Desktop\plo.jpg
[2012.03.15 23:11:18 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.15 17:42:24 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.15 04:20:10 | 000,463,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.14 15:43:48 | 000,000,878 | ---- | M] () -- C:\Users\J_D\AppData\Roaming\MPQEditor.ini
[2012.03.14 15:36:04 | 000,001,091 | ---- | M] () -- C:\Users\J_D\Dokumente - Verknüpfung.lnk
[2012.03.13 16:21:01 | 000,003,303 | ---- | M] () -- C:\Users\J_D\Desktop\Download.jpg
[2012.03.13 08:52:02 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Connection Manager.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.03.28 15:35:33 | 000,000,341 | ---- | C] () -- C:\Users\J_D\Desktop\partition.cs
[2012.03.27 19:04:47 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\HoldemManager2.lnk
[2012.03.22 18:56:31 | 000,124,237 | ---- | C] () -- C:\Users\J_D\Desktop\PLO25 zoom.jpg
[2012.03.21 15:42:08 | 000,004,877 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2012.03.21 15:42:00 | 000,001,081 | ---- | C] () -- C:\Users\J_D\Desktop\PokerTracker 3.lnk
[2012.03.19 16:34:42 | 000,000,666 | ---- | C] () -- C:\Users\J_D\Desktop\HsKA.pcf
[2012.03.19 16:33:58 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2012.03.19 16:26:20 | 000,005,541 | ---- | C] () -- C:\Users\J_D\Desktop\tan-liste HSKA.pdf
[2012.03.18 18:42:38 | 000,064,687 | ---- | C] () -- C:\Users\J_D\Desktop\uuuppsidaysiiee.jpg
[2012.03.18 16:58:07 | 000,003,019 | ---- | C] () -- C:\Users\J_D\Desktop\TableNinja.lnk
[2012.03.18 15:38:13 | 000,091,395 | ---- | C] () -- C:\Users\J_D\Desktop\Schedule 18.3.12.jpg
[2012.03.18 15:28:44 | 000,067,612 | ---- | C] () -- C:\Users\J_D\Desktop\thisyear.jpg
[2012.03.18 15:26:15 | 000,054,797 | ---- | C] () -- C:\Users\J_D\Desktop\limitsmixedlol.jpg
[2012.03.18 15:18:38 | 000,077,852 | ---- | C] () -- C:\Users\J_D\Desktop\plo.jpg
[2012.03.15 23:11:18 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.15 17:42:24 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.14 15:38:31 | 000,000,878 | ---- | C] () -- C:\Users\J_D\AppData\Roaming\MPQEditor.ini
[2012.03.14 15:36:04 | 000,001,091 | ---- | C] () -- C:\Users\J_D\Dokumente - Verknüpfung.lnk
[2012.03.13 16:21:01 | 000,003,303 | ---- | C] () -- C:\Users\J_D\Desktop\Download.jpg
[2012.03.12 20:51:51 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Connection Manager.lnk
[2011.12.27 13:38:04 | 000,053,248 | ---- | C] () -- C:\Windows\etRunDLL.dll
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.07.04 17:07:04 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011.04.08 13:32:12 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.03.28 15:55:32 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.03.28 15:55:16 | 000,116,016 | ---- | C] () -- C:\Windows\Wiainst.exe
[2011.02.15 00:22:38 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.02.14 16:16:24 | 000,000,045 | ---- | C] () -- C:\Users\J_D\AppData\Local\machpro.dat
[2011.02.06 14:07:59 | 000,189,960 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.02.05 15:25:13 | 000,000,381 | ---- | C] () -- C:\Users\J_D\AppData\Local\postgresinstall.bat
[2011.02.05 15:21:07 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.02 01:01:30 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.19 20:03:59 | 000,087,108 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.10.14 12:59:08 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.10.05 13:13:27 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.09.21 18:16:53 | 000,000,554 | ---- | C] () -- C:\Windows\eReg.dat
[2010.09.18 16:43:01 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.09.18 16:43:01 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.17 19:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
========== LOP Check ==========
[2010.09.17 19:10:54 | 000,000,000 | -HSD | M] -- C:\Users\J_D\AppData\Roaming\.#
[2011.10.11 02:46:12 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\.minecraft
[2012.02.24 00:29:48 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\calibre
[2012.01.30 17:56:59 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\COW
[2010.10.21 20:42:20 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\DAEMON Tools Lite
[2010.09.18 16:02:08 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\DAEMON Tools Pro
[2011.12.04 15:00:24 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Day 1 Studios
[2012.04.02 20:48:36 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Dropbox
[2011.12.31 15:45:00 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\DVDVideoSoft
[2011.10.26 14:27:02 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.05 13:04:12 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Gutscheinmieze
[2011.05.19 16:35:11 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\HEM Data
[2012.03.31 03:17:18 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\HoldemManager
[2012.03.05 11:17:00 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\ICQ
[2010.10.24 10:15:53 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Kalypso Media
[2010.12.29 22:56:07 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Leadertech
[2011.01.06 23:46:47 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\LolClient
[2010.09.17 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\MAGIX
[2012.01.06 20:09:45 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Microgaming
[2010.09.30 16:45:59 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Miranda
[2011.05.18 00:15:39 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\MySQL
[2011.12.16 16:06:18 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\PacificPoker
[2011.09.15 17:33:38 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\pdfforge
[2010.10.24 10:14:20 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\ProtectDISC
[2012.03.27 19:11:26 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Roaming
[2011.09.28 14:04:03 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\SplitMediaLabs
[2011.03.01 02:05:12 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\TeamViewer
[2012.03.12 20:51:51 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Telefónica
[2010.11.24 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\thriXXX
[2012.02.06 13:08:25 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\TS3Client
[2011.11.10 23:34:03 | 000,000,000 | ---D | M] -- C:\Users\J_D\AppData\Roaming\Ubisoft
[2012.04.02 21:00:39 | 000,000,292 | -HS- | M] () -- C:\Windows\Tasks\rucwbiwhi.job
[2012.02.21 04:19:34 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012.03.15 19:17:39 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.09.17 18:58:43 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.07.10 15:35:03 | 000,000,000 | -HSD | M] -- C:\found.000
[2012.03.13 16:43:18 | 000,000,000 | ---D | M] -- C:\Games
[2011.11.16 12:39:53 | 000,000,000 | ---D | M] -- C:\Games)
[2012.03.27 19:06:00 | 000,000,000 | ---D | M] -- C:\HM2Archive
[2012.01.01 20:36:58 | 000,000,000 | ---D | M] -- C:\HMArchive
[2009.09.03 16:05:43 | 000,000,000 | ---D | M] -- C:\Intel
[2012.01.06 19:58:30 | 000,000,000 | ---D | M] -- C:\Microgaming
[2009.09.04 03:46:19 | 000,000,000 | R--D | M] -- C:\MSOCache
[2011.12.03 15:30:45 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2010.09.17 19:24:15 | 000,000,000 | ---D | M] -- C:\OEM
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.10 14:57:44 | 000,000,000 | ---D | M] -- C:\Poker
[2012.03.28 15:39:42 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.21 15:41:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.03.23 14:43:35 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.09.17 18:58:43 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.06.20 11:49:15 | 000,000,000 | ---D | M] -- C:\Programs (x86)
[2010.09.17 18:58:43 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.31 07:57:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.15 19:17:34 | 000,000,000 | R--D | M] -- C:\Users
[2010.12.19 20:07:07 | 000,000,000 | ---D | M] -- C:\WC3 US Converter
[2010.12.19 20:09:42 | 000,000,000 | ---D | M] -- C:\WC3 US Converter isntalled
[2010.12.19 20:08:16 | 000,000,000 | ---D | M] -- C:\WC3 US Fix 1
[2010.12.19 20:08:33 | 000,000,000 | ---D | M] -- C:\WC3 US Fix 2
[2012.04.02 21:02:14 | 000,000,000 | ---D | M] -- C:\Windows
[2011.05.18 00:12:32 | 000,000,000 | ---D | M] -- C:\xampp
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
< MD5 for: EXPLORER.EXE >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %USERPROFILE%\*.* >
[2011.08.18 17:26:56 | 000,341,331 | ---- | M] () -- C:\Users\J_D\18.jpg
[2012.03.14 15:36:04 | 000,001,091 | ---- | M] () -- C:\Users\J_D\Dokumente - Verknüpfung.lnk
[2012.04.02 21:17:34 | 004,456,448 | -HS- | M] () -- C:\Users\J_D\NTUSER.DAT
[2012.04.02 21:17:34 | 000,262,144 | -HS- | M] () -- C:\Users\J_D\ntuser.dat.LOG1
[2010.09.17 18:58:59 | 000,000,000 | -HS- | M] () -- C:\Users\J_D\ntuser.dat.LOG2
[2010.09.17 19:24:21 | 000,065,536 | -HS- | M] () -- C:\Users\J_D\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.09.17 19:24:21 | 000,524,288 | -HS- | M] () -- C:\Users\J_D\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.09.17 19:24:21 | 000,524,288 | -HS- | M] () -- C:\Users\J_D\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.09.17 18:58:59 | 000,000,020 | -HS- | M] () -- C:\Users\J_D\ntuser.ini
[2012.03.15 21:57:14 | 000,016,384 | -HS- | M] () -- C:\Users\J_D\Thumbs.db
[2011.04.23 22:58:30 | 000,002,170 | ---- | M] () -- C:\Users\J_D\URPreferences.xml
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E1F04E8D
< End of report >
[/CODE] eine Extra.txt gabs bei mir nicht. Ich habe alles durchsucht aber nichts gefunden |
|
03.04.2012, 12:24
| #6 | |
| /// Malware-holic | Blackscreen mit Windows SicherheitswarnungCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Blackscreen mit Windows Sicherheitswarnung |
|
03.04.2012, 13:08
| #7 |
| | Blackscreen mit Windows SicherheitswarnungCode:
ATTFilter ComboFix 12-04-02.01 - J_D 03.04.2012 13:49:36.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6135.3404 [GMT 2:00]
ausgeführt von:: c:\users\J_D\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\packardbell.ico
c:\users\J_D\18.jpg
c:\users\J_D\4.0
c:\users\J_D\AppData\Local\Skype\SkypePM.exe
c:\users\J_D\AppData\Roaming\.#
c:\users\J_D\AppData\Roaming\.#\MBX@BE4@3A2790.###
c:\users\J_D\AppData\Roaming\.#\MBX@BE4@3A27C0.###
c:\users\J_D\AppData\Roaming\mIRC\logs\status.log
c:\users\J_D\AppData\Roaming\Roaming
c:\users\J_D\AppData\Roaming\Roaming\HoldemManager\config\FTPRushTables.xml
c:\windows\SysWow64\swt-win32-3232.dll
c:\windows\SysWow64\tmp1492.tmp
c:\windows\SysWow64\tmp14B2.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-03 bis 2012-04-03 ))))))))))))))))))))))))))))))
.
.
2012-03-21 13:41 . 2012-03-26 11:55 -------- d-----w- c:\program files (x86)\PokerTracker 3
2012-03-19 14:34 . 2012-03-19 14:34 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2012-03-19 14:34 . 2012-03-19 14:34 -------- d-----w- c:\program files (x86)\Cisco Systems
2012-03-15 19:56 . 2012-03-15 19:56 -------- d-----w- c:\program files (x86)\Safer Networking
2012-03-15 17:17 . 2012-03-15 17:17 -------- d-----w- c:\users\hallo
2012-03-15 15:42 . 2012-03-15 15:42 -------- d-----w- c:\program files\iTunes
2012-03-15 15:42 . 2012-03-15 15:42 -------- d-----w- c:\program files (x86)\iTunes
2012-03-15 15:42 . 2012-03-15 15:42 -------- d-----w- c:\program files\iPod
2012-03-15 15:33 . 2012-03-15 15:33 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-15 02:02 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 02:02 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 02:02 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 13:09 . 2012-03-14 13:09 -------- d-----w- c:\program files (x86)\pdfforge Toolbar
2012-03-14 13:09 . 2012-03-14 13:09 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-03-14 13:09 . 2012-03-14 13:09 -------- d-----w- c:\program files (x86)\Application Updater
2012-03-14 09:30 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:30 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:30 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 09:30 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:30 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:30 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:29 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:29 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:29 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 15:36 . 2012-03-13 15:36 -------- d-----w- c:\users\J_D\AppData\Local\Rockstar Games
2012-03-13 15:26 . 2012-03-13 15:26 -------- d-sh--w- c:\programdata\SecuROM
2012-03-13 15:24 . 2012-03-13 15:24 -------- d-----w- c:\windows\SysWow64\xlive
2012-03-13 15:24 . 2012-03-13 15:24 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-03-12 18:51 . 2012-03-12 18:51 -------- d-----w- c:\users\J_D\AppData\Roaming\Telefónica
2012-03-12 18:51 . 2010-02-22 17:25 18432 ----a-w- c:\windows\system32\drivers\ZTEusbccid.sys
2012-03-12 18:51 . 2010-02-22 16:41 121344 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-03-12 18:51 . 2010-02-22 16:41 121344 ----a-w- c:\windows\system32\drivers\ZTEusbnmeaext2.sys
2012-03-12 18:51 . 2010-02-22 16:41 121344 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-03-12 18:51 . 2010-02-22 16:41 121344 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-03-12 18:51 . 2010-02-10 16:50 223744 ----a-w- c:\windows\system32\drivers\zteusbnet.sys
2012-03-12 18:51 . 2009-12-28 14:52 12800 ----a-w- c:\windows\system32\drivers\massfilter.sys
2012-03-12 18:51 . 2009-02-03 16:00 12800 ----a-w- c:\windows\system32\drivers\massfilter_hs.sys
2012-03-12 18:51 . 2012-03-12 18:51 -------- d-----w- c:\windows\massfilter
2012-03-12 18:51 . 2012-03-12 18:51 -------- d-----w- c:\program files (x86)\o2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 14:52 . 2012-03-02 14:52 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-02-29 19:48 . 2011-08-09 09:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-30 10:59 . 2012-01-30 10:59 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-01-30 10:59 . 2010-10-21 16:03 567184 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\J_D\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\J_D\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\J_D\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\J_D\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-04 618496]
"3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2010-05-18 1989120]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-03-04 934752]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\J_D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\J_D\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Control Center.lnk - c:\program files (x86)\VAD\Laplace Webcam\Tools\SystemTray.exe [2011-12-27 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 dump_wmimmc;dump_wmimmc;c:\games\Dragonica\Release\GameGuard\dump_wmimmc.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-03-04 748440]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-11-17 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-11-11 199600]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 DCamUSBET;VAD Laplace Webcam;c:\windows\system32\DRIVERS\etDevice64.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\J_D\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\J_D\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\J_D\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\J_D\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504]
"etMonitor"="c:\windows\etMon.exe" [2007-04-04 88576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173609102206p0345v1i5y4873027q
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\J_D\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.11.1
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\4g1vluvt.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-SkypePM - c:\users\J_D\AppData\Local\Skype\SkypePM.exe
Wow6432Node-HKLM-Run-VoiceChum - c:\program files (x86)\VogueSystemsLLC\VoiceChum\VoiceChum.exe
Notify-LBTWlgn - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2812613609-941386688-3819402148-1001\Software\SecuROM\License information*]
"datasecu"=hex:ed,86,27,03,54,6f,59,0e,6c,20,68,b3,3a,b3,36,93,1c,cf,2b,db,df,
20,fd,b2,67,de,2f,7c,31,0e,66,29,0e,23,07,ff,f0,9f,15,74,9a,1f,c4,a8,2e,d7,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-03 14:05:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-04-03 12:05
.
Vor Suchlauf: 23 Verzeichnis(se), 155.112.697.856 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 157.960.335.360 Bytes frei
.
- - End Of File - - 3CE05B9112B31ECBC6907CBCB5A77133
|
|
03.04.2012, 19:26
| #8 |
| /// Malware-holic | Blackscreen mit Windows Sicherheitswarnung lade den CCleaner standard: CCleaner Download - CCleaner 3.17.1689 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.04.2012, 20:19
| #9 |
| | Blackscreen mit Windows SicherheitswarnungCode:
ATTFilter 888poker 15.12.2011 notwendig Active@ ISO Burner LSoft Technologies 06.08.2011 unbekannt Adobe AIR Adobe Systems Inc. 16.09.2010 2.0.3.13070 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 15.02.2012 6,00MB 11.1.102.62 notwendig Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 28.02.2012 6,00MB 11.1.102.62 notwendig Adobe Reader 9.5.0 MUI Adobe Systems Incorporated 21.01.2012 686MB 9.5.0 notwendig Adobe Shockwave Player Adobe Systems, Inc. 24.09.2010 10.2.0.22 notwendig Allods Online 2.0.06.42 gPotato 13.11.2011 2.0.06.42 unnötig ANNO 1404 Ubisoft 28.05.2011 1.02.0000 notwendig ANNO 1404 - Venedig Ubisoft 28.05.2011 2.0.5008.0 notwendig ANNO 2070 DEMO Ubisoft 09.11.2011 1.0.0.0 unnötig Apple Application Support Apple Inc. 14.03.2012 61,0MB 2.1.7 unbekannt Apple Mobile Device Support Apple Inc. 14.03.2012 24,5MB 5.1.1.4 unbekannt Apple Software Update Apple Inc. 13.02.2012 2,38MB 2.1.3.127 unbekannt Assassin's Creed II Ubisoft 28.10.2010 1.01 unnötig Avira AntiVir Personal - Free Antivirus Avira GmbH 12.02.2012 61,8MB 10.2.0.707 notwendig Battlefield: Bad Company™ 2 Electronic Arts 17.09.2010 5.869MB 1.0.0.0 unnötig BDFL Manager 2005 Pro Edition Codemasters 18.09.2010 1.00.0000 unnötig Bonjour Apple Inc. 13.02.2012 2,04MB 3.0.0.10 unbekannt calibre Kovid Goyal 22.02.2012 123,2MB 0.8.40 notwendig CamStudio OSS Desktop Recorder CamStudio Open Source Dev Team 30.12.2011 15,1MB 2.6 Beta r273 unnötig Catan Online Welt Catan GmbH 29.01.2012 3.909 unnötig CCleaner Piriform 02.04.2012 3.17 .... Cisco Systems VPN Client 5.0.07.0440 18.03.2012 10,6MB notwendig Commandos 3 - Destination Berlin 24.09.2010 unnötig Compatibility Pack für 2007 Office System Microsoft Corporation 20.02.2012 147,0MB 12.0.6612.1000 notwendig Convert AVI to MP4 1.3 convertavitomp3.com 30.12.2011 unnötig Counter-Strike Valve 23.10.2010 unnötig Die Siedler - Aufbruch der Kulturen 23.09.2010 unnötig Die Siedler 7 Ubisoft 26.10.2010 1.02.1221 unnötig Die Sims™ 3 Electronic Arts 17.02.2012 1.29.55 notwendig DivX-Setup DivX, LLC 31.12.2011 2.5.0.11 unbekannt Dragonica(DE) GALA Networks Europe Limited. 09.08.2011 9.5.8.0 unnötig Dropbox Dropbox, Inc. 28.02.2012 1.2.52 notwendig DVD Shrink 3.2 deutsch (DeCSS-frei) DVD Shrink 04.10.2010 unnötig DYNASTY WARRIORS 6 Koei 23.11.2010 4.866MB 1.00.0000 unnötig EA Download Manager Electronic Arts, Inc. 16.09.2010 6.0.4.124 unnötig EA Download Manager UI Electronic Arts 16.09.2010 6.0.4.124 unnötig EA SPORTS online 2008 24.09.2010 unnötig ePub to PDF Converter 2.0.3 DONGSOFT Company, Inc. 17.02.2012 unnötig Free Screen Video Recorder version 2.5.19.1117 DVDVideoSoft Ltd. 30.12.2011 37,9MB unnötig Free YouTube to MP3 Converter version 3.10.11.923 DVDVideoSoft Ltd. 25.10.2011 42,4MB unnötig Full Tilt Poker 15.04.2011 4.39.7.WIN.FullTilt.COM unnötig FUSSBALL MANAGER 11 Electronic Arts 09.11.2010 unnötig Garena 2010 Garena Online Pte Ltd. 21.12.2010 2010 unnötig Grand Theft Auto: Episodes From Liberty City Rockstar Games 12.03.2012 1.1.0.0 unnötig GUILD WARS 10.11.2011 unnötig Holdem Manager 06.12.2011 NOTWENDIG Holdem Manager 2 05.12.2011 NOTWENDIG ICM Trainer PokerStrategy 06.12.2011 46,4MB 1.0.0 notwendig ICM Trainer Light PokerStrategy 11.02.2011 18,7MB 1.1 notwendig ICQ Toolbar ICQ 27.07.2011 3.0.0 unnötig ICQ7.5 ICQ 27.07.2011 7.5 unnötig iTunes Apple Inc. 14.03.2012 158,9MB 10.6.0.40 notwendig Java(TM) 6 Update 21 (64-bit) Oracle 16.09.2010 90,5MB 6.0.210 notwendig Java(TM) 6 Update 26 Sun Microsystems, Inc. 20.10.2010 94,5MB 6.0.260 notwendig Java(TM) 7 Update 2 Oracle 29.01.2012 99,1MB 7.0.20 notwendig JDownloader AppWork UG (haftungsbeschränkt) 20.10.2010 notwendig join.me LogMeIn, Inc. 13.03.2012 1.3.1.426 notwendig League of Legends Riot Games 31.03.2011 1.02.0000 unnötig Livestream Procaster Procaster 25.05.2011 51,4MB 20.0.151 unnötig Logitech SetPoint Logitech 28.12.2010 17,00KB 4.80 unnötig LogMeIn Hamachi LogMeIn, Inc. 28.02.2012 2.1.0.166 unnötig LOLReplay www.leaguereplays.com 26.11.2011 0.7.3.4 unnötig Madden NFL 08 Electronic Arts 24.09.2010 notwendig Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 14.03.2012 17,4MB 1.60.1.1000 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 23.11.2010 38,8MB 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 23.11.2010 2,94MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 04.02.2011 52,0MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 04.02.2011 10,7MB 4.0.30319 notwendig Microsoft Games for Windows - LIVE Microsoft Corporation 12.03.2012 8,31MB 3.1.186.0 unbekannt Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 12.03.2012 32,3MB 3.1.99.0 unbekannt Microsoft Office File Validation Add-In Microsoft Corporation 14.09.2011 7,95MB 14.0.5130.5003 notwendig Microsoft Office Home and Student 2007 Microsoft Corporation 20.02.2012 12.0.6612.1000 notwendig Microsoft Office Language Pack 2007 - German/Deutsch Microsoft Corporation 20.02.2012 12.0.6612.1000 notwendig Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 20.02.2012 62,8MB 12.0.6612.1000 notwendig Microsoft Office Suite Activation Assistant Microsoft Corporation 02.09.2009 8,37MB 2.9 notwendig Microsoft Silverlight Microsoft Corporation 15.02.2012 166,3MB 4.1.10111.0 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 30.12.2010 0,25MB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 19.06.2011 0,29MB 8.0.56336 unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 28.12.2010 0,68MB 8.0.61000 unbekannt Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 27.05.2011 0,57MB 8.0.51011 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 03.10.2010 0,21MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 27.05.2011 0,77MB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 27.05.2011 0,58MB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 01.10.2010 0,77MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 19.06.2011 0,77MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 21.10.2010 2,87MB 9.0.21022 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 21.10.2010 0,23MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 16.09.2010 0,58MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 19.06.2011 0,59MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 26.03.2012 13,7MB 10.0.30319 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 16.11.2011 15,0MB 10.0.40219 unbekannt Microsoft Works Microsoft Corporation 15.12.2010 876MB 9.7.0621 unbekannt Microsoft WSE 3.0 Runtime Microsoft Corp. 16.09.2010 0,92MB 3.0.5305.0 unbekannt Miranda IM 0.9.4 29.09.2010 unnötig Mobile Connection Manager Mobile Connection Manager 11.03.2012 unbekannt MobileMe Control Panel Apple Inc. 05.02.2011 12,0MB 3.1.5.0 unbekannt Mozilla Firefox 11.0 (x86 de) Mozilla 16.03.2012 40,6MB 11.0 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 18.09.2010 1,28MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 18.09.2010 1,33MB 4.20.9876.0 unbekannt MySQL Workbench 5.2 CE Oracle Corporation 17.05.2011 64,1MB 5.2.33 notwendig Need for Speed™ ProStreet Electronic Arts 23.09.2010 8.025MB 1.0.1.0 unnötig Nero Move it Essentials Nero AG 21.12.2010 unnötig NVIDIA 3D Vision Controller-Treiber 285.62 NVIDIA Corporation 02.12.2011 285.62 notwendig NVIDIA 3D Vision Treiber 285.62 NVIDIA Corporation 02.12.2011 285.62 notwendig NVIDIA Display Control Panel NVIDIA Corporation 19.02.2011 6.14.12.5896 notwendig NVIDIA Drivers NVIDIA Corporation 02.12.2011 65,1MB 1.4 notwendig NVIDIA Grafiktreiber 285.62 NVIDIA Corporation 02.12.2011 285.62 notwendig NVIDIA HD-Audiotreiber 1.2.24.0 NVIDIA Corporation 02.12.2011 1.2.24.0 notwendig NVIDIA PhysX-Systemsoftware 9.11.0621 NVIDIA Corporation 02.12.2011 9.11.0621 notwendig NVIDIA Update 1.5.20 NVIDIA Corporation 02.12.2011 1.5.20 notwendig Octoshape add-in for Adobe Flash Player 17.12.2010 unbekannt OpenAL 24.09.2010 unbekannt Packard Bell Recovery Management Packard Bell 02.09.2009 4.05.3003 unbekannt Packard Bell Updater Packard Bell 02.09.2009 1.01.3014 unbekannt Pando Media Booster Pando Networks Inc. 05.01.2011 5,47MB 2.3.5.2 unbekannt PartyPoker PartyGaming 19.06.2011 notwendig Patrizier 4 Kalypso Media 23.10.2010 2.738MB 1.0.0 unnötig PDFCreator Frank Heindörfer, Philip Chinery 14.09.2011 1.2.3 notwendig pdfforge Toolbar v5.1 Spigot, Inc. 13.03.2012 10,9MB 5.1 unbekannt PokerStars PokerStars 06.09.2011 notwendig PokerStars.net PokerStars.net 06.01.2011 notwendig PokerStrategy.com Elephant PokerStrategy.com 04.02.2011 86,1MB 0.90.30913.03 unnötig PokerStrategy.com Equilab - Omaha PokerStrategy.com 09.01.2012 15,7MB 1.1.0.0 notwendig PokerStrategy.com Equilator PokerStrategy.com 06.02.2011 38,2MB 1.8.1.0 notwendig PokerStrategy.com SideKick PokerStrategy.com 27.03.2012 1.0.50319.2 unnötig PokerTracker 3 (remove only) 20.03.2012 unnötig PostgreSQL 8.3 PostgreSQL Global Development Group 04.02.2011 52,7MB 8.3 notwendig Pro Evolution Soccer 2010 KONAMI 17.09.2010 7.486MB 1.00.0000 unnötig ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 21.10.2010 11.0.0.14 unbekannt PunkBuster Services Even Balance, Inc. 17.09.2010 0.988 unbekannt QuickTime Apple Inc. 13.02.2012 73,3MB 7.71.80.42 notwendig Rage 03.12.2011 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 02.09.2010 6.0.1.5859 notwendig RunAlyzer Safer Networking Limited 14.03.2012 1.6.1.24 unbekannt Saboteur™ Electronic Arts 01.10.2010 6.019MB 1.0.0.0 unnötig Samsung SCX-3200 Series Samsung Electronics Co., Ltd. 27.03.2011 unbekannt Scan Assistant Samsung Electronics Co., Ltd. 27.03.2011 1.01.014 unbekannt SimCity 4 Rush Hour 01.10.2010 unnötig Skype Click to Call Skype Technologies S.A. 14.03.2012 20,2MB 5.9.9216 unbekannt Skype™ 5.8 Skype Technologies S.A. 14.03.2012 19,0MB 5.8.158 notwendig Spybot - Search & Destroy Safer Networking Limited 09.07.2011 1.6.2 notwendig Star Wars: The Old Republic Electronic Arts, Inc. 21.11.2011 13,2MB 1.00 unnötig Steam Valve Corporation 21.10.2010 42,3MB 1.0.0.0 notwendig TableNinja ALXSoftware 20.03.2012 1,90MB 1.2.119 notwendig TableNinjaFT ALXSoftware 10.05.2011 1,40MB 1.1.34 unnötig TableNinjaPP ALXSoftware 20.01.2012 1,37MB 1.0.5 unnötig TableScan Turbo RC4 build 8 Zandry, LLC 31.12.2011 5,83MB unnötig TeamSpeak 3 Client TeamSpeak Systems GmbH 26.03.2011 notwendig TeamViewer 6 TeamViewer GmbH 27.02.2011 6.0.10194 unnötig TeamViewer 7 TeamViewer 09.01.2012 7.0.12313 notwendig thriXXX 3DSexVilla2-058.002 23.11.2010 unnötig thriXXX WebLaunch thriXXX 23.11.2010 1.0 unnötig Tiger Woods PGA TOUR 08 Electronic Arts 24.09.2010 unnötig TVUPlayer 2.5.3.1 TVU networks 18.09.2010 2.5.3.1 unnötig Ubisoft Game Launcher UBISOFT 21.10.2010 1.0.0.0 unnötig UltraISO Premium V9.36 07.08.2011 unnötig Universal Replayer Universal Replayer 20.04.2011 unnötig VAD Laplace Webcam EETI 26.12.2011 1.00 notwendig Veetle TV 0.9.18 Veetle, Inc 06.11.2010 0.9.18 unnötig Ventrilo Client for Windows x64 Flagship Industries, Inc. 03.07.2011 6,67MB 3.0.8.0 unnötig VLC media player 1.1.4 VideoLAN 16.09.2010 1.1.4 notwendig VoiceChum 01.01.2011 unbekannt Warcraft III 18.12.2010 notwendig Warcraft III: All Products 18.12.2010 notwendig Warkeys 1.18.1.0b 01.01.2011 1.18.1.0b unnötig WBFS Manager 2.5 WBFS 29.09.2010 1,72MB 2.5 unbekannt Wer wird Millionär Eidos Interactive 25.11.2010 402MB 1.0.0.0000 unnötig Windows Live Essentials Microsoft Corporation 16.09.2010 14.0.8064.0206 unbekannt WinRAR 17.09.2010 notwendig XAMPP 1.7.4 17.05.2011 ntowendig Xfire (remove only) 24.05.2011 unnötig ZTE USB Driver ZTE Corporation 11.03.2012 1.0.1.25_TME unbekannt |
|
04.04.2012, 13:15
| #10 |
| /// Malware-holic | Blackscreen mit Windows Sicherheitswarnung deinstaliere: Active@ ISO Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Allods ANNO 2070 Assassin's Battlefield: BDFL CamStudio Catan Commandos Convert Counter-Strike Die Siedler : beide DivX Dragonica DVD Shrink DYNASTY EA : alle ePub Free Screen Free YouTube Full Tilt FUSSBALL Garena Grand Theft GUILD ICQ : beide Java: alle Download der kostenlosen Java-Software downloade java jre, instalieren. deinstaliere: League Livestream LogMeIn Logitech LOLReplay Microsoft Games : beide Microsoft Silverlight Miranda Need for Nero Octoshape Patrizier pdfforge PokerStrategy.com Elephant PokerStrategy PokerStrategy.com SideKick PokerTracker Pro Evolution RunAlyzer Saboteur™ SimCity Skype Click Spybot : nutze lieber Malwarebytes von zeit zu zeit, ist besser. Star Wars: TableNinjaFT ALXSoftware TableNinjaPP ALXSoftware TableScan TeamViewer 6 thriXXX : beide Tiger Woods TVUPlayer UltraISO Ubisoft Universal Veetle Ventrilo VoiceChum Warkeys WBFS Wer wird Windows Live Xfire öffne CCleaner analysieren, ccleaner starten. pc neustarten testen wie das system läuft.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.04.2012, 10:10
| #11 |
| | Blackscreen mit Windows Sicherheitswarnung So habe nun mal alle Programme runtergehauen und alle Sachen wie Java Flash etc. geupdated. System läuft ein bischen schneller. Habe aber noch ein weiter großes Problem entdeckt. Es sind ein paar meiner Ordner blockiert und es kommt immer ein Fehler, dass ich darauf nicht zugreifen kann. Desweiteren sind manche Programme die ich drauf habe nicht mehr zugängig, wo auch ein Fehler kommt. Ich habe davon mal ein Bild gemacht und das ganze im Anahng hochgeladen. Das Problem ist erst aufgetreten als ich mit den von ihnen angegeben Schritten begonnen habe. |
|
05.04.2012, 11:22
| #12 |
| /// Malware-holic | Blackscreen mit Windows Sicherheitswarnung poste die fehlermeldung als text, außerdem welche ordner nicht mehr zugänglich sind.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.04.2012, 13:34
| #13 |
| | Blackscreen mit Windows Sicherheitswarnung Fehlermeldung bei önnen von Documents and Settings: Code:
ATTFilter Der Pfrad ist nicht verfügbar.
Auf C:\Documents and Settings kann nicht zugegriffen werden.
Zugriff verweigert
Code:
ATTFilter C:\Documents and Settings
C:\Dokumente und Einstellungen
C:\Programme
C:\Users\Public\Documents\My Music
C:\Users\Public\Documents\My Pictures
C:\Users\Public\Documents\My Videos
C:\Users\Public\Documents\Eigene Bilder
C:\Users\Public\Documents\Eigene Musik
C:\Users\Public\Documents\Eigene Videos
C:\Program Files\Gemeinsame Datein
Code:
ATTFilter C:\Config.Msi
C:\found.000
C:\MSOCache
C:\Recovery
C:\System Volume Information
|
|
05.04.2012, 16:22
| #14 |
| /// Malware-holic | Blackscreen mit Windows Sicherheitswarnung jo, manche sind ja auch schreibgeschützt, wie system volume information, recovery etc, damit man da als nutzer nicht rpfuscht programme ist ja 2 mal vorhanden nehme ich an, einmal mit und einmal ohne schloss. ist also alles normal auf den ersten blick.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Blackscreen mit Windows Sicherheitswarnung |
| achtung, bildschirm, blackscreen, compu, computer, desktop, eingefangen, folge, folgende, folgenden, gefangen, gen, infizierte, infizierten, kurzem, schonmal, schwarzes, schwarzes bild, seite, seiten, sicherheitswarnung, symbole, virus, virus eingefangen, windows |
Linear-Darstellung
