Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Bundespolizei logfile-Auswertung malwarebytes

Bundespolizei logfile-Auswertung malwarebytes


Log-Analyse und Auswertung: Bundespolizei logfile-Auswertung malwarebytes

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 31.08.2011, 22:32   #1
wayne81
 
Bundespolizei logfile-Auswertung malwarebytes - Standard

Bundespolizei logfile-Auswertung malwarebytes


Hallo Leute,

wir haben folgendes Problem:
unser Rechner hat sich mit dem Bundespolizei-Virus infiziert. Das System war total lahmgelegt. Im normalen wie im abgesicherten Modus erschien nach der Benutzeranmeldung die bekannte Seite der "Bundespolizei". Sie war nicht über den Task-Manager wegzubekommen. Wie im Forum empfohlen haben wir nun srep.exe über einen usb-Stick gestartet, die Seite erschien danach nicht mehr.
Anschließend haben wir einen Quickscan mit der aktuellen Version von Malwarebytes durchgeführt und die Befunde gelöscht. Den Log haben wir unten angefügt. Alte Scans gibt es nicht.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7622

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

31.08.2011 23:24:21
mbam-log-2011-08-31 (23-24-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 175505
Laufzeit: 17 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\documents and settings\administrator\local settings\Temp\0.4240090202013036.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\0.9502945872695817.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

Alt 01.09.2011, 22:30   #2
Swisstreasure
/// Malwareteam
 
Bundespolizei logfile-Auswertung malwarebytes - Standard

Bundespolizei logfile-Auswertung malwarebytes




Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:
  • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
  • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
  • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Gmer startet automatisch einen ersten Scan.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    Code:
    ATTFilter
    WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?
  • Unbedingt auf "No" klicken,
    in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

    .
  • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
  • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
  • Wichtig: "Show all" darf nicht angehakt sein!
  • Starte den Scan durch Drücken des Buttons "Scan".
    Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
  • Wenn der Scan fertig ist, bleibt die Zeile leer.
    Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
    Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.
__________________
Alt 03.09.2011, 21:41   #3
wayne81
 
Bundespolizei logfile-Auswertung malwarebytes - Standard

Bundespolizei logfile-Auswertung malwarebytes


Ok wir haben den scan wie beschrieben mit OTL durchgeführt:

OTL.TXT:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.09.2011 21:53:36 - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1014,29 Mb Total Physical Memory | 653,41 Mb Available Physical Memory | 64,42% Memory free
2,38 Gb Paging File | 1,86 Gb Available in Paging File | 77,91% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 2,26 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
 
Computer Name: ABYS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.03 11:56:38 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010.01.25 23:03:35 | 000,278,528 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
PRC - [2009.04.02 18:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009.03.31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.10.24 15:16:44 | 000,462,848 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\vsserv.exe
PRC - [2007.08.23 19:29:48 | 000,976,264 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\Hotkey Appendix\hkeyapp.exe
PRC - [2007.07.31 20:09:24 | 001,512,840 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\OPDOFF\opdoff.exe
PRC - [2007.04.02 17:48:40 | 000,290,816 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\bdmcon.exe
PRC - [2007.03.26 16:49:46 | 000,069,632 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\bdagent.exe
PRC - [2007.03.02 00:47:18 | 000,206,480 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\OPDOFF\opdoffsv.exe
PRC - [2007.02.26 06:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007.01.22 19:47:00 | 000,163,840 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMAsst.exe
PRC - [2007.01.19 17:12:56 | 000,081,920 | ---- | M] () -- C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
PRC - [2006.11.09 14:33:04 | 000,086,016 | ---- | M] (SOFTWIN S.R.L) -- C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.10.23 12:22:24 | 000,196,608 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\zlib.dll
MOD - [2007.10.23 12:22:24 | 000,196,608 | ---- | M] () -- C:\Program Files\Common Files\Softwin\BitDefender Update Service\zlib.dll
MOD - [2007.08.15 15:26:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\WSLib.dll
MOD - [2007.03.23 18:50:14 | 000,005,632 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\getfile.dll
MOD - [2007.03.19 19:55:00 | 000,106,496 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\bdfltlib.dll
MOD - [2007.03.08 19:00:42 | 000,061,440 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\BDUtils.dll
MOD - [2007.01.19 17:12:56 | 000,081,920 | ---- | M] () -- C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
MOD - [2006.08.16 13:11:12 | 000,008,704 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\trufos.dll
MOD - [2006.04.11 19:58:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\profos.dll
MOD - [2006.03.14 17:28:16 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Softwin\BitDefender Update Service\httpgetf.dll
MOD - [2006.03.03 15:52:54 | 000,069,632 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\bdfdll_x86.dll
MOD - [2003.12.10 17:08:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\mimeinf.dll
MOD - [2002.01.14 15:49:00 | 000,045,056 | ---- | M] () -- C:\Program Files\Common Files\Softwin\BitDefender Scan Server\avxdisk.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.01.25 23:03:35 | 000,278,528 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009.03.31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.12.11 18:38:22 | 000,217,088 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\etmservice.exe -- (ETMService) Intel(R)
SRV - [2007.10.24 15:16:44 | 000,462,848 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Program Files\Softwin\BitDefender10\vsserv.exe -- (VSSERV)
SRV - [2007.03.02 00:47:18 | 000,206,480 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\Program Files\Panasonic\OPDOFF\opdoffsv.exe -- (OPDOFFSV)
SRV - [2007.02.26 06:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007.01.19 17:12:56 | 000,081,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe -- (bdss)
SRV - [2006.11.09 14:33:04 | 000,086,016 | ---- | M] (SOFTWIN S.R.L) [Auto | Running] -- C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM)
SRV - [2006.09.04 18:47:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2003.03.09 22:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.12.07 20:53:12 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2007.12.11 18:37:44 | 000,009,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EtmDevFan.sys -- (EtmFan)
DRV - [2007.12.11 18:37:38 | 000,036,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EtmDevGmch.sys -- (EtmGmchMem)
DRV - [2007.12.11 18:37:24 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EtmTempSense.sys -- (EtmTempSense)
DRV - [2007.12.11 18:37:16 | 000,040,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EtmDrvMgr.sys -- (Etm)
DRV - [2007.12.11 18:36:58 | 000,019,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EtmDevCpu.sys -- (EtmCpu)
DRV - [2007.11.28 17:14:00 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007.11.21 01:59:47 | 000,097,216 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.08.15 12:22:00 | 000,265,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007.06.11 23:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007.05.24 23:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.04.24 22:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.04.18 02:52:00 | 000,019,584 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\newmisc.sys -- (NewMisc)
DRV - [2007.03.26 21:18:00 | 000,117,424 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2007.03.02 01:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.01.22 19:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.12.22 13:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006.12.22 13:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006.12.22 13:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006.12.04 17:51:44 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Softwin\BitDefender10\bdfdll.sys -- (bdfdll)
DRV - [2006.11.21 02:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.11.14 12:48:36 | 000,019,840 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hotkey.sys -- (HOTKEY)
DRV - [2006.10.11 04:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.10.21 13:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005.01.06 22:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mondkraft.com/mondkalender.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/|hxxp://wetterstationen.meteomedia.de/messnetz/forecast/096460.html|hxxp://www.taz.de/1/?tx_jkpoll_pi1%5Bgo%5D=savevote&tx_jkpoll_pi1%5Buid%5D=691|hxxp://www.spin.de/|hxxp://wetterstationen.meteomedia.de/messnetz/forecast/192909.html|hxxp://www.mondkraft.com/mondkalender.php|hxxp://www.gls.de/service-portal/kontoeroeffnung/girokonto-privat-geschaeftlich.html"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Documents and Settings\Administrator\Desktop\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
 
[2011.06.22 23:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2011.08.19 08:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\thptdiuh.default\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\THPTDIUH.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2009.07.17 21:10:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009.09.02 21:34:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
 
O1 HOSTS File: ([2009.12.19 01:02:51 | 000,366,461 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 12612 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\Documents and Settings\All Users\Application Data\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Ecosia Class) - {7E783154-F54B-4af6-8C01-0A3E744B5DC8} - C:\Program Files\Ecosia\ecosia.dll ()
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Ecosia Search) - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - C:\Program Files\Ecosia\ecosia.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Softwin\BitDefender10\bdagent.exe (SOFTWIN S.R.L.)
O4 - HKLM..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender10\bdmcon.exe (SOFTWIN S.R.L.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DMS-Kalenderchen] C:\Program Files\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [Panasonic Hotkey Manager] C:\Program Files\Panasonic\Hotkey Appendix\hkeyapp.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - HKLM..\Run: [WinampAgent]  File not found
O4 - HKCU..\Run: [1und1Dispatcher] C:\Program Files\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Optical Disc Drive Power-Saving Utility.lnk = C:\Program Files\Panasonic\OPDOFF\opdoff.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMAsst.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4B29525-43C3-46F0-B34F-959BD77DCB27}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.13 00:51:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4ecc1e5a-5f33-11df-bf4c-00037a76acd5}\Shell - "" = AutoRun
O33 - MountPoints2\{4ecc1e5a-5f33-11df-bf4c-00037a76acd5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4ecc1e5a-5f33-11df-bf4c-00037a76acd5}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{c658bce8-03f0-11de-bd9b-00215c96f5bb}\Shell - "" = AutoRun
O33 - MountPoints2\{c658bce8-03f0-11de-bd9b-00215c96f5bb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c658bce8-03f0-11de-bd9b-00215c96f5bb}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{e89500aa-3758-11e0-a840-b73c02adf62e}\Shell - "" = AutoRun
O33 - MountPoints2\{e89500aa-3758-11e0-a840-b73c02adf62e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e89500aa-3758-11e0-a840-b73c02adf62e}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e89500af-3758-11e0-a840-00037a76acd5}\Shell - "" = AutoRun
O33 - MountPoints2\{e89500af-3758-11e0-a840-00037a76acd5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e89500af-3758-11e0-a840-00037a76acd5}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.03 11:56:36 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011.08.31 23:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\1&1 Mail & Media GmbH
[2011.08.31 23:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE Toolbar
[2011.08.31 23:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UUdb
[2011.08.31 23:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DesktopIcons
[2011.08.31 23:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\1und1Softwareaktualisierung
[2011.08.31 23:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\1und1InternetExplorerAddon
[2011.08.31 23:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011.08.31 23:03:30 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.08.31 23:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.31 23:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.08.31 23:03:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.08.31 23:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.31 23:02:27 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.1.1800.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.03 21:53:48 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2011.09.03 11:56:38 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011.09.02 12:32:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.09.02 12:32:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.09.02 12:32:14 | 1063,636,992 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.31 23:46:08 | 000,001,843 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Amazon.lnk
[2011.08.31 23:46:08 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WEB.DE.lnk
[2011.08.31 23:46:08 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\eBay.lnk
[2011.08.31 23:03:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.31 23:02:36 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.11 10:14:37 | 000,441,440 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.08.11 10:14:37 | 000,071,758 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.08.11 10:10:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.08.07 22:39:52 | 000,305,610 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Linie 681 Haltestellen.pdf
[2011.08.07 22:31:37 | 000,430,991 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Verlauf Linie 681.pdf
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.31 23:46:08 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Amazon.lnk
[2011.08.31 23:46:08 | 000,001,837 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\WEB.DE.lnk
[2011.08.31 23:46:08 | 000,001,837 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WEB.DE.lnk
[2011.08.31 23:46:08 | 000,001,835 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\eBay.lnk
[2011.08.31 23:03:30 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.31 22:32:38 | 1063,636,992 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.07 22:39:52 | 000,305,610 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Linie 681 Haltestellen.pdf
[2011.08.07 22:31:37 | 000,430,991 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Verlauf Linie 681.pdf
[2011.08.01 21:27:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.06.22 23:50:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.06.20 18:18:04 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011.06.20 18:18:04 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011.06.20 18:17:44 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2010.02.24 23:08:41 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WebpageIcons.db
[2010.01.25 22:54:42 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2010.01.24 23:41:21 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\getfile.dat
[2009.11.19 19:19:28 | 000,000,183 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.31 20:47:56 | 000,040,040 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.09.14 18:45:46 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009.05.19 12:21:01 | 000,010,977 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.03.10 21:15:27 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2009.03.10 21:15:27 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2009.02.26 18:50:28 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009.02.26 14:12:10 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.26 14:10:47 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.02.26 14:10:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.02.26 14:10:44 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.02.26 14:10:44 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.02.26 14:10:42 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.02.26 11:34:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.06.06 18:46:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.05.13 18:25:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008.05.13 18:25:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008.05.13 18:25:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008.05.13 18:25:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008.05.13 18:25:32 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008.05.13 18:25:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008.05.13 18:02:26 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2008.05.13 02:35:55 | 000,000,102 | ---- | C] () -- C:\WINDOWS\System32\softkbd.exe.config
[2008.05.13 02:14:07 | 000,000,052 | ---- | C] () -- C:\WINDOWS\DMIVIEW.INI
[2008.05.13 00:56:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.05.13 00:50:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.05.12 17:46:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.05.12 17:45:39 | 000,214,472 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.05.12 17:29:07 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008.05.12 17:29:05 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008.05.12 17:29:05 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008.05.12 17:24:14 | 000,002,190 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.05.12 17:22:27 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.05.12 17:22:12 | 000,441,440 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.05.12 17:22:12 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.05.12 17:22:12 | 000,071,758 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.05.12 17:22:12 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.05.12 17:22:08 | 000,004,484 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.05.12 17:22:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.05.12 17:21:59 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008.05.12 17:21:37 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.05.12 17:21:37 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.05.12 17:20:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.05.12 17:20:40 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007.01.31 15:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006.12.05 22:05:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
 
========== LOP Check ==========
 
[2010.03.01 22:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Amazon
[2010.01.25 22:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bitdefender
[2009.10.30 11:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2009.12.07 19:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon Easy-WebPrint EX
[2009.02.26 19:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2011.06.20 18:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2011.06.20 18:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung
[2009.07.12 17:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WEBDE
[2011.08.31 23:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1und1InternetExplorerAddon
[2010.01.25 22:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009.10.30 11:30:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009.10.30 11:44:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011.08.31 23:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DesktopIcons
[2011.06.20 18:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010.02.20 10:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SGS
[2009.09.14 18:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011.04.09 20:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tmp
[2011.08.31 23:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UUdb
[2009.06.26 14:49:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1236774405.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2008.05.13 00:51:51 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010.10.01 22:22:54 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2008.05.13 00:51:51 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011.09.02 12:32:14 | 1063,636,992 | -HS- | M] () -- C:\hiberfil.sys
[2009.10.27 19:33:31 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2008.05.13 00:51:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.05.13 00:51:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004.08.04 23:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009.02.26 14:40:15 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011.09.02 12:32:11 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.04.18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006.06.29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.06.29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2008.05.13 00:51:34 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009.03.24 06:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9Z.DLL
[2009.03.24 06:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9Z.DLL
[2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006.10.26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008.07.06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.05.12 17:42:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.05.12 17:42:44 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.05.12 17:42:44 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\user32.dll /md5 >
[2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.04.14 02:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2help.dll /md5 >
[2008.04.14 02:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 12:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004.08.04 23:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 23:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-25 06:13:47
 
<           >

< End of report >
--- --- ---


EXTRA.TXT
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.09.2011 21:53:36 - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1014,29 Mb Total Physical Memory | 653,41 Mb Available Physical Memory | 64,42% Memory free
2,38 Gb Paging File | 1,86 Gb Available in Paging File | 77,91% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 2,26 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
 
Computer Name: ABYS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Miranda ME RC3\miranda32.exe" = C:\Program Files\Miranda ME RC3\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21D9DC24-7826-4007-B245-5FB80ED0F682}_is1" = Ecosia Plugin 0.1b
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Fotostory 3 für Windows
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B9C3E2C-2908-46CA-8E5F-37F398EAA367}" = Optical Disc Drive Letter-Setting Utility
"{6C09C770-3FC9-4103-85B4-470FC78E43EB}" = Economy Mode(ECO) Setting Utility
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{745CBEF4-9AF4-42BD-9C97-2A6B66BF55EA}" = Optical Disc Drive Power-Saving Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{82DFB852-9594-4668-9C66-28BB6E94BCB2}" = hp psc 2100 series
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8877DCCF-7796-48A6-B682-DF7D4BF6CA02}" = Power Saving Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{943622A3-F5E9-464F-A025-90D02F3B8ACE}" = Hotkey Appendix
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{99733131-7B00-4E5C-8991-113CD61D8E2F}" = Panasonic Common Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Premium
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.4 - Deutsch
"{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}" = BitDefender Free Edition v10
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CD5C2205-7BAD-4B87-BF9A-2BAC626B29C8}" = Battery Recalibration
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DEBACE7E-5DD1-42DB-AFE7-2B60E7CC80A8}" = Microsoft GB18030 Support Package
"{DEEFA812-64A6-4083-BB38-87F68B6BA820}" = Hotkey Settings
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"AudibleManager" = AudibleManager
"Audiograbber" = Audiograbber 1.83 SE 
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_10F70000" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP PSC 2100 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 2100 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IIF2Installer" = Intel(R) Extended Thermal Model
"InstallShield_{99733131-7B00-4E5C-8991-113CD61D8E2F}" = Panasonic Common Components
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Kalenderchen_is1" = Kalenderchen 4
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.6.2 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MD Adressbuch 2009_is1" = MD Adressbuch 2009
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnlineFotoservice" = OnlineFotoservice
"Picasa 3" = Picasa 3
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.12.2009 11:55:11 | Computer Name = ABYS-PC | Source = MsiInstaller | ID = 1013
Description = Programm: Kaspersky Anti-Virus Strato Edition -- Zum Fortsetzen der
 Installation ist ein Neustart des Computers erforderlich.
 
[ Application Events ]
Error - 20.12.2009 11:55:11 | Computer Name = ABYS-PC | Source = MsiInstaller | ID = 1013
Description = Programm: Kaspersky Anti-Virus Strato Edition -- Zum Fortsetzen der
 Installation ist ein Neustart des Computers erforderlich.
 
[ OSession Events ]
Error - 11.03.2009 16:34:00 | Computer Name = ABYS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 43186
 seconds with 5580 seconds of active time.  This session ended with a crash.
 
Error - 23.03.2009 15:19:29 | Computer Name = ABYS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34371
 seconds with 2760 seconds of active time.  This session ended with a crash.
 
Error - 20.10.2009 17:01:11 | Computer Name = ABYS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 41204
 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error - 19.01.2011 16:58:10 | Computer Name = ABYS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 110185
 seconds with 2820 seconds of active time.  This session ended with a crash.
 
Error - 08.02.2011 16:32:24 | Computer Name = ABYS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 36079
 seconds with 16800 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 02.09.2011 06:48:49 | Computer Name = ABYS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDFsDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 02.09.2011 06:48:49 | Computer Name = ABYS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDRsDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 02.09.2011 07:48:46 | Computer Name = ABYS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDFsDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 02.09.2011 07:48:46 | Computer Name = ABYS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDRsDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 02.09.2011 15:46:41 | Computer Name = ABYS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDFsDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 02.09.2011 15:46:41 | Computer Name = ABYS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDRsDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 03.09.2011 04:52:54 | Computer Name = ABYS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDFsDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 03.09.2011 04:52:54 | Computer Name = ABYS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDRsDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 03.09.2011 10:51:37 | Computer Name = ABYS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDFsDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 03.09.2011 10:51:37 | Computer Name = ABYS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDRsDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
--- --- ---


Bei dem Scanversucht mit GMER blieb es bei einem Versuch. Der PC hängte sich immer auf, es erschien nur kurz auf dem ganzen Bildschirm ein blaues Fenster mit weißem Text, so dass wir den Inhalt hier nicht wirklich posten können. Der PC startet danach sofort wieder neu.

Hoffe der OTL Scan ist negativ, also positiv für uns.

Besten Dank...
__________________
Antwort

Themen zu Bundespolizei logfile-Auswertung malwarebytes
abgesicherten, administrator, aktuelle, anti-malware, bundespolizei-virus, dateien, exploit.drop.2, explorer, file, folge, forum, image, infiziert., leute, log, malwarebytes, meldung, microsoft, problem, rechner, seite, service, software, srep.exe, system, task-manager, temp, total, version


« 2 mal iexplorer und 100% CPU-Auslastung | Facebook Virus. (bist du das auf dem Foto .........) »


Ähnliche Themen: Bundespolizei logfile-Auswertung malwarebytes


  1. Malwarebytes Logfile auswertung
    Log-Analyse und Auswertung - 11.10.2013 (3)
  2. Malwarebytes Log Auswertung
    Log-Analyse und Auswertung - 20.06.2013 (1)
  3. Auswertung Malwarebytes
    Log-Analyse und Auswertung - 05.03.2013 (7)
  4. Malwarebytes und Otl Auswertung
    Log-Analyse und Auswertung - 30.12.2012 (2)
  5. ad.adserverplus.com - auswertung malwarebytes
    Log-Analyse und Auswertung - 01.09.2012 (1)
  6. Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log?
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (8)
  7. BKA - Virus - Malwarebytes - Auswertung
    Log-Analyse und Auswertung - 30.03.2012 (7)
  8. Bundespolizei Virus (Auswertung OTL.txt)
    Log-Analyse und Auswertung - 19.03.2012 (17)
  9. Bundespolizei Log Auswertung
    Log-Analyse und Auswertung - 16.03.2012 (1)
  10. Malwarebytes auswertung
    Log-Analyse und Auswertung - 27.02.2012 (6)
  11. Auswertung des Logfiles von Malwarebytes
    Log-Analyse und Auswertung - 07.01.2012 (5)
  12. Bundespolizei-Tojaner / OTL und Malwarebytes Logfiles
    Log-Analyse und Auswertung - 16.11.2011 (19)
  13. Auswertung von Malwarebytes Bericht
    Plagegeister aller Art und deren Bekämpfung - 15.08.2010 (1)
  14. Auswertung Malwarebytes
    Log-Analyse und Auswertung - 31.05.2010 (5)
  15. Trojaner, Probleme mit Malwarebytes AM und LogFile Auswertung
    Mülltonne - 26.01.2010 (3)
  16. Auswertung Malwarebytes und Hijackthis Log
    Plagegeister aller Art und deren Bekämpfung - 14.05.2009 (9)
  17. malwarebytes auswertung?
    Plagegeister aller Art und deren Bekämpfung - 27.08.2008 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundespolizei logfile-Auswertung malwarebytes - Hallo Leute, wir haben folgendes Problem: unser Rechner hat sich mit dem Bundespolizei-Virus infiziert. Das System war total lahmgelegt. Im normalen wie im abgesicherten Modus erschien nach der Benutzeranmeldung die - Bundespolizei logfile-Auswertung malwarebytes...
Archiv
Du betrachtest: Bundespolizei logfile-Auswertung malwarebytes auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131