| |
| |||||||
Log-Analyse und Auswertung: komme nicht mehr in den abgesicherten modus win XPWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.03.2012, 13:28
| #1 |
| |  komme nicht mehr in den abgesicherten modus win XP Hallo Trojaner Board Team, ich habe ein riesen Problem. Ich komme nicht mehr in den abgesicherten Modus, egal ob mit eingabeaufforderung oder mit netzwerktreibern. Es kommt immer nur die Meldung press ESC for loading SPTD.sys und dann startet er auch schon neu, egal was ich mache. Windows XP professional im Normalmodus funktioniert, allerdings habe ich hier wohl ein Trojanerbefall welchen ich eigentlich im bagesicherten Modus beseitigen wollte. Ich scanne jetzt gerade mit OTL mein System und lade gleich die Ergebnisse hoch. Ich hoffe es hat hier jemand rat für mich. Ich bin nämlich langsam ratlos. ExtrasOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.03.2012 13:17:45 - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Dokumente und Einstellungen\thebestian\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 43,28% Memory free
3,72 Gb Paging File | 2,70 Gb Available in Paging File | 72,53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 5,00 Gb Free Space | 2,15% Space Free | Partition Type: NTFS
Computer Name: ***** | User Name: ******* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\svc]
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4100:UDP" = 4100:UDP:*:Enabled:uPNP Router Control Port
"86:TCP" = 86:TCP:*:Enabled:BroadCam Video Streaming Server Web Server
"80:TCP" = 80:TCP:*:Enabled:Promo
"53:UDP" = 53:UDP:*:Enabled:Promo
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\HP\Digital Imaging\bin\Lager\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\Lager\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\Lager\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\Lager\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Azureus\Azureus.exe" = C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Programme\HP\Digital Imaging\bin\Lager\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\Lager\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\Lager\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\Lager\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0288061F-E601-4CFB-BF9C-0EE5D3266847}" = Mimaki USB Driver
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700" = Canon iP1700
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2500_series" = Canon iP2500 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series" = Canon iP3500 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{15C165F1-1DAE-4476-AFB6-8723729B41E7}" = hp deskjet 5100
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2B98A889-1363-467F-89A9-E54ADB6C9324}" = Mimaki USB2.0 Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33AC7337-B322-410B-A454-BDD50E6357F2}" = Sumitomo 3M 1394 Driver
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{343A1706-26A4-45EA-88CF-37CA172B0F27}" = D1600
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3FF3DD04-F386-46B0-97FC-B86238B65487}" = Canon MP Drivers 6.0
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{48D5798F-3938-4F93-91F0-1E38AE23F834}" = BitDefender Anti-Phishing Free Edition
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{80ACC404-8441-4133-B3B1-17BF3A578FB1}" = Mimaki Device Driver
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88fd8169-9858-467e-9ef7-b016d568cac4}" = Nero 9 Trial
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB8749BD-DE32-44DE-A945-F888033F1557}" = Mimaki 1394 Driver
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"Acoustica MP3 Audio Mixer" = Acoustica MP3 Audio Mixer
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"CANONBJ_Deinstall_CNMCP79.DLL" = Canon iP5200
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON SX100 Series" = Druckerdeinstallation für EPSON SX100 Series
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"hp deskjet 5550 series_Driver" = hp deskjet 5550 series
"hp deskjet 916c series_Driver" = hp deskjet 916c series
"HP Photo & Imaging" = HP Image Zone 4.7
"ie8" = Windows Internet Explorer 8
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Lexmark Z600 Series" = Lexmark Z600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mayspies Print Designer_is1" = Mayspies Print Designer V1.3
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mimaki FineCut for CorelDRAW" = Mimaki FineCut for CorelDRAW
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Opera 11.61.1250" = Opera 11.61
"SSC Service Utility_is1" = SSC Service Utility v4.30
"UltraISO_is1" = UltraISO Premium V9.36
"VLC media player" = VLC media player 1.0.0
"WBFS Manager 3.0" = WBFS Manager 3.0
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WordToPDF_is1" = WordToPDF 2.5
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"ZoneAlarm-Sicherheit Toolbar" = ZoneAlarm-Sicherheit Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.12.2011 10:47:46 | Computer Name = BASTI | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 1
Error - 30.12.2011 11:56:20 | Computer Name = BASTI | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 288
Error - 30.12.2011 11:56:20 | Computer Name = BASTI | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 1
Error - 30.12.2011 11:56:20 | Computer Name = BASTI | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 288
Error - 30.12.2011 11:56:20 | Computer Name = BASTI | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 1
Error - 30.12.2011 11:56:20 | Computer Name = BASTI | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 288
Error - 30.12.2011 11:56:20 | Computer Name = BASTI | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 1
Error - 30.12.2011 11:56:20 | Computer Name = BASTI | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 288
Error - 30.12.2011 11:56:20 | Computer Name = BASTI | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 1
Error - 03.01.2012 10:38:30 | Computer Name = BASTI | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
[ System Events ]
Error - 13.03.2012 08:02:22 | Computer Name = BASTI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 13.03.2012 08:02:22 | Computer Name = BASTI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 13.03.2012 08:02:22 | Computer Name = BASTI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 13.03.2012 08:02:22 | Computer Name = BASTI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 13.03.2012 08:02:22 | Computer Name = BASTI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 13.03.2012 08:02:22 | Computer Name = BASTI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 13.03.2012 08:02:38 | Computer Name = BASTI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 13.03.2012 08:10:53 | Computer Name = BASTI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 13.03.2012 08:15:59 | Computer Name = BASTI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 13.03.2012 08:20:52 | Computer Name = BASTI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
< End of report >
OTL OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 13.03.2012 13:17:45 - Run 1 OTL by OldTimer - Version 3.2.36.3 Folder = C:\Dokumente und Einstellungen\thebestian\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 43,28% Memory free 3,72 Gb Paging File | 2,70 Gb Available in Paging File | 72,53% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,88 Gb Total Space | 5,00 Gb Free Space | 2,15% Space Free | Partition Type: NTFS Computer Name: ****** | User Name: ******* | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.13 13:16:39 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\thebestian\Desktop\OTL.exe PRC - [2012.03.07 16:10:52 | 000,413,696 | ---- | M] (BitDefender SRL) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe PRC - [2012.02.16 15:55:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.01.13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2011.12.18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\zatray.exe PRC - [2011.11.03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2011.11.03 15:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe PRC - [2009.08.16 21:26:45 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe PRC - [2009.05.15 06:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.24 13:14:38 | 001,631,536 | ---- | M] (BitDefender S. R. L.) -- C:\Programme\BitDefender\BitDefender 2009\vsserv.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.03.02 13:24:24 | 000,778,240 | ---- | M] (BitDefender S.R.L.) -- C:\Programme\BitDefender\BitDefender 2009\bdagent.exe PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004.12.15 22:59:28 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe ========== Modules (No Company Name) ========== MOD - [2012.02.16 15:55:51 | 001,911,768 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010.08.13 12:28:27 | 005,969,360 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2009.03.26 11:36:22 | 000,167,936 | ---- | M] () -- C:\Programme\BitDefender\BitDefender 2009\agentreg.dll MOD - [2009.02.27 15:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2009.01.28 15:03:49 | 000,326,401 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2008.12.08 16:26:58 | 000,155,648 | ---- | M] () -- C:\Programme\BitDefender\BitDefender 2009\bdfltlib.dll MOD - [2008.10.09 16:31:54 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\txmlutil.dll MOD - [2008.10.09 16:31:54 | 000,192,512 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\txmlutil.dll MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.06.20 17:02:46 | 000,247,296 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll MOD - [2008.06.20 17:02:46 | 000,247,296 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll MOD - [2008.04.14 06:53:04 | 000,005,632 | ---- | M] () -- C:\WINDOWS\system32\websensedcagent.dll MOD - [2008.01.11 06:17:30 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\ssp2ml3.dll MOD - [2006.12.04 09:25:14 | 000,022,723 | R--- | M] () -- C:\WINDOWS\system32\sugs1l3.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (WmiAcpi) SRV - File not found [Auto | Stopped] -- -- (usbcm) SRV - File not found [Auto | Stopped] -- -- (USBAAPL) SRV - File not found [Auto | Stopped] -- -- (SWNC8U51) SRV - File not found [Auto | Stopped] -- -- (spmd) SRV - File not found [Auto | Stopped] -- -- (ntrtscan) SRV - File not found [Auto | Stopped] -- -- (nic1394) SRV - File not found [Auto | Stopped] -- -- (logonsvcid) SRV - File not found [Auto | Stopped] -- -- (iftpsvc) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [Auto | Stopped] -- -- (GoogleDesktopManager-010708-104812) SRV - File not found [Auto | Stopped] -- -- (CVPNDRVA) SRV - File not found [Auto | Stopped] -- -- (ccsetmgr) SRV - File not found [Auto | Stopped] -- -- (botcbs) SRV - File not found [Auto | Stopped] -- -- (backupexecjobengine) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2012.03.07 16:10:52 | 000,413,696 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV) SRV - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2011.11.03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.08.16 21:26:45 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.07.17 11:45:57 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.05.15 06:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.03.24 13:14:38 | 001,631,536 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Programme\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV) SRV - [2008.07.18 14:05:40 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.04.14 06:53:04 | 000,005,632 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\websensedcagent.dll -- (admjoy) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Boot | Stopped] -- -- (wbsweu) DRV - File not found [Kernel | Auto | Stopped] -- -- (SSPORT) DRV - File not found [Kernel | Boot | Stopped] -- -- (qalysisv) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GMSIPCI) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.03.13 13:03:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.03.09 14:00:17 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.03.06 14:21:52 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF) DRV - [2011.12.18 21:04:24 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant) DRV - [2011.11.03 15:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2011.03.04 16:27:20 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2011.02.19 12:27:37 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.07.12 09:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2010.07.06 09:19:30 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio) DRV - [2010.01.29 10:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Programme\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2009.09.01 10:31:38 | 000,036,520 | ---- | M] (Mimaki Engineering Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mkusb.sys -- (mkusb) Mimaki Plotter USB Port Controller (mkusb.sys) DRV - [2009.06.09 04:18:24 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 11:29:07 | 000,022,360 | ---- | M] (Avira GmbH) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys -- (avgntmgr) DRV - [2009.02.13 11:17:49 | 000,045,416 | ---- | M] (Avira GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd) DRV - [2008.12.11 10:24:20 | 004,959,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.10.30 14:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008.10.25 06:14:58 | 003,341,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008.04.13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2007.10.12 02:40:12 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdide.sys -- (amdide) DRV - [2003.04.02 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2003.04.02 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2001.08.17 13:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7IRFC_de IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5016 [2011.06.09 17:04:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Programme\BitDefender\BitDefender 2009\FFToolbar\ [2012.03.07 15:29:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.03.10 09:55:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.12 10:00:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: [2010.07.16 09:42:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\Mozilla\Extensions [2012.03.08 15:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\Mozilla\Firefox\Profiles\ar338fyc.default\extensions [2010.08.13 12:27:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\Mozilla\Firefox\Profiles\ar338fyc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.03.08 15:06:16 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\Mozilla\Firefox\Profiles\ar338fyc.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2012.03.12 10:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\THEBESTIAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\AR338FYC.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2011.06.09 17:04:36 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5016 [2012.02.16 15:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2012.03.06 14:22:55 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O4 - HKLM..\Run: [BDAgent] C:\Programme\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.) O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Programme\BitDefender\BitDefender 2009\IEShow.exe (BitDefender) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP) O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 62412 = C:\DOKUME~1\ALLUSE~1\LOCALS~1\Temp\msdubmna.pif () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\nwprovau.dll File not found O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C18DE61-C568-4095-976D-B27C20D3FBD8}: NameServer = 89.246.64.8 62.220.18.8 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\lkapoer: DllName - (C:\Dokumente und Einstellungen\thebestian\Lokale Einstellungen\Anwendungsdaten\lkapoer.dll) - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\thebestian\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\thebestian\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.16 11:04:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3501de53-9ef3-11de-94ff-002421254897}\Shell\Auto\command - "" = Ghost.pif O33 - MountPoints2\{3501de53-9ef3-11de-94ff-002421254897}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3501de53-9ef3-11de-94ff-002421254897}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2012.03.13 13:16:34 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\thebestian\Desktop\OTL.exe [2012.03.13 13:03:23 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.03.13 12:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage [2012.03.12 17:46:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Local Settings [2012.03.08 14:03:31 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012.03.08 12:43:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\thebestian\Desktop\anwalt [2012.03.08 10:24:21 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.03.07 15:40:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender [2012.03.07 15:33:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\thebestian\Eigene Dateien\ForceField Shared Files [2012.03.07 15:33:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\CheckPoint [2012.03.07 15:33:09 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2012.03.07 15:33:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\thebestian\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit [2012.03.07 15:33:04 | 000,000,000 | ---D | C] -- C:\Programme\ZoneAlarm-Sicherheit [2012.03.07 15:32:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Check Point [2012.03.07 15:32:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint [2012.03.07 15:29:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BitDefender 2009 [2012.03.07 15:29:38 | 000,000,000 | ---D | C] -- C:\Programme\BitDefender [2012.03.07 15:29:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\BitDefender [2012.03.07 15:29:01 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\BitDefender [2012.03.07 15:23:25 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint [2012.03.07 13:49:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\thebestian\Desktop\phillip [2012.03.06 17:22:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe [2012.03.06 17:22:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun [2012.03.06 15:39:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4D562C801C4AB5500005FC7D151FC84 [2012.03.06 14:24:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4D562C8000435DB00005FC7D151FC84 [2012.03.06 14:21:52 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll [2012.03.06 14:21:52 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll [2012.03.06 14:21:52 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys [2012.03.06 14:08:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2012.03.06 14:08:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [1 C:\Dokumente und Einstellungen\thebestian\*.tmp files -> C:\Dokumente und Einstellungen\thebestian\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.13 16:03:31 | 000,000,228 | -HS- | M] () -- C:\boot.ini [2012.03.13 13:21:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.03.13 13:16:39 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\thebestian\Desktop\OTL.exe [2012.03.13 13:03:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.03.13 13:00:57 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2012.03.13 13:00:56 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.03.13 13:00:51 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd [2012.03.13 13:00:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.03.13 13:00:45 | 000,060,256 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2012.03.13 13:00:43 | 000,325,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.03.13 12:59:15 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin [2012.03.13 12:43:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.03.13 12:31:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.03.12 14:12:46 | 000,076,800 | ---- | M] () -- C:\Dokumente und Einstellungen\thebestian\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.09 15:38:51 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012.03.09 15:38:33 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012.03.09 15:38:33 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012.03.09 14:00:17 | 000,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012.03.08 10:24:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.03.07 16:11:00 | 000,000,132 | ---- | M] () -- C:\httpdwl.dat [2012.03.07 15:42:09 | 000,415,859 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2012.03.07 15:40:16 | 000,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml [2012.03.07 15:40:16 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml [2012.03.07 14:31:25 | 000,628,378 | ---- | M] () -- C:\Dokumente und Einstellungen\thebestian\Desktop\philipp hinten.jpg [2012.03.06 16:33:43 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.06 14:22:55 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120307-100901.backup [2012.03.06 14:22:55 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.03.06 14:21:52 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll [2012.03.06 14:21:52 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll [2012.03.06 14:21:52 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys [2012.02.25 11:15:33 | 000,016,171 | ---- | M] () -- C:\Dokumente und Einstellungen\thebestian\Desktop\ak47-hi.png [2012.02.22 17:47:10 | 000,056,827 | ---- | M] () -- C:\Dokumente und Einstellungen\thebestian\Desktop\metal mulisha.cdr [2012.02.22 17:27:47 | 001,400,251 | ---- | M] () -- C:\Dokumente und Einstellungen\thebestian\Desktop\monster m.cdr [2012.02.18 12:48:53 | 001,424,504 | ---- | M] () -- C:\Dokumente und Einstellungen\thebestian\Desktop\tresen.cdr [2012.02.15 18:06:07 | 000,459,250 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.02.15 18:06:07 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.02.15 18:06:07 | 000,084,754 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.02.15 18:06:07 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.02.15 18:01:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [1 C:\Dokumente und Einstellungen\thebestian\*.tmp files -> C:\Dokumente und Einstellungen\thebestian\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.07 16:11:00 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin [2012.03.07 16:11:00 | 000,000,132 | ---- | C] () -- C:\httpdwl.dat [2012.03.07 15:40:16 | 000,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml [2012.03.07 15:40:16 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml [2012.03.07 15:33:39 | 000,415,859 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml [2012.03.07 15:19:07 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2012.03.07 14:31:25 | 000,628,378 | ---- | C] () -- C:\Dokumente und Einstellungen\thebestian\Desktop\philipp hinten.jpg [2012.03.06 17:22:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.03.06 16:33:43 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.06 13:58:10 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd [2012.02.25 11:15:31 | 000,016,171 | ---- | C] () -- C:\Dokumente und Einstellungen\thebestian\Desktop\ak47-hi.png [2012.02.22 17:47:10 | 000,056,827 | ---- | C] () -- C:\Dokumente und Einstellungen\thebestian\Desktop\metal mulisha.cdr [2012.02.22 17:14:41 | 001,400,251 | ---- | C] () -- C:\Dokumente und Einstellungen\thebestian\Desktop\monster m.cdr [2012.02.18 12:48:52 | 001,424,504 | ---- | C] () -- C:\Dokumente und Einstellungen\thebestian\Desktop\tresen.cdr [2012.02.15 10:48:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.15 10:48:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012.01.11 12:08:56 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2012.01.11 12:08:11 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\ssp2ml3.dll [2011.12.14 09:51:16 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS79.DLL [2011.09.15 17:02:02 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2011.08.05 08:54:36 | 000,022,723 | R--- | C] () -- C:\WINDOWS\System32\sugs1l3.dll [2011.07.27 09:51:07 | 000,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2011.06.15 16:26:35 | 000,124,781 | ---- | C] () -- C:\WINDOWS\hpoins32.dat.temp [2011.06.15 16:26:35 | 000,001,006 | ---- | C] () -- C:\WINDOWS\hpomdl32.dat.temp [2011.06.15 16:17:45 | 000,124,781 | ---- | C] () -- C:\WINDOWS\hpoins32.dat [2011.06.15 16:17:45 | 000,001,006 | ---- | C] () -- C:\WINDOWS\hpomdl32.dat [2011.06.14 16:47:29 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat [2011.05.10 14:39:20 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.05.10 14:39:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.02.16 12:33:42 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\07F44EC7A6.sys [2011.02.16 12:05:19 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2011.02.15 14:17:29 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat [2011.02.10 11:42:57 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL [2011.02.03 14:00:45 | 000,010,709 | ---- | C] () -- C:\WINDOWS\hpwscr19.dat [2011.02.03 12:36:51 | 000,202,745 | ---- | C] () -- C:\WINDOWS\hpwins19.dat [2011.02.03 12:36:51 | 000,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat [2011.01.04 10:37:36 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat [2011.01.04 10:37:02 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2010.12.15 17:30:28 | 000,122,728 | ---- | C] () -- C:\WINDOWS\HPHins12.dat.temp [2010.12.15 17:30:28 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat.temp [2010.12.13 14:18:15 | 000,183,564 | ---- | C] () -- C:\WINDOWS\hphins33.dat [2010.12.13 14:18:15 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat [2010.12.11 09:57:32 | 000,068,841 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp [2010.12.11 09:57:32 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp [2010.12.11 09:44:08 | 000,068,841 | ---- | C] () -- C:\WINDOWS\hpoins05.dat [2010.12.11 09:44:08 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat [2010.11.26 11:44:54 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2010.11.26 11:44:54 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2010.11.26 11:44:35 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat [2010.11.19 09:52:24 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL [2010.10.15 11:28:00 | 000,014,338 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini [2010.09.16 13:38:26 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6z.DLL [2010.09.16 13:24:44 | 000,000,398 | ---- | C] () -- C:\WINDOWS\System32\CNCMP60.INI [2010.09.02 15:29:21 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL [2010.07.20 16:30:24 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2010.07.16 09:42:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.07.10 09:00:38 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2J.DLL [2010.07.06 09:19:30 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys [2010.07.05 17:02:14 | 004,378,568 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.04.27 08:47:16 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT [2010.03.26 09:32:23 | 000,000,184 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2010.03.17 14:49:56 | 000,000,840 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI ========== LOP Check ========== [2011.10.22 11:49:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avery [2009.07.18 09:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2012.03.07 15:40:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender [2011.11.23 12:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bitstream [2010.02.18 12:26:13 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2012.03.07 15:32:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint [2011.01.07 17:33:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\createpart [2011.02.19 12:24:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro [2011.03.17 16:10:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2011.01.07 17:33:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\explauncher [2012.03.06 14:24:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4D562C8000435DB00005FC7D151FC84 [2012.03.06 15:39:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4D562C801C4AB5500005FC7D151FC84 [2011.01.07 17:33:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\launcher [2010.02.12 17:24:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\phpDesigner [2009.07.17 11:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2009.07.17 11:17:56 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2010.07.20 14:26:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E} [2011.10.26 12:16:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\Avery [2010.06.15 16:09:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\Azureus [2012.03.07 15:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\BitDefender [2012.03.08 12:55:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\Canon [2012.03.07 15:33:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\CheckPoint [2011.02.19 12:34:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\DAEMON Tools Pro [2010.10.14 13:19:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\EPSON [2011.09.15 13:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\gtk-2.0 [2010.07.20 16:30:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\Itim [2012.02.04 10:32:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\Mimaki [2011.09.19 14:24:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\Nvu [2010.07.20 14:11:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\Obbi [2011.03.08 13:06:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\Opera [2011.06.24 12:44:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\phpDesigner [2009.07.17 11:18:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\TuneUp Software [2010.01.26 17:07:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\UDC Profiles [2010.10.07 11:11:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thebestian\Anwendungsdaten\WordToPDF [2012.03.13 13:00:57 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job [2012.03.09 15:38:51 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Files - Unicode (All) ========== [2011.09.03 08:55:02 | 000,000,000 | ---- | M] ()(C:\Dokumente und Einstellungen\thebestian\????????????????5.tmp) -- C:\Dokumente und Einstellungen\thebestian\攼敬敭瑮䰠祡畯㵴潂摲牥慌潹瑵⤨5.tmp < End of report > --- --- --- so SPTD.sys ist beseitigt, aber er startet trotzdem einfach neu und geht nicht in denabgesicherten Modus. Habe Anti Malware auch nochmal laufen lassen. so hier noch die malware log.. |
|
13.03.2012, 18:36
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | komme nicht mehr in den abgesicherten modus win XPZitat:
__________________ |
|
14.03.2012, 09:58
| #3 |
| | komme nicht mehr in den abgesicherten modus win XP ja ich hatte mal daemon tools installiert, ist aber seit längerem deinstalliert. das problem ist ja auch wenn ich im normalen modus trojaner und sonstiges finde dann stürzt mein PC 2xmal beim neustart, beim windowsscreen ab und startet neu. ich habe so das gefühl das, das eine masche ist um die dateien die er löschen wollte zu schützen. jedenfalls bereinigen meine ganzen antiviren programme die probleme nicht. ich hab andauernd neue sachen auf die, die programme anschlagen.
__________________Geändert von basti163 (14.03.2012 um 10:05 Uhr) |
|
14.03.2012, 15:22
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | komme nicht mehr in den abgesicherten modus win XPZitat:
 Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu komme nicht mehr in den abgesicherten modus win XP |
| 0x00000001, 32 bit, askbar, avira, browser, canon, error, failed, flash player, fontcache, google, google chrome, home, internet browser, jdownloader, langsam, logfile, mozilla, mp3, netzwerk, officejet, realtek, registry, rundll, safer networking, scan, searchscopes, security, security scan, server, software, system, trojaner, trojaner board, usb, visual studio, windows, windows internet, windows xp, winpcap packet driver |
Linear-Darstellung
