| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows startet nicht - erscheint nur weißer BildschirmWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.05.2012, 16:36
| #1 |
 |  Windows startet nicht - erscheint nur weißer Bildschirm Hallo, nach dem Starten meines PC`s erscheint ein weißer Bildschirm mit dem Hinweis "Bitte warten sie während die Verbindung hergestellt wird ". Der Hinweis steht auch nochmal auf Englisch da. Ich habe Win XP. Leider läßt sich Windows gar nicht starten auch nicht im abgesicherten Modus um einen OTL Scan machen zu können. Was kann ich machen? Gruß Heiko |
|
21.05.2012, 11:09
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windows startet nicht - erscheint nur weißer Bildschirm Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:
__________________Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
__________________ |
|
22.05.2012, 17:45
| #3 |
| | Windows startet nicht - erscheint nur weißer Bildschirm OTL EXTRAS Logfile:
__________________OTL Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 5/22/2012 9:20:58 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
767.00 Mb Total Physical Memory | 528.00 Mb Available Physical Memory | 69.00% Memory free
703.00 Mb Paging File | 558.00 Mb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 114.48 Gb Total Space | 99.84 Gb Free Space | 87.20% Space Free | Partition Type: NTFS
Drive E: | 3.71 Gb Total Space | 1.50 Gb Free Space | 40.31% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 24
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{72FAED8C-15B6-4866-BEB1-91FF04433B4B}" = Neue deutsche Rechtschreibung 2.0
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE VCD
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{991470F7-1A45-4E49-8905-D554A2A048A0}" = Carnet d'activités À plus! 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{C90F1F31-EE00-4E31-ABA3-355FF904F86A}" = Carnet d'activités À plus! 3
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link DWA-140
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E653C735-0D84-AD30-7C75-91C8DC421031}" = Nero 7 Demo
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FEC48C17-C9C7-4536-958D-7B01FB644D8E}_is1" = Kong's World 1.0
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"aha²_is1" = aha² 1.00
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"Combat Flight Simulator 3.0" = Microsoft Combat Flight Simulator 3.0
"Diercke Globus" = Diercke Globus
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"Mathe mit Maya 4" = Mathe mit Maya 4
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Patrimonium_is1" = Patrimonium 1.04
"RealPlayer 6.0" = RealPlayer Basic
"Thoosje Sevenbar" = Thoosje Sevenbar
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
< End of report >
--- --- --- --- --- --- OTL logfile created on: 5/22/2012 8:53:37 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 767.00 Mb Total Physical Memory | 562.00 Mb Available Physical Memory | 73.00% Memory free 703.00 Mb Paging File | 585.00 Mb Available in Paging File | 83.00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 114.48 Gb Total Space | 99.84 Gb Free Space | 87.20% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled] -- -- (HidServ) SRV - [2011/07/20 15:13:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/05/10 13:05:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/06/03 08:36:06 | 000,126,976 | ---- | M] (Wireless Service) [Auto] -- C:\Programme\D-Link\DWA-140 revB\ANIWZCSdS.exe -- (D-Link Wireless N DWA-140) SRV - [2010/06/03 08:36:06 | 000,053,248 | ---- | M] () [Auto] -- C:\Programme\D-Link\DWA-140 revB\ANIWConnService.exe -- (D-Link Wireless N DWA-140_WPS) SRV - [2008/07/26 11:31:25 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2006/01/24 15:05:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005/10/17 21:04:00 | 000,379,812 | R--- | M] (AVM Berlin) [Auto] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2005/08/23 20:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand] -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc) SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2011/12/05 15:24:49 | 000,029,411 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\ANPD.SYS -- (ANPD) DRV - [2011/07/20 15:13:27 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011/07/20 15:13:27 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/05/06 12:35:04 | 000,829,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Drt2870.sys -- (rt2870) DRV - [2009/05/11 06:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/01/24 07:45:20 | 000,242,176 | ---- | M] (iPassion Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iP293x.SYS -- (DCamUSBTP10) DRV - [2006/01/24 15:05:00 | 000,860,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2006/01/24 15:05:00 | 000,622,172 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2006/01/24 15:05:00 | 000,509,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2006/01/24 15:05:00 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2006/01/24 15:05:00 | 000,190,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2006/01/24 15:05:00 | 000,145,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2006/01/24 15:05:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1) DRV - [2006/01/24 15:05:00 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT) DRV - [2006/01/24 15:05:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaidexp.sys -- (ViaIde) DRV - [2005/10/17 21:04:00 | 000,264,704 | R--- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2004/08/03 18:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2001/08/17 06:19:20 | 000,096,256 | ---- | M] (Copyright (C) Creative Technology Ltd. 1994-2001) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64-Treiber (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Fabian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\Fabian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) O1 HOSTS File: ([2011/10/09 11:39:13 | 000,255,977 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 WordPress › Blog Tool, Publishing Platform, and CMS O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 Wips.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 123topsearch.com - Informationen zum Thema 123topsearch. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 *»´ä½×¾Â 8000.com ¦h¤¸¤Æ°Q½×°Ï multi discuss forum O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 8901 more lines... O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\Fabian_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [5kS43ADO0bzprWo] C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programme\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [WZCSLDR2] C:\Programme\D-Link\DWA-140 revB\WZCSLDR2.exe (Wireless Service) O4 - HKU\Administrator_ON_C..\Run: [5kS43ADO0bzprWo] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O4 - HKU\Administrator_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG) O4 - HKU\Administrator_ON_C..\Run: [SpybotSD TeaTimer] File not found O4 - HKU\Fabian_ON_C..\Run: [4Y3Y0C3A9F7W0E5EKCCO] C:\Recycle.Bin\B6232F3AE31.exe (qJGc) O4 - HKU\Fabian_ON_C..\Run: [5kS43ADO0bzprWo] C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O20 - HKU\Administrator_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O20 - HKU\Fabian_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O20 - HKU\Fabian_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/07/26 08:30:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] OTL logfile created on: 5/22/2012 8:53:37 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 767.00 Mb Total Physical Memory | 562.00 Mb Available Physical Memory | 73.00% Memory free 703.00 Mb Paging File | 585.00 Mb Available in Paging File | 83.00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 114.48 Gb Total Space | 99.84 Gb Free Space | 87.20% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled] -- -- (HidServ) SRV - [2011/07/20 15:13:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/05/10 13:05:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/06/03 08:36:06 | 000,126,976 | ---- | M] (Wireless Service) [Auto] -- C:\Programme\D-Link\DWA-140 revB\ANIWZCSdS.exe -- (D-Link Wireless N DWA-140) SRV - [2010/06/03 08:36:06 | 000,053,248 | ---- | M] () [Auto] -- C:\Programme\D-Link\DWA-140 revB\ANIWConnService.exe -- (D-Link Wireless N DWA-140_WPS) SRV - [2008/07/26 11:31:25 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2006/01/24 15:05:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005/10/17 21:04:00 | 000,379,812 | R--- | M] (AVM Berlin) [Auto] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2005/08/23 20:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand] -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc) SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2011/12/05 15:24:49 | 000,029,411 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\ANPD.SYS -- (ANPD) DRV - [2011/07/20 15:13:27 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011/07/20 15:13:27 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/05/06 12:35:04 | 000,829,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Drt2870.sys -- (rt2870) DRV - [2009/05/11 06:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/01/24 07:45:20 | 000,242,176 | ---- | M] (iPassion Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iP293x.SYS -- (DCamUSBTP10) DRV - [2006/01/24 15:05:00 | 000,860,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2006/01/24 15:05:00 | 000,622,172 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2006/01/24 15:05:00 | 000,509,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2006/01/24 15:05:00 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2006/01/24 15:05:00 | 000,190,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2006/01/24 15:05:00 | 000,145,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2006/01/24 15:05:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1) DRV - [2006/01/24 15:05:00 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT) DRV - [2006/01/24 15:05:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaidexp.sys -- (ViaIde) DRV - [2005/10/17 21:04:00 | 000,264,704 | R--- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2004/08/03 18:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2001/08/17 06:19:20 | 000,096,256 | ---- | M] (Copyright (C) Creative Technology Ltd. 1994-2001) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64-Treiber (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Fabian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\Fabian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) O1 HOSTS File: ([2011/10/09 11:39:13 | 000,255,977 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 WordPress › Blog Tool, Publishing Platform, and CMS O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 Wips.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 123topsearch.com - Informationen zum Thema 123topsearch. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 *»´ä½×¾Â 8000.com ¦h¤¸¤Æ°Q½×°Ï multi discuss forum O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 8901 more lines... O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\Fabian_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [5kS43ADO0bzprWo] C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programme\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [WZCSLDR2] C:\Programme\D-Link\DWA-140 revB\WZCSLDR2.exe (Wireless Service) O4 - HKU\Administrator_ON_C..\Run: [5kS43ADO0bzprWo] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O4 - HKU\Administrator_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG) O4 - HKU\Administrator_ON_C..\Run: [SpybotSD TeaTimer] File not found O4 - HKU\Fabian_ON_C..\Run: [4Y3Y0C3A9F7W0E5EKCCO] C:\Recycle.Bin\B6232F3AE31.exe (qJGc) O4 - HKU\Fabian_ON_C..\Run: [5kS43ADO0bzprWo] C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O20 - HKU\Administrator_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O20 - HKU\Fabian_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O20 - HKU\Fabian_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/07/26 08:30:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] |
|
22.05.2012, 19:21
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows startet nicht - erscheint nur weißer Bildschirm OTL.txt ist unvollstöndig und auch nicht mit CODE-Tags umschlossen!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.05.2012, 11:07
| #5 |
| | Windows startet nicht - erscheint nur weißer Bildschirm OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/22/2012 8:53:37 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
767.00 Mb Total Physical Memory | 562.00 Mb Available Physical Memory | 73.00% Memory free
703.00 Mb Paging File | 585.00 Mb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 114.48 Gb Total Space | 99.84 Gb Free Space | 87.20% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/07/20 15:13:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/10 13:05:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/06/03 08:36:06 | 000,126,976 | ---- | M] (Wireless Service) [Auto] -- C:\Programme\D-Link\DWA-140 revB\ANIWZCSdS.exe -- (D-Link Wireless N DWA-140)
SRV - [2010/06/03 08:36:06 | 000,053,248 | ---- | M] () [Auto] -- C:\Programme\D-Link\DWA-140 revB\ANIWConnService.exe -- (D-Link Wireless N DWA-140_WPS)
SRV - [2008/07/26 11:31:25 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/01/24 15:05:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/10/17 21:04:00 | 000,379,812 | R--- | M] (AVM Berlin) [Auto] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2005/08/23 20:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand] -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/12/05 15:24:49 | 000,029,411 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\ANPD.SYS -- (ANPD)
DRV - [2011/07/20 15:13:27 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/20 15:13:27 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/05/06 12:35:04 | 000,829,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Drt2870.sys -- (rt2870)
DRV - [2009/05/11 06:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/01/24 07:45:20 | 000,242,176 | ---- | M] (iPassion Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iP293x.SYS -- (DCamUSBTP10)
DRV - [2006/01/24 15:05:00 | 000,860,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/01/24 15:05:00 | 000,622,172 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/01/24 15:05:00 | 000,509,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/01/24 15:05:00 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2006/01/24 15:05:00 | 000,190,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/01/24 15:05:00 | 000,145,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/01/24 15:05:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2006/01/24 15:05:00 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2006/01/24 15:05:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaidexp.sys -- (ViaIde)
DRV - [2005/10/17 21:04:00 | 000,264,704 | R--- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2004/08/03 18:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001/08/17 06:19:20 | 000,096,256 | ---- | M] (Copyright (C) Creative Technology Ltd. 1994-2001) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64-Treiber (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Fabian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\Fabian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
O1 HOSTS File: ([2011/10/09 11:39:13 | 000,255,977 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 WordPress › Blog Tool, Publishing Platform, and CMS
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 Wips.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com - Informationen zum Thema 123topsearch. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 *»´ä½×¾Â 8000.com ¦h¤¸¤Æ°Q½×°Ï multi discuss forum
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8901 more lines...
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Fabian_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [5kS43ADO0bzprWo] C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programme\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [WZCSLDR2] C:\Programme\D-Link\DWA-140 revB\WZCSLDR2.exe (Wireless Service)
O4 - HKU\Administrator_ON_C..\Run: [5kS43ADO0bzprWo] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O4 - HKU\Administrator_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Administrator_ON_C..\Run: [SpybotSD TeaTimer] File not found
O4 - HKU\Fabian_ON_C..\Run: [4Y3Y0C3A9F7W0E5EKCCO] C:\Recycle.Bin\B6232F3AE31.exe (qJGc)
O4 - HKU\Fabian_ON_C..\Run: [5kS43ADO0bzprWo] C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O20 - HKU\Administrator_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O20 - HKU\Fabian_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O20 - HKU\Fabian_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/26 08:30:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/05/18 13:23:50 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache
[2012/05/18 13:23:46 | 000,238,080 | ---- | C] (QRPU) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe
[2012/04/17 10:38:13 | 000,238,080 | ---- | C] (QRPU) -- C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe
[2011/12/03 09:52:53 | 003,552,208 | ---- | C] (Piriform Ltd) -- C:\Programme\ccsetup313.exe
[2010/07/14 06:22:54 | 017,010,016 | ---- | C] (Microsoft Corporation) -- C:\Programme\IE8-WindowsXP-x86-DEU.exe
[2008/07/28 14:15:57 | 015,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Programme\spybotsd160.exe
[2006/01/24 15:05:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[52 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/18 13:29:34 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc5dd89524cbbc.job
[2012/05/18 13:29:33 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{35F6FA0D-185A-4F55-BC44-587890C552FD}
[2012/05/18 13:29:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/18 13:01:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/18 12:49:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[52 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/12/05 15:24:49 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ANPDApi.dll
[2011/12/05 15:24:49 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANPD64.SYS
[2011/12/05 15:24:49 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANPD.SYS
[2011/12/05 15:23:53 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/08/27 13:50:41 | 000,000,358 | ---- | C] () -- C:\WINDOWS\Bruchpilot.ini
[2010/07/21 08:44:43 | 044,151,368 | ---- | C] () -- C:\Programme\avira_antivir_personal_de.exe
[2010/02/11 16:20:07 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\$_hpcst$.hpc
[2009/03/08 15:19:49 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Fabian\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/31 09:05:41 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/26 06:26:59 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/06 14:09:41 | 000,544,256 | --S- | C] () -- C:\WINDOWS\System32\janGraphics.dll
[2008/07/31 12:23:06 | 000,000,172 | ---- | C] () -- C:\WINDOWS\MatheTiger4.ini
[2008/07/28 14:11:00 | 022,322,568 | ---- | C] () -- C:\Programme\antivir_workstation8_winu_de_h.exe
[2008/07/28 14:10:18 | 000,266,941 | ---- | C] () -- C:\Programme\noscript-1.7.7.zip
[2008/07/27 14:31:05 | 000,824,364 | ---- | C] () -- C:\WINDOWS\Diercke Globus Uninstaller.exe
[2008/07/26 12:23:22 | 000,097,388 | R--- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2008/07/26 11:30:30 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/26 09:20:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/26 09:19:02 | 000,777,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/26 08:38:26 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-80661102}.dat
[2008/07/26 08:38:26 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-00000009-00001102-00000002-80661102}.dat
[2008/07/26 08:38:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/26 08:26:46 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/11/02 03:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2006/01/24 15:05:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/24 15:05:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/24 15:05:00 | 000,316,594 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/01/24 15:05:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/01/24 15:05:00 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/01/24 15:05:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/24 15:05:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006/01/24 15:05:00 | 000,228,510 | ---- | C] () -- C:\WINDOWS\System32\ctsbasw.dat
[2006/01/24 15:05:00 | 000,222,293 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/01/24 15:05:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/24 15:05:00 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/01/24 15:05:00 | 000,111,996 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2006/01/24 15:05:00 | 000,054,190 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/01/24 15:05:00 | 000,048,156 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/01/24 15:05:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/24 15:05:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/01/24 15:05:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006/01/24 15:05:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2006/01/24 15:05:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/24 15:05:00 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2006/01/24 15:05:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/01/24 15:05:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/24 15:05:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/01/24 15:05:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2008/07/27 14:33:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ndr
[2008/07/26 08:42:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2008/07/27 14:16:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ulead Systems
[2010/11/02 12:33:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\Cornelsen
[2008/11/14 12:06:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\Diercke Globus
[2008/11/14 12:25:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\ndr
[2009/07/13 12:39:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\Ulead Systems
[2010/02/13 08:18:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cornelsen
[2008/07/26 08:42:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2008/07/27 14:00:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2012/03/16 13:11:16 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
========== Purity Check ==========
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/22/2012 8:53:37 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
767.00 Mb Total Physical Memory | 562.00 Mb Available Physical Memory | 73.00% Memory free
703.00 Mb Paging File | 585.00 Mb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 114.48 Gb Total Space | 99.84 Gb Free Space | 87.20% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/07/20 15:13:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/10 13:05:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/06/03 08:36:06 | 000,126,976 | ---- | M] (Wireless Service) [Auto] -- C:\Programme\D-Link\DWA-140 revB\ANIWZCSdS.exe -- (D-Link Wireless N DWA-140)
SRV - [2010/06/03 08:36:06 | 000,053,248 | ---- | M] () [Auto] -- C:\Programme\D-Link\DWA-140 revB\ANIWConnService.exe -- (D-Link Wireless N DWA-140_WPS)
SRV - [2008/07/26 11:31:25 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/01/24 15:05:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/10/17 21:04:00 | 000,379,812 | R--- | M] (AVM Berlin) [Auto] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2005/08/23 20:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand] -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/12/05 15:24:49 | 000,029,411 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\ANPD.SYS -- (ANPD)
DRV - [2011/07/20 15:13:27 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/20 15:13:27 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/05/06 12:35:04 | 000,829,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Drt2870.sys -- (rt2870)
DRV - [2009/05/11 06:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/01/24 07:45:20 | 000,242,176 | ---- | M] (iPassion Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iP293x.SYS -- (DCamUSBTP10)
DRV - [2006/01/24 15:05:00 | 000,860,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/01/24 15:05:00 | 000,622,172 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/01/24 15:05:00 | 000,509,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/01/24 15:05:00 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2006/01/24 15:05:00 | 000,190,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/01/24 15:05:00 | 000,145,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/01/24 15:05:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2006/01/24 15:05:00 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2006/01/24 15:05:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaidexp.sys -- (ViaIde)
DRV - [2005/10/17 21:04:00 | 000,264,704 | R--- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2004/08/03 18:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001/08/17 06:19:20 | 000,096,256 | ---- | M] (Copyright (C) Creative Technology Ltd. 1994-2001) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64-Treiber (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Fabian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\Fabian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
O1 HOSTS File: ([2011/10/09 11:39:13 | 000,255,977 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 WordPress › Blog Tool, Publishing Platform, and CMS
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 Wips.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com - Informationen zum Thema 123topsearch. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 *»´ä½×¾Â 8000.com ¦h¤¸¤Æ°Q½×°Ï multi discuss forum
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8901 more lines...
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Fabian_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [5kS43ADO0bzprWo] C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programme\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [WZCSLDR2] C:\Programme\D-Link\DWA-140 revB\WZCSLDR2.exe (Wireless Service)
O4 - HKU\Administrator_ON_C..\Run: [5kS43ADO0bzprWo] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O4 - HKU\Administrator_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Administrator_ON_C..\Run: [SpybotSD TeaTimer] File not found
O4 - HKU\Fabian_ON_C..\Run: [4Y3Y0C3A9F7W0E5EKCCO] C:\Recycle.Bin\B6232F3AE31.exe (qJGc)
O4 - HKU\Fabian_ON_C..\Run: [5kS43ADO0bzprWo] C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O20 - HKU\Administrator_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O20 - HKU\Fabian_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O20 - HKU\Fabian_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/26 08:30:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/05/18 13:23:50 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache
[2012/05/18 13:23:46 | 000,238,080 | ---- | C] (QRPU) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe
[2012/04/17 10:38:13 | 000,238,080 | ---- | C] (QRPU) -- C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe
[2011/12/03 09:52:53 | 003,552,208 | ---- | C] (Piriform Ltd) -- C:\Programme\ccsetup313.exe
[2010/07/14 06:22:54 | 017,010,016 | ---- | C] (Microsoft Corporation) -- C:\Programme\IE8-WindowsXP-x86-DEU.exe
[2008/07/28 14:15:57 | 015,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Programme\spybotsd160.exe
[2006/01/24 15:05:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[52 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/18 13:29:34 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc5dd89524cbbc.job
[2012/05/18 13:29:33 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{35F6FA0D-185A-4F55-BC44-587890C552FD}
[2012/05/18 13:29:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/18 13:01:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/18 12:49:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[52 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/12/05 15:24:49 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ANPDApi.dll
[2011/12/05 15:24:49 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANPD64.SYS
[2011/12/05 15:24:49 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANPD.SYS
[2011/12/05 15:23:53 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/08/27 13:50:41 | 000,000,358 | ---- | C] () -- C:\WINDOWS\Bruchpilot.ini
[2010/07/21 08:44:43 | 044,151,368 | ---- | C] () -- C:\Programme\avira_antivir_personal_de.exe
[2010/02/11 16:20:07 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\$_hpcst$.hpc
[2009/03/08 15:19:49 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Fabian\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/31 09:05:41 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/26 06:26:59 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/06 14:09:41 | 000,544,256 | --S- | C] () -- C:\WINDOWS\System32\janGraphics.dll
[2008/07/31 12:23:06 | 000,000,172 | ---- | C] () -- C:\WINDOWS\MatheTiger4.ini
[2008/07/28 14:11:00 | 022,322,568 | ---- | C] () -- C:\Programme\antivir_workstation8_winu_de_h.exe
[2008/07/28 14:10:18 | 000,266,941 | ---- | C] () -- C:\Programme\noscript-1.7.7.zip
[2008/07/27 14:31:05 | 000,824,364 | ---- | C] () -- C:\WINDOWS\Diercke Globus Uninstaller.exe
[2008/07/26 12:23:22 | 000,097,388 | R--- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2008/07/26 11:30:30 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/26 09:20:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/26 09:19:02 | 000,777,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/26 08:38:26 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-80661102}.dat
[2008/07/26 08:38:26 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-00000009-00001102-00000002-80661102}.dat
[2008/07/26 08:38:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/26 08:26:46 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/11/02 03:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2006/01/24 15:05:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/24 15:05:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/24 15:05:00 | 000,316,594 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/01/24 15:05:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/01/24 15:05:00 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/01/24 15:05:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/24 15:05:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006/01/24 15:05:00 | 000,228,510 | ---- | C] () -- C:\WINDOWS\System32\ctsbasw.dat
[2006/01/24 15:05:00 | 000,222,293 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/01/24 15:05:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/24 15:05:00 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/01/24 15:05:00 | 000,111,996 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2006/01/24 15:05:00 | 000,054,190 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/01/24 15:05:00 | 000,048,156 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/01/24 15:05:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/24 15:05:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/01/24 15:05:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006/01/24 15:05:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2006/01/24 15:05:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/24 15:05:00 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2006/01/24 15:05:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/01/24 15:05:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/24 15:05:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/01/24 15:05:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2008/07/27 14:33:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ndr
[2008/07/26 08:42:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2008/07/27 14:16:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ulead Systems
[2010/11/02 12:33:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\Cornelsen
[2008/11/14 12:06:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\Diercke Globus
[2008/11/14 12:25:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\ndr
[2009/07/13 12:39:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\Ulead Systems
[2010/02/13 08:18:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cornelsen
[2008/07/26 08:42:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2008/07/27 14:00:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2012/03/16 13:11:16 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
========== Purity Check ==========
< End of report >
|
|
27.05.2012, 11:25
| #6 |
| | Windows startet nicht - erscheint nur weißer Bildschirm Hallo, sind jetzt alle Angaben komplett oder fehlt noch was ? Gruß Heiko |
|
28.05.2012, 14:47
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows startet nicht - erscheint nur weißer Bildschirm Sry hatte deinen Beitrag übersehen Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [5kS43ADO0bzprWo] C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O4 - HKU\Administrator_ON_C..\Run: [5kS43ADO0bzprWo] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O4 - HKU\Administrator_ON_C..\Run: [SpybotSD TeaTimer] File not found
O4 - HKU\Fabian_ON_C..\Run: [4Y3Y0C3A9F7W0E5EKCCO] C:\Recycle.Bin\B6232F3AE31.exe (qJGc)
O4 - HKU\Fabian_ON_C..\Run: [5kS43ADO0bzprWo] C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Fabian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O20 - HKU\Administrator_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O20 - HKU\Fabian_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O20 - HKU\Fabian_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe) - C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe (QRPU)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/26 08:30:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2012/05/18 13:23:46 | 000,238,080 | ---- | C] (QRPU) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\soundblaster_fx648.exe
[2012/04/17 10:38:13 | 000,238,080 | ---- | C] (QRPU) -- C:\Dokumente und Einstellungen\Fabian\Anwendungsdaten\soundblaster_fx648.exe
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows startet nicht - erscheint nur weißer Bildschirm |
| abgesicherte, abgesicherten, abgesicherten modus, arten, bildschirm, bitte warten, bitte warten sie während die verbindung hergestellt wird, englisch, erschein, erscheint, hergestellt, hinweis, modus, nicht starten, otl scan, scan, starte, starten, startet, startet nicht, verbindung, weißer, weißer bildschirm, win, windows, windows startet nicht |
Linear-Darstellung
