Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: B Protector for Windows

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 05.09.2012, 14:55   #1
object
 
B Protector for Windows - Icon24

B Protector for Windows



Hallo Community,

ich habe diesen allgemein bekannten Wurm "B Protector for Windows" auf meinem Rechner.
Da ich mich schon schlau gemacht habe und die von t´John genannten Schritte befolgt habe sind hier meine 3 logfiles.

Folgendes Logfile ist von Malewarebytes:






Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.04.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Stefan :: STEFAN-PC [Administrator]

04.09.2012 14:50:24
mbam-log-2012-09-04 (14-50-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 639155
Laufzeit: 9 Stunde(n), 21 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Program Files\Savings Sidekick\Savings Sidekick.dll (Adware.GamePlayLabs) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 26
HKCR\CrossriderApp0005060.BHO (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0005060.BHO.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0005060.FBApi (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0005060.FBApi.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0005060.Sandbox (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0005060.Sandbox.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{11111111-1111-1111-1111-110011501160} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044504460} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\Interface\{55555555-5555-5555-5555-550055505560} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501160} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{11111111-1111-1111-1111-110011501160} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044504460} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{55555555-5555-5555-5555-550055505560} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0005060.BHO.1 (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501160} (Adware.GamePlayLabs) -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Cr_Installer\5060 (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|5060 (PUP.CrossFire.SA) -> Daten: Savings Sidekick -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig (Windows.Tool.Disabled) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 17
C:\Program Files\Uninstall Information\ib_uninst_342\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files\Uninstall Information\ib_uninst_358\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files\Uninstall Information\ib_uninst_361\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files\Uninstall Information\ib_uninst_455\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files\Uninstall Information\ib_uninst_515\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files\Uninstall Information\ib_uninst_518\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files\Uninstall Information\ib_uninst_519\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Users\Stefan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KU67VST9\BestCodecsPack.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Users\Stefan\Downloads\BestCodecsPack (1).exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Users\Stefan\Downloads\BestCodecsPack.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\$RECYCLE.BIN\S-1-5-21-3386111443-1739343494-374529350-1000\$RD5SOS9.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files\Savings Sidekick\Savings Sidekick.dll (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\Savings Sidekick\Savings Sidekick.dll (Adware.GamePlayLabs) -> Löschen bei Neustart.
C:\Program Files\Savings Sidekick\Savings Sidekick.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Savings Sidekick\Savings SidekickGui.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Savings Sidekick\Uninstall.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)




Folgende zwei sind von dem OTL Scan:






OTL Extras logfile created on: 05.09.2012 07:37:04 - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Stefan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 42,23% Memory free
4,21 Gb Paging File | 1,34 Gb Available in Paging File | 31,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,59 Gb Total Space | 32,69 Gb Free Space | 26,67% Space Free | Partition Type: NTFS
Drive D: | 26,45 Gb Total Space | 17,16 Gb Free Space | 64,89% Space Free | Partition Type: FAT32

Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Deutsche Telekom\Telekom Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" [2012.03.04 11:00:49 | 000,000,000 | ---D | M]
Directory [Telekom Fotoservice] -- "C:\Program Files\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
"DisableConfig" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0145C7E1-8983-4D68-9D04-C9062CDAAB4F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{01C53FAC-0827-43B6-8D2A-7D2E18716952}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1C704A87-702D-4A5C-915F-517D989842F1}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{483681D5-0A82-4695-A8A7-5C5F3A19F272}" = rport=10243 | protocol=6 | dir=out | app=system |
"{76AFB169-44A5-46A9-9456-644D8747417B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A5335C5-56D7-41EF-950A-EAA303ED85D2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88C7148B-F21E-4A82-977C-F0FA9E9F5E7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{899024B7-EFB0-417A-86D5-3EADEA536BE7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C6A853A-F33A-460A-B679-92F3A53D006A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{91990706-62C2-46D3-A06B-21E5D7E55DE1}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{9CA08100-EA2E-4011-9CB9-12931D00F8D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B510CE45-62C4-43D9-ACC1-D15857D07B36}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B71A73D0-40BA-4286-B734-36C260A8418B}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080E517A-FDF6-4754-965D-39DDE8B42209}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B87D39A-4BA8-4678-A6A9-FB1D83B039C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0DAB411E-803B-4A4C-A34B-8768AC200FBC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{126ED8EF-C4BB-4E6B-8498-5F65ADE44AB2}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{14C92A83-B479-403B-A699-AFCB141867A4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1A786A39-E707-40F3-A01B-96FE9E82C091}" = protocol=17 | dir=in | app=c:\users\daten von johannes\appdata\local\akamai\netsession_win.exe |
"{30480CB7-87E1-4A80-A2CA-0F3E81BCC4DF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{35D6331D-214C-4BAD-A28B-E33EAA88E1AD}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3674F87F-8A41-47E2-BA8D-725E49335D5C}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{41540FA7-EF4D-4922-886D-CC33F851326C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43439346-3D78-45E0-90E4-BDAD7DAEDBFB}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{47929918-5760-4DE5-9FA8-877FDBFA0634}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{48229996-3446-4FAE-9A81-FC0E07149DCC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4BD947BD-F98B-4247-84D0-202BB828FEE5}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{51453716-F487-4D49-91CF-59F578019062}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{516D7DE4-60E8-403D-9198-9C16EC7DFC41}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B2A5C6E-7D24-40E4-8A49-2281268C5D15}" = protocol=6 | dir=in | app=c:\users\daten von johannes\appdata\local\akamai\netsession_win.exe |
"{5C86DF46-0C92-4F5E-A82C-8B9A65D0E5AC}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5FBE3A54-57F3-46C6-BBBB-75774CE88F49}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{6288564D-0BFF-4DA6-9E43-587AA834CD11}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{6F23D108-7100-4329-94F8-874A378184F3}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{6F259344-EF0A-47E1-B54C-D05982718841}" = protocol=6 | dir=out | app=system |
"{702C373A-AB5F-4B1E-BFA2-646B0AC067BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{757842D3-ADCC-4923-9AFF-23D6766FCB2A}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{765EC3C6-6EF6-4B98-81D9-921D5CAE3CA3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{86A41DAF-487A-42B1-8653-EAEAB29B1658}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{95EB4197-D024-46FB-BA6B-56F8AC81F7B6}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{970EACCC-ADBE-45C1-908C-EF1D89CB1CB7}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{A09FB11C-F40D-4ADF-B579-DF68AF20005A}" = dir=in | app=c:\program files\iminent\iminent.exe |
"{A6BCDB2B-C71D-4E3F-9719-570CCFB0B6BF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{AC93C11F-875D-4FFA-AE9A-19C19CC2F81D}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{AEC6B6EE-D338-4C12-A8F5-4F8A72F79943}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{AFF64449-2AF8-48F0-A3E9-E5D42C199D17}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B6D4CF7E-426D-460F-91E3-D7E210724063}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CC21D245-799E-4AA7-9B33-790764D061C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D176E26B-6756-4FE9-A41B-2D41584D548C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4450CBB-AE96-4CEB-8D56-E06BA184F9AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5AD4699-61CA-4BB8-84E9-5A3C34B718E5}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe |
"{EA3BE27D-B3CE-491B-B58C-2161CB80CC9A}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{F8882568-8598-4C12-B368-4E937ABFE551}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA1B4501-AF75-4702-9BB3-7EFDFD150830}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{138386ED-FBE9-4043-8F4A-9D45A5BFF71D}G:\aoe\aoe ii\empires2.exe" = protocol=6 | dir=in | app=g:\aoe\aoe ii\empires2.exe |
"TCP Query User{2C715EE3-F944-454B-8A9D-F56B48ED591F}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{3CFFB200-0D50-42E6-9D49-3E3218EEEEC1}C:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe |
"TCP Query User{3F2F0DCB-966A-4037-AB22-9C18DE564891}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
"TCP Query User{67DF816D-2C2E-4809-97EE-FC34E5D111ED}C:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart thunder\mhk4.exe" = protocol=6 | dir=in | app=c:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart thunder\mhk4.exe |
"TCP Query User{7477FBC8-6222-41AD-AA89-B929C2187753}G:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=g:\tmnationsforever\tmforever.exe |
"TCP Query User{7B9D994D-7226-4608-846A-265036CE8A19}C:\program files\t-online\t-online_software_6\notifier\notifier.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\notifier\notifier.exe |
"TCP Query User{AB914E16-3D8B-4B97-A754-6E61ED95BE6C}C:\program files\thq\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=c:\program files\thq\titan quest immortal throne\tqit.exe |
"TCP Query User{D103EE4D-2F89-4DF8-B847-B4AC8CE271CC}F:\assozial\spiele\aoe\aoe ii\empires2.exe" = protocol=6 | dir=in | app=f:\assozial\spiele\aoe\aoe ii\empires2.exe |
"UDP Query User{0F6FC8D0-75CE-4742-A2BF-D11ECA40256B}G:\aoe\aoe ii\empires2.exe" = protocol=17 | dir=in | app=g:\aoe\aoe ii\empires2.exe |
"UDP Query User{1515B4AE-C17F-4C08-8DAC-A1E3B944D2FC}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{5C816793-6013-455D-A1C2-5B26285BF7D1}C:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe |
"UDP Query User{5F1FDEBE-49C9-43E1-9A79-F60C68DED1F2}C:\program files\t-online\t-online_software_6\notifier\notifier.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\notifier\notifier.exe |
"UDP Query User{61EC9458-205B-4D90-BC72-6A5F74E31373}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
"UDP Query User{798E6F84-410F-41CA-B63C-D472DD39DF3F}G:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=g:\tmnationsforever\tmforever.exe |
"UDP Query User{C4A001CA-5718-46B7-B05B-9056B0BBCFA6}C:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart thunder\mhk4.exe" = protocol=17 | dir=in | app=c:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart thunder\mhk4.exe |
"UDP Query User{CD108934-FC7F-4755-A2A0-D8FD7B7A7F7A}F:\assozial\spiele\aoe\aoe ii\empires2.exe" = protocol=17 | dir=in | app=f:\assozial\spiele\aoe\aoe ii\empires2.exe |
"UDP Query User{F70D6E25-E0CB-4562-9F72-B69114F068D7}C:\program files\thq\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=c:\program files\thq\titan quest immortal throne\tqit.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{11AE6807-50D2-4F59-82B3-2C3E695E94C2}" = NVIDIA PhysX v8.05.26
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = PC Performer Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}" = Die ersten 10 Jahre
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4DECFC9F-2310-4C02-009A-B6758306EF00}" = FIFA 06
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{636A7142-586A-4DF7-9207-191A2AF5610C}_is1" = AusLogics BoostSpeed
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A693D0D0-0EF2-4D90-96AA-11CC1A4793ED}" = UpdateStar
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A86A50FC-7C22-478B-BAEF-82393328825F}" = LastChaosGER
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D18E9DB2-AC98-4399-8878-C1059403144D}" = Iminent
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 GOLD
"{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Akamai" = Akamai NetSession Interface Service
"Aldi Süd Foto Service" = Aldi Süd Foto Service 4.6
"ALDI Sued Fotoservice_is1" = Aldi Sued Fotoservice 2.7
"ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6
"appbario2 Toolbar" = appbario2 Toolbar
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon MG6100 series Benutzerregistrierung" = Canon MG6100 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Fraps" = Fraps (remove only)
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iLivid" = iLivid
"IMBoosterARP" = Iminent
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Kindersicherung_is1" = Kindersicherung 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSC" = McAfee Total Protection
"PC Wizard 2009_is1" = PC Wizard 2009.1.91
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Searchqu Toolbar" = Searchqu Toolbar
"SpecialSavings" = SpecialSavings
"spydig_is1" = spydig
"Telekom Fotoservice" = Telekom Fotoservice
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"TVISTA - Tuning Vista 3.0_is1" = DATA BECKER TVISTA - Tuning Vista 3.0
"Update Service" = Update Service
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31.08.2012 09:58:59 | Computer Name = Stefan-PC | Source = | ID = 0
Description =

Error - 31.08.2012 09:58:59 | Computer Name = Stefan-PC | Source = | ID = 0
Description =

Error - 01.09.2012 11:50:01 | Computer Name = Stefan-PC | Source = Iminent | ID = 0
Description =

Error - 01.09.2012 11:53:57 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung EAUninstall.exe, Version 1.0.0.0, Zeitstempel
0x452e81e8, fehlerhaftes Modul EAInstall.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d, Prozess-ID 0xcd4,
Anwendungsstartzeit 01cd8859f856cec2.

Error - 01.09.2012 12:05:11 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung EAUninstall.exe, Version 1.0.0.0, Zeitstempel
0x452e81e8, fehlerhaftes Modul EAInstall.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d, Prozess-ID 0x1908,
Anwendungsstartzeit 01cd885b8a70ac82.

Error - 01.09.2012 12:42:39 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4621
Description =

Error - 04.09.2012 08:01:49 | Computer Name = Stefan-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 04.09.2012 08:01:49 | Computer Name = Stefan-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 04.09.2012 10:09:06 | Computer Name = Stefan-PC | Source = VSS | ID = 8194
Description =

Error - 04.09.2012 10:13:27 | Computer Name = Stefan-PC | Source = VSS | ID = 8194
Description =

[ OSession Events ]
Error - 22.07.2011 08:18:55 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05.09.2012 01:51:26 | Computer Name = Stefan-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

Error - 05.09.2012 01:51:26 | Computer Name = Stefan-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

Error - 05.09.2012 01:51:26 | Computer Name = Stefan-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

Error - 05.09.2012 01:51:26 | Computer Name = Stefan-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

Error - 05.09.2012 01:53:46 | Computer Name = Stefan-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

Error - 05.09.2012 01:53:46 | Computer Name = Stefan-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

Error - 05.09.2012 01:53:46 | Computer Name = Stefan-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

Error - 05.09.2012 01:53:46 | Computer Name = Stefan-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

Error - 05.09.2012 01:53:46 | Computer Name = Stefan-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

Error - 05.09.2012 01:53:46 | Computer Name = Stefan-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.


< End of report >








und:







OTL logfile created on: 05.09.2012 07:37:04 - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Stefan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 42,23% Memory free
4,21 Gb Paging File | 1,34 Gb Available in Paging File | 31,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,59 Gb Total Space | 32,69 Gb Free Space | 26,67% Space Free | Partition Type: NTFS
Drive D: | 26,45 Gb Total Space | 17,16 Gb Free Space | 64,89% Space Free | Partition Type: FAT32

Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - c:\PROGRA~1\mcafee\SITEAD~1\saui.exe (McAfee, Inc.)
PRC - C:\Program Files\SpyDig\spydig.exe ()
PRC - C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe (bProtector)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Iminent\Iminent.exe (Iminent)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE (Deutsche Telekom AG)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Users\Stefan\AppData\Roaming\UpdateStar\UpdateStar.exe (UpdateStar GmbH)
PRC - C:\Program Files\McAfee Online Backup\MOBKstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
PRC - C:\Windows\System32\cchservice.exe (Salfeld Computer)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Program Files\Auslogics\AusLogics BoostSpeed\BoostSpeed.exe (Auslogics)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\SpyDig\spydig.exe ()
MOD - C:\Programme\SpyDig\ussafe.dll ()
MOD - C:\Programme\SpyDig\opfile.dll ()
MOD - c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
MOD - C:\Windows\System32\CmdLineExt03.dll ()
MOD - C:\Programme\SpyDig\spkdll.dll ()
MOD - C:\Programme\SpyDig\networkdll.dll ()
MOD - C:\Programme\IMinent Toolbar\tbcore3.dll ()
MOD - C:\Programme\SpyDig\md5.dll ()
MOD - C:\Programme\DATA BECKER\TVISTA - Tuning Vista 3.0\tvshc.dll ()
MOD - C:\Programme\Auslogics\AusLogics BoostSpeed\madBasic_.bpl ()
MOD - C:\Programme\Auslogics\AusLogics BoostSpeed\madDisAsm_.bpl ()
MOD - C:\Programme\Auslogics\AusLogics BoostSpeed\madExcept_.bpl ()
MOD - C:\Programme\SpyDig\zlib1.dll ()


========== Services (SafeList) ==========

SRV - (MSDTC) -- File not found
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (bProtector) -- C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe (bProtector)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (0287881346760498mcinstcleanup) -- C:\Windows\TEMP\028788~1.EXE (McAfee, Inc.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (ksupmgr) -- C:\Windows\System32\ksupmgr.exe (Salfeld Computer)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (DBService) -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (XDva399) -- C:\Windows\system32\XDva399.sys File not found
DRV - (XDva398) -- C:\Windows\system32\XDva398.sys File not found
DRV - (XDva397) -- C:\Windows\system32\XDva397.sys File not found
DRV - (XDva383) -- C:\Windows\system32\XDva383.sys File not found
DRV - (XDva380) -- C:\Windows\system32\XDva380.sys File not found
DRV - (XDva375) -- C:\Windows\system32\XDva375.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mfeavfk01) -- File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cdiskdun) -- C:\Users\Stefan\AppData\Local\Temp\cdiskdun.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (a3a0yxq3) -- File not found
DRV - (rjbefl) -- C:\Windows\System32\drivers\hfoyqon.sys ()
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (RkHit) -- C:\Windows\System32\drivers\RKHit.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (Si3531) -- C:\Windows\System32\drivers\Si3531.sys (Silicon Image, Inc)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.shareware-d.com/de/index.php?rvs=hompag
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.shareware-d.com/de/index.php?rvs=hompag
IE - HKLM\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=342&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.shareware-d.com/de/index.php?rvs=hompag
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appid=79f3f7a1-4287-4156-9759-bbdffcf9ee89
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 53 8D A2 7B 42 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1E3CF04C-0EFA-4506-BE81-6DC4D939B9E4}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{1EC20F40-006D-4A2B-89D6-B3EE35C5A3BE}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=342&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.08.24 12:34:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.09.04 13:57:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension [2012.07.09 15:29:50 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: hxxp://search.iminent.com/?appId=79F3F7A1-4287-4156-9759-BBDFFCF9EE89
CHR - Extension: YouTube = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: SiteAdvisor = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Google Mail = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Programme\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (SpecialSavings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Programme\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\Mcafee\SystemCore\ScriptSn.20120627135043.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programme\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (appbario2 Toolbar) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Programme\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Programme\IMinent Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (appbario2 Toolbar) - {CDF97EE2-DED0-4369-835E-99DD08225FA5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [spydig.exe] C:\Program Files\SpyDig\spydig.exe ()
O4 - HKLM..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe (Auslogics)
O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [UpdateStar] C:\Users\Stefan\AppData\Roaming\UpdateStar\UpdateStar.exe (UpdateStar GmbH)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Programme\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{140C4E26-878B-4F2B-AB13-B1A5B4A59635}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\bprote~1\22463~1.83\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{355a7c46-dc40-11df-b42a-0016d386db5c}\Shell\AutoRun\command - "" = F:\TranscendService(JF).exe
O33 - MountPoints2\{4eee796f-a22e-11de-b756-0016d386db5c}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.04 15:11:40 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012.09.04 15:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2012.09.04 15:07:44 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2012.09.04 14:48:22 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.04 14:46:31 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes
[2012.09.04 14:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.04 14:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.04 14:46:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.04 14:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.04 14:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyDig
[2012.09.04 14:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\SpyDig
[2012.09.04 14:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.09.04 14:03:10 | 000,000,000 | ---D | C] -- C:\41322c52a401c9771995
[2012.08.31 12:16:37 | 000,000,000 | ---D | C] -- C:\fb2ce738514d20f2b6f3c6f8
[2012.08.30 09:07:37 | 000,000,000 | ---D | C] -- C:\e2f4d2fbe0b96c60f45f0d
[2012.08.24 12:53:20 | 000,000,000 | ---D | C] -- C:\c00f737d3b6ba838f4
[2012.08.22 12:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2012.08.21 10:20:34 | 000,000,000 | ---D | C] -- C:\f463bd2e88e7bd909ad379f4a1
[2012.08.19 19:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
[2012.08.18 10:36:23 | 000,000,000 | ---D | C] -- C:\2438174a4b512dea4ce3950edb
[2012.08.18 10:35:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.18 10:35:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.18 10:35:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.18 10:35:11 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.18 10:35:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.18 10:35:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.18 10:35:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.18 10:33:55 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.17 19:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims Creator
[2012.08.17 19:27:55 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sims Deluxe
[2012.08.17 19:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sims Deluxe
[2012.08.17 19:14:32 | 000,000,000 | ---D | C] -- C:\b3932403f1f740cef70ba005
[2012.08.17 18:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\The Sims Creator
[2011.12.12 15:13:32 | 009,734,240 | ---- | C] (McAfee, Inc.) -- C:\ProgramData\TempMOBK-update-6f587c3c1a49f2fdf5254a3e5ed05791.exe
[2011.11.03 18:33:23 | 005,006,472 | ---- | C] (Electronic Arts ) -- C:\Users\Stefan\setup_659.exe
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.09.05 07:54:17 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4ACB5E34-87B0-41B7-A8D4-2B06E96F0430}.job
[2012.09.05 07:54:10 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7E0FFB30-A1EA-45D9-AE1C-BE220B81E5B8}.job
[2012.09.05 07:53:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 07:53:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 07:51:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.05 07:35:24 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\hfoyqon.sys
[2012.09.04 18:51:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.04 16:13:02 | 000,005,678 | ---- | M] () -- C:\Windows\MOBK.blk
[2012.09.04 16:13:01 | 000,001,460 | ---- | M] () -- C:\Windows\MOBK.flt
[2012.09.04 15:11:40 | 000,000,522 | ---- | M] () -- C:\Users\Stefan\Desktop\Fraps.lnk
[2012.09.04 15:07:49 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2012.09.04 14:49:16 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.04 14:31:10 | 000,000,022 | ---- | M] () -- C:\Windows\tpcsd
[2012.09.04 14:29:22 | 000,000,780 | ---- | M] () -- C:\Users\Stefan\Desktop\spydig.lnk
[2012.09.04 14:18:52 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.04 14:18:52 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.04 14:18:52 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.04 14:18:52 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.04 14:02:36 | 000,006,340 | ---- | M] () -- C:\Windows\System32\cchservice.err
[2012.09.04 13:52:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.01 10:06:07 | 000,001,207 | ---- | M] () -- C:\Windows\System32\excltmp~.dat
[2012.08.30 14:35:00 | 000,000,228 | ---- | M] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance2011.job
[2012.08.19 10:13:20 | 000,016,776 | ---- | M] () -- C:\Windows\System32\ccsync.err
[2012.08.18 10:51:02 | 000,271,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.17 19:27:49 | 000,000,809 | ---- | M] () -- C:\Windows\eReg.dat
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.09.05 07:35:24 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\hfoyqon.sys
[2012.09.04 15:11:40 | 000,000,522 | ---- | C] () -- C:\Users\Stefan\Desktop\Fraps.lnk
[2012.09.04 14:31:10 | 000,000,022 | ---- | C] () -- C:\Windows\tpcsd
[2012.09.04 14:29:22 | 000,000,780 | ---- | C] () -- C:\Users\Stefan\Desktop\spydig.lnk
[2012.09.04 14:29:08 | 000,034,736 | ---- | C] () -- C:\Windows\System32\drivers\RKHit.sys
[2012.08.30 14:35:00 | 000,000,228 | ---- | C] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance2011.job
[2012.08.22 09:51:00 | 000,006,340 | ---- | C] () -- C:\Windows\System32\cchservice.err
[2012.07.08 19:34:20 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.04.12 17:28:22 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.04.12 17:28:21 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.02.12 16:45:17 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.02.12 16:44:43 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.02.12 16:44:39 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.12.30 13:19:10 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
[2011.12.25 14:06:44 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.12.25 14:06:44 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.12.15 18:23:51 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.06.17 11:16:37 | 000,000,307 | ---- | C] () -- C:\Windows\game.ini
[2011.05.02 22:43:32 | 000,000,647 | ---- | C] () -- C:\Windows\et.ini
[2011.05.02 22:19:03 | 000,001,207 | ---- | C] () -- C:\Windows\System32\excltmp~.dat
[2011.05.02 22:18:43 | 000,155,536 | ---- | C] () -- C:\Windows\System32\dllcinx.exe
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.02.09 16:25:09 | 000,000,552 | ---- | C] () -- C:\Users\Stefan\AppData\Local\d3d8caps.dat
[2010.12.08 21:43:23 | 000,091,022 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\mdbu.bin
[2010.05.30 19:00:55 | 035,743,536 | ---- | C] () -- C:\Users\Stefan\Update_Service_Setup-2.10.5.11.exe
[2009.06.29 08:44:04 | 000,000,680 | RHS- | C] () -- C:\Users\Stefan\ntuser.pol
[2009.06.21 17:38:51 | 000,004,608 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.20 19:52:04 | 000,001,356 | ---- | C] () -- C:\Users\Stefan\AppData\Local\d3d9caps.dat

< End of report >






Ich bitte um Hilfe bei der Analyse dieser logfiles.
Die erkannten Viren habe ich bei Malewarebytes vorerst jetzt in Quaratäne geschoben.

LG object

Alt 05.09.2012, 16:17   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
B Protector for Windows - Standard

B Protector for Windows



Bitte ESET ausführen, danach sehen wir weiter!

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.


ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher, dass bei Remove Found Threads kein Haken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke .
  • Klicke und speichere das Logfile als ESET.txt auf dem Desktop.
  • Klicke Back und Finish
Bitte poste die Logfile hier.


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu B Protector for Windows
akamai, bandoo, becker, bingbar, bprotector, bprotector for windows, canon, conduit, error, excel, firefox, flash player, google, helper, home, homepage, iminent, install.exe, langs, nodrives, office 2007, pc performer, performer, protector, realtek, recycle.bin, registry, savings, savings sidekick, scan, security, senden, server, sidekick, siteadvisor, software, svchost.exe, updates, usb, viren, vista, windows, wurm




Ähnliche Themen: B Protector for Windows


  1. Advanced System Protector entfernen bei Windows 7
    Log-Analyse und Auswertung - 08.04.2014 (11)
  2. advanced system protector entfernen bei windows 8
    Log-Analyse und Auswertung - 30.01.2014 (16)
  3. Windows Virtual Protector entfernen
    Anleitungen, FAQs & Links - 10.01.2014 (2)
  4. Windows XP (SP3): Probleme mit Advanced System Protector?
    Log-Analyse und Auswertung - 04.01.2014 (7)
  5. Advanced System Protector entfernen bei Windows 7
    Log-Analyse und Auswertung - 02.12.2013 (9)
  6. Windows 8 , Störung durch advanced protector u.a.
    Log-Analyse und Auswertung - 03.11.2013 (3)
  7. Windows 7-Advanced System Protector
    Log-Analyse und Auswertung - 30.10.2013 (17)
  8. Windows XP - Advanced System Protector entfernen
    Log-Analyse und Auswertung - 16.09.2013 (13)
  9. Windows 7: Advanced System Protector Virus
    Log-Analyse und Auswertung - 09.09.2013 (17)
  10. Windows 7: Advanced System Protector + RegClean Pro
    Log-Analyse und Auswertung - 15.08.2013 (7)
  11. Windows Foolproof Protector entfernen
    Anleitungen, FAQs & Links - 13.04.2012 (2)
  12. Windows Component Protector entfernen
    Anleitungen, FAQs & Links - 10.04.2012 (2)
  13. Windows First-Class Protector entfernen
    Anleitungen, FAQs & Links - 31.03.2012 (2)
  14. Windows Accurate Protector entfernen
    Anleitungen, FAQs & Links - 06.07.2011 (2)
  15. Windows Simple Protector entfernen
    Anleitungen, FAQs & Links - 24.03.2011 (2)
  16. Windows Background Protector entfernen
    Anleitungen, FAQs & Links - 23.03.2011 (2)
  17. Windows Problems Protector entfernen
    Anleitungen, FAQs & Links - 02.02.2011 (2)

Zum Thema B Protector for Windows - Hallo Community, ich habe diesen allgemein bekannten Wurm "B Protector for Windows" auf meinem Rechner. Da ich mich schon schlau gemacht habe und die von t´John genannten Schritte befolgt habe - B Protector for Windows...
Archiv
Du betrachtest: B Protector for Windows auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.