Home » Spyware & Browser Hijacker Support Forum » ( Win XP) Absturz und bluescreen unmittelbar nach account login » Themenansicht

( Win XP) Absturz und bluescreen unmittelbar nach account login
#0
02.12.2012, 15:34
Sundaymorning
...neu hier

Beiträge: 2
#1 Hallo zusammen,

ich habe auf meinem PC 2 Benutzeraccounts, einen mit eingeschränkten Rechten sowie einen admin account.
Habe gestern auf meinem admin account aida64 installiert, meinen avast Virenscanner aktualisiert, mich abgemeldet und mich in meinen normalen account angemeldet. Unmittelbar nach Erscheinen des desktops erhalte ich einen bluescreen mit einer 0x0000007f Fehlermeldung. Daraufhin den pc neugestartet, in meinen admin account eingeloggt (läuft problemlos) und folgende Meldung in der Ereignisanzeige erhalten:

Laden von boot oder Systemtreiber fehlgeschlagen:

Aavmker4
aswsnx
aswsp
aswTdi
Fips
TTFSmon
Tfsysmon

Nach wie vor schmiert mein PC ab, wenn ich meinen eingeschränkten Benutzeraccount nutzen will, mein admin account läuft problemlos.

Habe OTL sowie Rootrepeal mal laufen lassen, hier sind die logs:

Code

OTL logfile created on: 02.12.2012 15:17:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\admin\Desktop\Neuer Ordner
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 75,55% Memory free
7,96 Gb Paging File | 7,35 Gb Available in Paging File | 92,29% Paging File free
Paging file location(s): C:\pagefile.sys 4989 4989 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 154,63 Gb Free Space | 51,87% Space Free | Partition Type: NTFS
Drive E: | 637,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: HOME | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012.12.02 15:17:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\Neuer Ordner\OTL.exe
PRC - [2012.11.24 10:29:50 | 001,764,864 | ---- | M] (Tomas Koutny) -- C:\Programme\XDTK\Skinny Clock\SkinnyClock.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.07.11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2012.06.11 06:20:13 | 000,949,104 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe
PRC - [2011.02.24 00:42:54 | 000,025,832 | ---- | M] (BioWare) -- C:\Programme\Origin Games\Dragon Age Origins\bin_ship\daupdatersvc.service.exe
PRC - [2010.01.14 15:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFTray.exe
PRC - [2010.01.14 15:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFService.exe
PRC - [2008.10.20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.07.11 18:00:06 | 000,080,392 | ---- | M] () -- C:\Programme\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.05.11 02:09:54 | 000,225,280 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2004.01.08 08:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012.12.01 18:30:29 | 002,036,224 | ---- | M] () -- C:\Programme\Alwil Software\Avast5\defs\12120101\algo.dll
MOD - [2012.12.01 09:38:15 | 002,035,712 | ---- | M] () -- C:\Programme\Alwil Software\Avast5\defs\12120100\algo.dll
MOD - [2012.11.15 08:13:58 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll
MOD - [2012.11.15 08:13:49 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012.11.15 07:30:04 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012.11.15 07:29:00 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\b5af2249e2d550f2752176a75c7a7656\Accessibility.ni.dll
MOD - [2012.11.14 20:19:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012.11.14 20:19:48 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012.11.14 20:19:29 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012.11.14 20:18:10 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012.11.14 20:17:59 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012.11.14 20:15:44 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.07.27 21:21:24 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.03.16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009.04.04 06:00:21 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.04.04 06:00:19 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.04.04 06:00:19 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.10.20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2008.07.11 18:00:06 | 000,080,392 | ---- | M] () -- C:\Programme\GIGABYTE\EnergySaver\GSvr.exe
MOD - [2007.12.07 13:24:56 | 000,117,256 | ---- | M] () -- C:\Programme\GIGABYTE\EnergySaver\ycc.dll
MOD - [2005.07.31 20:10:22 | 000,125,952 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.02.24 00:42:54 | 000,025,832 | ---- | M] () [Auto | Running] -- C:\Programme\Origin Games\Dragon Age Origins\\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2010.01.14 15:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2008.10.20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.07.11 18:00:06 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Programme\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2005.05.11 02:09:54 | 000,225,280 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.12.02 14:08:09 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012.11.27 11:42:16 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV79.sys -- (SSHDRV79)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.28 05:05:12 | 006,646,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012.05.14 07:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011.10.29 14:35:34 | 000,052,616 | -H-- | M] (Sysinternals - www.sysinternals.com) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\PROCMON20.SYS -- (PROCMON20)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.01.14 15:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010.01.14 15:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010.01.14 15:08:28 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009.04.07 12:05:08 | 000,078,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV85.sys -- (SSHDRV85)
DRV - [2008.06.27 04:24:56 | 004,742,656 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.06.16 08:08:42 | 000,109,184 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2003.12.17 08:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003.12.17 08:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1454471165-329068152-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKU\S-1-5-21-1454471165-329068152-725345543-1004\..\SearchScopes,DefaultScope = {D1D88746-F933-418E-AB37-44B86DD0C014}
IE - HKU\S-1-5-21-1454471165-329068152-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1454471165-329068152-725345543-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-1454471165-329068152-725345543-1004\..\SearchScopes\{D1D88746-F933-418E-AB37-44B86DD0C014}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1454471165-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2009.04.04 14:00:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.08.20 19:45:49 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2010.06.29 06:13:42 | 000,000,848 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 192.168.2.1     speedport.ip
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (NTIECatcher Class) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programme\Xi\NetTransport 2\NTIEHelper.dll (Xi)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Programme\ThreatFire\TFTray.exe (PC Tools)
O4 - HKU\S-1-5-21-1454471165-329068152-725345543-1004..\Run: [EADM] C:\Programme\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1454471165-329068152-725345543-1004..\Run: [SkinnyClock] C:\Programme\XDTK\Skinny Clock\SkinnyClock.exe (Tomas Koutny)
O4 - Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\opera.exe.lnk = C:\Programme\Opera\opera.exe (Opera Software)
O4 - Startup: C:\Dokumente und Einstellungen\Wolle\Startmenü\Programme\Autostart\Opera.lnk = C:\Programme\Opera\opera.exe (Opera Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-329068152-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Alles mit Net Transport herunterladen - C:\Programme\Xi\NetTransport 2\NTAddList.html ()
O8 - Extra context menu item: Herunterladen mit Net Transport - C:\Programme\Xi\NetTransport 2\NTAddLink.html ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349870265718 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C632248-EF44-4270-AB15-EBBEACC845D0}: NameServer = 217.0.43.97 217.0.43.113
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.03 20:15:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.09.06 10:03:52 | 000,000,058 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{34f2e474-48f2-11de-9572-001fd0981609}\Shell\AutoRun\command - "" = F:\setup.EXE /AUTORUN
O33 - MountPoints2\{34f2e474-48f2-11de-9572-001fd0981609}\Shell\configure\command - "" = F:\setup.EXE
O33 - MountPoints2\{34f2e474-48f2-11de-9572-001fd0981609}\Shell\install\command - "" = F:\setup.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.12.02 14:44:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\SUPERAntiSpyware.com
[2012.12.02 14:44:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2012.12.02 14:44:25 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2012.12.01 18:37:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Malwarebytes
[2012.12.01 18:36:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.12.01 18:36:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.12.01 18:36:23 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.12.01 18:36:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.12.01 18:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\admin\Desktop\Neuer Ordner
[2012.12.01 16:52:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ATI
[2012.12.01 16:50:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Catalyst Control Center
[2012.12.01 16:49:15 | 000,103,040 | ---- | C] (Advanced Micro Devices) -- C:\WINDOWS\System32\drivers\AtihdXP3.sys
[2012.12.01 16:48:51 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2012.12.01 16:48:50 | 000,307,200 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2012.12.01 16:47:44 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2012.12.01 15:19:59 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\admin\Recent
[2012.12.01 14:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FinalWire
[2012.12.01 14:30:27 | 000,000,000 | ---D | C] -- C:\Programme\FinalWire
[2012.12.01 13:35:33 | 000,000,000 | ---D | C] -- C:\Programme\OpenAL
[2012.12.01 11:03:07 | 000,000,000 | ---D | C] -- C:\AMD
[2012.11.27 11:49:16 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PocketSoft
[2012.11.27 11:33:50 | 000,000,000 | ---D | C] -- C:\Programme\Ascaron Entertainment
[2012.11.27 10:31:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ascaron Entertainment
[2012.11.25 11:31:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skinny Clock
[2012.11.25 11:31:56 | 000,000,000 | ---D | C] -- C:\Programme\XDTK
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.12.02 14:44:29 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.12.02 14:09:45 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.12.02 14:08:09 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2012.12.02 14:08:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.12.02 14:08:02 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.12.02 14:08:00 | 000,641,946 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2012.12.01 20:04:58 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.12.01 18:36:27 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.01 16:51:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.12.01 15:05:17 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.12.01 15:05:17 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.12.01 14:30:29 | 000,000,856 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\AIDA64 Extreme Edition.lnk
[2012.12.01 13:35:32 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2012.12.01 13:35:32 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2012.12.01 11:45:54 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2012.12.01 11:02:19 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012.11.27 17:03:01 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Sacred Underworld.lnk
[2012.11.27 11:42:16 | 000,075,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\SSHDRV79.sys
[2012.11.27 11:39:40 | 000,000,826 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Sacred.lnk
[2012.11.14 20:24:26 | 000,492,640 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.11.14 20:24:26 | 000,473,010 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.11.14 20:24:26 | 000,091,154 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.11.14 20:24:26 | 000,076,104 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.12.02 14:44:29 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.12.01 18:36:27 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.01 16:48:51 | 000,268,680 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2012.12.01 16:48:51 | 000,038,557 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2012.12.01 16:48:50 | 000,637,743 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012.12.01 14:30:29 | 000,000,856 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\AIDA64 Extreme Edition.lnk
[2012.12.01 11:02:19 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012.11.27 17:03:01 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\Sacred Underworld.lnk
[2012.11.27 11:42:16 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV79.sys
[2012.11.27 11:39:40 | 000,000,826 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\Sacred.lnk
[2012.11.25 12:09:48 | 000,003,072 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\w2k.png
[2012.11.25 12:03:26 | 000,067,854 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\w98.bmp
[2012.11.25 11:34:46 | 000,000,879 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\Modern Black.ini
[2012.02.15 17:04:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.03.16 16:40:01 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin
[2011.03.15 12:41:49 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2011.03.15 12:41:49 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010.12.12 20:06:48 | 001,313,855 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1454471165-329068152-725345543-1005-0.dat
[2010.12.12 20:06:47 | 000,108,726 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2010.08.22 05:12:13 | 005,733,166 | ---- | C] () -- C:\Programme\tfbl.db4
[2010.08.22 05:12:05 | 000,580,604 | ---- | C] () -- C:\Programme\tfwl.db5
[2010.08.22 05:12:04 | 000,073,052 | ---- | C] () -- C:\Programme\Statistics.xml
[2010.08.22 05:12:04 | 000,004,278 | ---- | C] () -- C:\Programme\Blogs.htm
[2010.02.02 11:57:47 | 000,000,000 | RH-- | C] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\e302afdd6c85c7ecd55d5b1671d0461a
[2009.04.04 19:44:38 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009.04.04 05:57:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009.12.25 12:38:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\GrabPro
[2012.06.11 06:26:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Opera
[2012.08.02 15:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Origin
[2011.02.01 14:59:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Sports Interactive
[2009.04.04 14:00:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Thunderbird
[2010.06.03 05:43:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\TS3Client
[2012.07.15 11:17:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\TV-Browser
[2010.05.26 09:07:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2012.08.20 19:12:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BioWare
[2012.08.03 16:41:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2012.10.14 17:44:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Origin
[2012.08.02 14:08:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Premium
[2012.01.25 18:50:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.12.02 14:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Test\Anwendungsdaten\Opera
[2012.12.01 20:12:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Test\Anwendungsdaten\TV-Browser
[2009.06.16 15:05:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolle\Anwendungsdaten\ImgBurn
[2010.08.12 11:58:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolle\Anwendungsdaten\JonDo
[2012.06.11 16:56:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolle\Anwendungsdaten\Opera
[2012.09.11 10:39:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolle\Anwendungsdaten\Origin
[2009.04.04 16:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolle\Anwendungsdaten\Thunderbird
[2010.04.12 16:04:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolle\Anwendungsdaten\TS3Client
[2012.11.30 17:22:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolle\Anwendungsdaten\TV-Browser
[2012.07.31 06:24:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolle\Anwendungsdaten\Unity
[2012.07.25 15:04:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolle\Anwendungsdaten\XnView
[2011.02.12 12:42:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolle\Anwendungsdaten\xVideoServiceThief
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

Code

OTL Extras logfile created on: 02.12.2012 15:17:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\admin\Desktop\Neuer Ordner
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 75,55% Memory free
7,96 Gb Paging File | 7,35 Gb Available in Paging File | 92,29% Paging File free
Paging file location(s): C:\pagefile.sys 4989 4989 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 154,63 Gb Free Space | 51,87% Space Free | Partition Type: NTFS
Drive E: | 637,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: HOME | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-1454471165-329068152-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Origin Games\Dragon Age Origins\bin_ship\daupdatersvc.service.exe" = C:\Programme\Origin Games\Dragon Age Origins\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins -Inhaltsupdater -- (BioWare)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera -- (Opera Software)
"C:\Programme\Sports Interactive\Football Manager 2011 Demo\fm.exe" = C:\Programme\Sports Interactive\Football Manager 2011 Demo\fm.exe:*:Disabled:Football Manager 2011 Demo
"C:\Programme\Sports Interactive\Football Manager 2011\fm.exe" = C:\Programme\Sports Interactive\Football Manager 2011\fm.exe:*:Disabled:Football Manager 2011
"C:\Programme\TV-Browser\tvbrowser.exe" = C:\Programme\TV-Browser\tvbrowser.exe:*:Enabled:TV-Browser -- ()
"C:\Programme\TV-Browser\tvbrowser_noDD.exe" = C:\Programme\TV-Browser\tvbrowser_noDD.exe:*:Enabled:TV-Browser (ohne DirectX) -- ()
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java -- (Sun Microsystems, Inc.)
"C:\Programme\Origin Games\Dragon Age Origins\bin_ship\daorigins.exe" = C:\Programme\Origin Games\Dragon Age Origins\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins -Spiel -- (BioWare)
"C:\Programme\Origin Games\Dragon Age Origins\DAOriginsLauncher.exe" = C:\Programme\Origin Games\Dragon Age Origins\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins -Launcher -- (BioWare)
"C:\Programme\Origin Games\Dragon Age Origins\bin_ship\daupdatersvc.service.exe" = C:\Programme\Origin Games\Dragon Age Origins\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins -Inhaltsupdater -- (BioWare)
"C:\Programme\Origin Games\Dragon Age Origins\bin_ship\EACoreServer.exe" = C:\Programme\Origin Games\Dragon Age Origins\bin_ship\EACoreServer.exe:*:Enabled:EA Core Server Application -- (Electronic Arts)
"C:\Programme\Ascaron Entertainment\Sacred\Gameserver.exe" = C:\Programme\Ascaron Entertainment\Sacred\Gameserver.exe:*:Enabled:Sacred Gameserver -- (Ascaron Entertainment GmbH)
"C:\Programme\Ascaron Entertainment\Sacred\Sacred.exe" = C:\Programme\Ascaron Entertainment\Sacred\Sacred.exe:*:Enabled:Sacred -- (Ascaron Entertainment GmbH)
"C:\Programme\Ascaron Entertainment\Sacred Underworld\gameserver.exe" = C:\Programme\Ascaron Entertainment\Sacred Underworld\gameserver.exe:*:Enabled:Sacred Gameserver -- (Ascaron Entertainment GmbH)
"C:\Programme\Ascaron Entertainment\Sacred Underworld\sacred.exe" = C:\Programme\Ascaron Entertainment\Sacred Underworld\sacred.exe:*:Enabled:Sacred -- (studio II Software)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05E7A774-FBDC-EF1F-E56C-84DD82E3A085}" = Catalyst Control Center
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A64449B-010C-3A4B-7D61-9F5EA9BDDA85}" = CCC Help Korean
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 30
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{30E40DAC-58D2-E34B-9108-732AB123BBC5}" = CCC Help French
"{335315BA-3EFC-ABE4-D242-7B8691600859}" = CCC Help Portuguese
"{34225AF5-C1B6-8553-3AB4-18943E598BA5}" = CCC Help Chinese Standard
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E2AE2DE-BA36-F75C-C42F-4F81CFB8C69D}" = CCC Help Spanish
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40285F95-B5CA-927D-5AA9-2E4C346BBF18}" = CCC Help German
"{42EEC419-24CA-6716-854C-58C8F72D50F1}" = CCC Help Turkish
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.0708.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1 
"{5C206C21-D400-102A-931B-891B4E91E050}" = CCC Help English
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F9A7E9C-491A-4A1F-E15F-6FD76AF9B69D}" = CCC Help Czech
"{661D29B7-80F5-9D8E-0E98-F6B1985F4326}" = Catalyst Control Center Graphics Previews Common
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{6BA86584-D28F-E8B1-401A-36FEB2F116C1}" = CCC Help Italian
"{785CC57D-7880-3EAB-B2D4-980A23ABEC7C}" = CCC Help Russian
"{7AAD83F2-ECC4-DA0C-E692-EE978EE9AE63}" = ccc-utility
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0711.1
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FCA0F04-0360-05A1-5611-CA3797B2922B}" = CCC Help Thai
"{94B5EB58-4409-4CD2-BEA4-A8E8B1708A50}" = AMD Catalyst Install Manager
"{98295A26-683A-D06A-336B-E481F4417209}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5944EB-D4F9-CF2D-E1DD-F777F8C96055}" = Catalyst Control Center Localization All
"{9B70D2D2-9497-DB65-24AF-F26680B6387D}" = CCC Help Norwegian
"{9D10159F-1845-1EBA-A8D0-2FE77FC57F7A}" = CCC Help Polish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78070FF-BED1-1144-2C61-A4F895FC79EF}" = CCC Help Danish
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD277A6-F8AB-BF24-D2A7-BDE32F2F4498}" = CCC Help Chinese Traditional
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFB8B095-E145-6554-0991-C8BF134036DE}" = CCC Help Swedish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B84A5E9D-6568-8B83-4989-0CBE0BBCA154}" = CCC Help Greek
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C6C82B03-1C44-EF77-3EEC-1ACECD19FC69}" = CCC Help Hungarian
"{C8785E83-AA70-4735-B1B1-15F594B86DAB}" = Philips Firmware Manager
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC168E4B-E913-145C-B337-95AC6C1231F5}" = CCC Help Dutch
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D792A069-B96B-40BA-BCB4-E5651A6E5926}" = Far Cry (Patch 1)
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5C351DC-434E-2661-9392-7A5D6652FC00}" = CCC Help Japanese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EB5F33-124B-BEEE-BCB6-1C7F91290865}" = CCC Help Finnish
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.70
"AsfTools 3.1" = AsfTools 3.1 (remove only)
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Compress it v1.92" = Compress it v1.92
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Flick_is1" = DVD Flick 1.3.0.6
"EA Installer.-1349575552" = EA Installer
"FaJo XP File Security Extension_is1" = FaJo XP File Security Extension v1.2
"HD Tune_is1" = HD Tune 2.55
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.0708.2
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Net Transport_is1" = Net Transport 1.94.282
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"Opera 11.64.1403" = Opera 11.64
"Origin" = Origin
"Quests and Legends Tweaks v2.0 by Idomeneas_is1" = Quests and Legends Tweaks v2.0 by Idomeneas version 2.0
"RTPatch_is1" = RTPatch Update
"Sacred Underworld_is1" = Sacred Underworld
"Sacred_is1" = Sacred
"Skinny Clock_is1" = Skinny Clock v1.16 R2
"SopCast" = SopCast 3.5.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"ThreatExpert Memory Scanner_is1" = ThreatExpert Memory Scanner 1.0
"tvbrowser" = TV-Browser 3.1
"VLC media player" = VLC media player 2.0.4
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.99
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1454471165-329068152-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Simple Analog Clock" = Simple Analog Clock
"Simplest Clock" = Simplest Clock
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 06.07.2010 06:16:11 | Computer Name = HOME | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung TFUN.exe, Version 4.10.1.14, fehlgeschlagenes
 Modul TFUN.exe, Version 4.10.1.14, Fehleradresse 0x00016c9b.
 
Error - 27.07.2010 05:12:11 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung groschengrab_3.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 11.08.2010 08:28:33 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung clientupdate.exe, Version 2.0.0.381, fehlgeschlagenes
 Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00011689.
 
Error - 20.08.2010 05:22:29 | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 20.08.2010 05:22:29 | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 26.08.2010 11:27:50 | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 26.08.2010 11:27:50 | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 26.08.2010 11:40:17 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung twoworlds.exe, Version 1.7.0.0, fehlgeschlagenes
 Modul twoworlds.exe, Version 1.7.0.0, Fehleradresse 0x002dfcc9.
 
Error - 31.08.2010 05:58:48 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung twoworlds.exe, Version 1.7.0.0, fehlgeschlagenes
 Modul twoworlds.exe, Version 1.7.0.0, Fehleradresse 0x003633c3.
 
Error - 04.09.2010 09:54:04 | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TwoWorlds.exe, Version 1.7.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ Application Events ]
Error - 06.07.2010 06:16:11 | Computer Name = HOME | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung TFUN.exe, Version 4.10.1.14, fehlgeschlagenes
 Modul TFUN.exe, Version 4.10.1.14, Fehleradresse 0x00016c9b.
 
Error - 27.07.2010 05:12:11 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung groschengrab_3.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 11.08.2010 08:28:33 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung clientupdate.exe, Version 2.0.0.381, fehlgeschlagenes
 Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00011689.
 
Error - 20.08.2010 05:22:29 | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 20.08.2010 05:22:29 | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 26.08.2010 11:27:50 | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 26.08.2010 11:27:50 | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 26.08.2010 11:40:17 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung twoworlds.exe, Version 1.7.0.0, fehlgeschlagenes
 Modul twoworlds.exe, Version 1.7.0.0, Fehleradresse 0x002dfcc9.
 
Error - 31.08.2010 05:58:48 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung twoworlds.exe, Version 1.7.0.0, fehlgeschlagenes
 Modul twoworlds.exe, Version 1.7.0.0, Fehleradresse 0x003633c3.
 
Error - 04.09.2010 09:54:04 | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TwoWorlds.exe, Version 1.7.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 01.12.2012 10:57:25 | Computer Name = HOME | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 01.12.2012 10:57:42 | Computer Name = HOME | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "MSIServer"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {000C101C-0000-0000-C000-000000000046}
 
Error - 01.12.2012 10:58:38 | Computer Name = HOME | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 01.12.2012 11:00:52 | Computer Name = HOME | Source = System Error | ID = 1003
Description = Fehlercode 0000007f, 1. Parameter 00000000, 2. Parameter 00000000,
 3. Parameter 00000000, 4. Parameter 00000000.
 
Error - 01.12.2012 12:09:05 | Computer Name = HOME | Source = System Error | ID = 1003
Description = Fehlercode 0000007f, 1. Parameter 00000000, 2. Parameter 00000000,
 3. Parameter 00000000, 4. Parameter 00000000.
 
Error - 01.12.2012 14:00:04 | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = Dienst "O&O Defrag" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 02.12.2012 04:56:36 | Computer Name = HOME | Source = System Error | ID = 1003
Description = Fehlercode 0000007f, 1. Parameter 00000000, 2. Parameter 00000000,
 3. Parameter 00000000, 4. Parameter 00000000.
 
Error - 02.12.2012 05:34:58 | Computer Name = HOME | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 02.12.2012 05:35:51 | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Aavmker4  aswSnx  aswSP  aswTdi  Fips  intelppm  TfFsMon  TfSysMon
 
Error - 02.12.2012 06:51:48 | Computer Name = HOME | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
 
< End of report >

Code

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:        2012/12/02 14:21
Program Version:        Version 1.3.5.0
Windows Version:        Windows XP SP3
==================================================

SSDT
-------------------
#: 009    Function Name: NtAddBootEntry
Status: Not hooked

#: 017    Function Name: NtAllocateVirtualMemory
Status: Not hooked

#: 019    Function Name: NtAssignProcessToJobObject
Status: Not hooked

#: 025    Function Name: NtClose
Status: Not hooked

#: 035    Function Name: NtCreateEvent
Status: Not hooked

#: 036    Function Name: NtCreateEventPair
Status: Not hooked

#: 038    Function Name: NtCreateIoCompletion
Status: Not hooked

#: 041    Function Name: NtCreateKey
Status: Not hooked

#: 043    Function Name: NtCreateMutant
Status: Not hooked

#: 050    Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xacb734ba

#: 051    Function Name: NtCreateSemaphore
Status: Not hooked

#: 053    Function Name: NtCreateThread
Status: Not hooked

#: 054    Function Name: NtCreateTimer
Status: Not hooked

#: 057    Function Name: NtDebugActiveProcess
Status: Not hooked

#: 061    Function Name: NtDeleteBootEntry
Status: Not hooked

#: 063    Function Name: NtDeleteKey
Status: Not hooked

#: 065    Function Name: NtDeleteValueKey
Status: Not hooked

#: 068    Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xacc20c22

#: 071    Function Name: NtEnumerateKey
Status: Not hooked

#: 073    Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xacb73ed6

#: 083    Function Name: NtFreeVirtualMemory
Status: Not hooked

#: 097    Function Name: NtLoadDriver
Status: Not hooked

#: 109    Function Name: NtModifyBootEntry
Status: Not hooked

#: 111    Function Name: NtNotifyChangeKey
Status: Not hooked

#: 112    Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked

#: 114    Function Name: NtOpenEvent
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xacbb5811

#: 115    Function Name: NtOpenEventPair
Status: Not hooked

#: 117    Function Name: NtOpenIoCompletion
Status: Not hooked

#: 119    Function Name: NtOpenKey
Status: Not hooked

#: 120    Function Name: NtOpenMutant
Status: Not hooked

#: 122    Function Name: NtOpenProcess
Status: Not hooked

#: 125    Function Name: NtOpenSection
Status: Not hooked

#: 126    Function Name: NtOpenSemaphore
Status: Not hooked

#: 128    Function Name: NtOpenThread
Status: Not hooked

#: 131    Function Name: NtOpenTimer
Status: Not hooked

#: 137    Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacb7efa8

#: 160    Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xacb7eff4

#: 163    Function Name: NtQueryObject
Status: Not hooked

#: 177    Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xacb7f176

#: 180    Function Name: NtQueueApcThread
Status: Not hooked

#: 192    Function Name: NtRenameKey
Status: Not hooked

#: 204    Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb9ef2a1c

#: 211    Function Name: NtSetBootEntryOrder
Status: Not hooked

#: 212    Function Name: NtSetBootOptions
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xacb7ef16

#: 213    Function Name: NtSetContextThread
Status: Not hooked

#: 240    Function Name: NtSetSystemInformation
Status: Not hooked

#: 241    Function Name: NtSetSystemPowerState
Status: Not hooked

#: 247    Function Name: NtSetValueKey
Status: Not hooked

#: 249    Function Name: NtShutdownSystem
Status: Not hooked

#: 253    Function Name: NtSuspendProcess
Status: Not hooked

#: 254    Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xacb7f038

#: 255    Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xacb7ef5e

#: 257    Function Name: NtTerminateProcess
Status: Not hooked

#: 258    Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xacb7411c

#: 262    Function Name: NtUnloadDriver
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacb7f130

#: 268    Function Name: NtVdmControl
Status: Not hooked

#: 277    Function Name: NtWriteVirtualMemory
Status: Not hooked

#: 283    Function Name: NtQueryPortInformationProcess
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb7493e

#: 282    Function Name: NtWaitForKeyedEvent
Status: Not hooked

#: 281    Function Name: NtReleaseKeyedEvent
Status: Not hooked

#: 280    Function Name: NtOpenKeyedEvent
Status: Not hooked

#: 279    Function Name: NtCreateKeyedEvent
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb73508

#: 278    Function Name: NtYieldExecution
Status: Not hooked

#: 276    Function Name: NtWriteRequestData
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xb9ef2c10

#: 275    Function Name: NtWriteFileGather
Status: Not hooked

#: 274    Function Name: NtWriteFile
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xb9ef2cb6

#: 273    Function Name: NtWaitLowEventPair
Status: Not hooked

#: 272    Function Name: NtWaitHighEventPair
Status: Not hooked

#: 271    Function Name: NtWaitForSingleObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb781c2

#: 270    Function Name: NtWaitForMultipleObjects
Status: Not hooked

#: 269    Function Name: NtWaitForDebugEvent
Status: Not hooked

#: 267    Function Name: NtUnmapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacbb5d42

#: 266    Function Name: NtUnlockVirtualMemory
Status: Not hooked

#: 265    Function Name: NtUnlockFile
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacbb5bad

#: 264    Function Name: NtUnloadKeyEx
Status: Not hooked

#: 263    Function Name: NtUnloadKey
Status: Not hooked

#: 261    Function Name: NtTranslateFilePath
Status: Not hooked

#: 260    Function Name: NtTraceEvent
Status: Not hooked

#: 259    Function Name: NtTestAlert
Status: Not hooked

#: 256    Function Name: NtTerminateJobObject
Status: Not hooked

#: 252    Function Name: NtStopProfile
Status: Not hooked

#: 251    Function Name: NtStartProfile
Status: Not hooked

#: 250    Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked

#: 248    Function Name: NtSetVolumeInformationFile
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacc20cea

#: 246    Function Name: NtSetUuidSeed
Status: Not hooked

#: 245    Function Name: NtSetTimerResolution
Status: Not hooked

#: 244    Function Name: NtSetTimer
Status: Not hooked

#: 243    Function Name: NtSetThreadExecutionState
Status: Not hooked

#: 242    Function Name: NtSetSystemTime
Status: Not hooked

#: 239    Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked

#: 238    Function Name: NtSetSystemEnvironmentValue
Status: Not hooked

#: 237    Function Name: NtSetSecurityObject
Status: Not hooked

#: 236    Function Name: NtSetQuotaInformationFile
Status: Not hooked

#: 235    Function Name: NtSetLowWaitHighEventPair
Status: Not hooked

#: 234    Function Name: NtSetLowEventPair
Status: Not hooked

#: 233    Function Name: NtSetLdtEntries
Status: Not hooked

#: 232    Function Name: NtSetIoCompletion
Status: Not hooked

#: 231    Function Name: NtSetIntervalProfile
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb73170

#: 230    Function Name: NtSetInformationToken
Status: Not hooked

#: 229    Function Name: NtSetInformationThread
Status: Not hooked

#: 228    Function Name: NtSetInformationProcess
Status: Not hooked

#: 227    Function Name: NtSetInformationObject
Status: Not hooked

#: 226    Function Name: NtSetInformationKey
Status: Not hooked

#: 225    Function Name: NtSetInformationJobObject
Status: Not hooked

#: 224    Function Name: NtSetInformationFile
Status: Not hooked

#: 223    Function Name: NtSetInformationDebugObject
Status: Not hooked

#: 222    Function Name: NtSetHighWaitLowEventPair
Status: Not hooked

#: 221    Function Name: NtSetHighEventPair
Status: Not hooked

#: 220    Function Name: NtSetEventBoostPriority
Status: Not hooked

#: 219    Function Name: NtSetEvent
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb73556

#: 218    Function Name: NtSetEaFile
Status: Not hooked

#: 217    Function Name: NtSetDefaultUILanguage
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb78534

#: 216    Function Name: NtSetDefaultLocale
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb753a6

#: 215    Function Name: NtSetDefaultHardErrorPort
Status: Not hooked

#: 214    Function Name: NtSetDebugFilterState
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb7efd2

#: 210    Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb7f016

#: 209    Function Name: NtSaveMergedKeys
Status: Not hooked

#: 208    Function Name: NtSaveKeyEx
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb7f19a

#: 207    Function Name: NtSaveKey
Status: Not hooked

#: 206    Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xb9ef290c

#: 205    Function Name: NtResumeProcess
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb7ef3c

#: 203    Function Name: NtResetWriteWatch
Status: Not hooked

#: 202    Function Name: NtResetEvent
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb77c3e

#: 201    Function Name: NtRequestWakeupLatency
Status: Not hooked

#: 200    Function Name: NtRequestWaitReplyPort
Status: Not hooked

#: 199    Function Name: NtRequestPort
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb7f0ba

#: 198    Function Name: NtRequestDeviceWakeup
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb7ef86

#: 197    Function Name: NtReplyWaitReplyPort
Status: Not hooked

#: 196    Function Name: NtReplyWaitReceivePortEx
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb77f14

#: 195    Function Name: NtReplyWaitReceivePort
Status: Not hooked

#: 194    Function Name: NtReplyPort
Status: Not hooked

#: 193    Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb7f154

#: 191    Function Name: NtRemoveProcessDebug
Status: Not hooked

#: 190    Function Name: NtRemoveIoCompletion
Status: Not hooked

#: 189    Function Name: NtReleaseSemaphore
Status: Not hooked

#: 188    Function Name: NtReleaseMutant
Status: Not hooked

#: 187    Function Name: NtRegisterThreadTerminatePort
Status: Not hooked

#: 186    Function Name: NtReadVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacc20e4a

#: 185    Function Name: NtReadRequestData
Status: Not hooked

#: 184    Function Name: NtReadFileScatter
Status: Not hooked

#: 183    Function Name: NtReadFile
Status: Not hooked

#: 182    Function Name: NtRaiseHardError
Status: Not hooked

#: 181    Function Name: NtRaiseException
Status: Not hooked

#: 179    Function Name: NtQueryVolumeInformationFile
Status: Not hooked

#: 178    Function Name: NtQueryVirtualMemory
Status: Not hooked

#: 176    Function Name: NtQueryTimerResolution
Status: Not hooked

#: 175    Function Name: NtQueryTimer
Status: Not hooked

#: 174    Function Name: NtQuerySystemTime
Status: Not hooked

#: 173    Function Name: NtQuerySystemInformation
Status: Not hooked

#: 172    Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked

#: 171    Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked

#: 170    Function Name: NtQuerySymbolicLinkObject
Status: Not hooked

#: 169    Function Name: NtQuerySemaphore
Status: Not hooked

#: 168    Function Name: NtQuerySecurityObject
Status: Not hooked

#: 167    Function Name: NtQuerySection
Status: Not hooked

#: 166    Function Name: NtQueryQuotaInformationFile
Status: Not hooked

#: 165    Function Name: NtQueryPerformanceCounter
Status: Not hooked

#: 164    Function Name: NtQueryOpenSubKeys
Status: Not hooked

#: 162    Function Name: NtQueryMutant
Status: Not hooked

#: 161    Function Name: NtQueryMultipleValueKey
Status: Not hooked

#: 159    Function Name: NtQueryIoCompletion
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacbb5a28

#: 158    Function Name: NtQueryIntervalProfile
Status: Not hooked

#: 157    Function Name: NtQueryInstallUILanguage
Status: Not hooked

#: 156    Function Name: NtQueryInformationToken
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb75272

#: 155    Function Name: NtQueryInformationThread
Status: Not hooked

#: 154    Function Name: NtQueryInformationProcess
Status: Not hooked

#: 153    Function Name: NtQueryInformationPort
Status: Not hooked

#: 152    Function Name: NtQueryInformationJobObject
Status: Not hooked

#: 151    Function Name: NtQueryInformationFile
Status: Not hooked

#: 150    Function Name: NtQueryInformationAtom
Status: Not hooked

#: 149    Function Name: NtQueryFullAttributesFile
Status: Not hooked

#: 148    Function Name: NtQueryEvent
Status: Not hooked

#: 147    Function Name: NtQueryEaFile
Status: Not hooked

#: 146    Function Name: NtQueryDirectoryObject
Status: Not hooked

#: 145    Function Name: NtQueryDirectoryFile
Status: Not hooked

#: 144    Function Name: NtQueryDefaultUILanguage
Status: Not hooked

#: 143    Function Name: NtQueryDefaultLocale
Status: Not hooked

#: 142    Function Name: NtQueryDebugFilterState
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacbb587a

#: 141    Function Name: NtQueryBootOptions
Status: Not hooked

#: 140    Function Name: NtQueryBootEntryOrder
Status: Not hooked

#: 139    Function Name: NtQueryAttributesFile
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb74dd4

#: 138    Function Name: NtPulseEvent
Status: Not hooked

#: 136    Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked

#: 135    Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked

#: 134    Function Name: NtPrivilegeCheck
Status: Not hooked

#: 133    Function Name: NtPowerInformation
Status: Not hooked

#: 132    Function Name: NtPlugPlayControl
Status: Not hooked

#: 130    Function Name: NtOpenThreadTokenEx
Status: Not hooked

#: 129    Function Name: NtOpenThreadToken
Status: Not hooked

#: 127    Function Name: NtOpenSymbolicLinkObject
Status: Not hooked

#: 124    Function Name: NtOpenProcessTokenEx
Status: Not hooked

#: 123    Function Name: NtOpenProcessToken
Status: Not hooked

#: 121    Function Name: NtOpenObjectAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacc2d7d2

#: 118    Function Name: NtOpenJobObject
Status: Not hooked

#: 116    Function Name: NtOpenFile
Status: Not hooked

#: 113    Function Name: NtOpenDirectoryObject
Status: Not hooked

#: 110    Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked

#: 108    Function Name: NtMapViewOfSection
Status: Not hooked

#: 107    Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked

#: 106    Function Name: NtMapUserPhysicalPages
Status: Not hooked

#: 105    Function Name: NtMakeTemporaryObject
Status: Not hooked

#: 104    Function Name: NtMakePermanentObject
Status: Not hooked

#: 103    Function Name: NtLockVirtualMemory
Status: Not hooked

#: 102    Function Name: NtLockRegistryKey
Status: Not hooked

#: 101    Function Name: NtLockProductActivationKeys
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacbb4838

#: 100    Function Name: NtLockFile
Status: Not hooked

#: 099    Function Name: NtLoadKey2
Status: Not hooked

#: 098    Function Name: NtLoadKey
Status: Not hooked

#: 096    Function Name: NtListenPort
Status: Not hooked

#: 095    Function Name: NtIsSystemResumeAutomatic
Status: Not hooked

#: 094    Function Name: NtIsProcessInJob
Status: Not hooked

#: 093    Function Name: NtInitiatePowerAction
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb735a4

#: 092    Function Name: NtInitializeRegistry
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb735f2

#: 091    Function Name: NtImpersonateThread
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb747be

#: 090    Function Name: NtImpersonateClientOfPort
Status: Not hooked

#: 089    Function Name: NtImpersonateAnonymousToken
Status: Not hooked

#: 088    Function Name: NtGetWriteWatch
Status: Not hooked

#: 087    Function Name: NtGetPlugPlayEvent
Status: Not hooked

#: 086    Function Name: NtGetDevicePowerState
Status: Not hooked

#: 085    Function Name: NtGetContextThread
Status: Not hooked

#: 084    Function Name: NtFsControlFile
Status: Not hooked

#: 082    Function Name: NtFreeUserPhysicalPages
Status: Not hooked

#: 081    Function Name: NtFlushWriteBuffer
Status: Not hooked

#: 080    Function Name: NtFlushVirtualMemory
Status: Not hooked

#: 079    Function Name: NtFlushKey
Status: Not hooked

#: 078    Function Name: NtFlushInstructionCache
Status: Not hooked

#: 077    Function Name: NtFlushBuffersFile
Status: Not hooked

#: 076    Function Name: NtFindAtom
Status: Not hooked

#: 075    Function Name: NtFilterToken
Status: Not hooked

#: 074    Function Name: NtExtendSection
Status: Not hooked

#: 072    Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked

#: 070    Function Name: NtEnumerateBootEntries
Status: Not hooked

#: 069    Function Name: NtDuplicateToken
Status: Not hooked

#: 067    Function Name: NtDisplayString
Status: Not hooked

#: 066    Function Name: NtDeviceIoControlFile
Status: Not hooked

#: 064    Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked

#: 062    Function Name: NtDeleteFile
Status: Not hooked

#: 060    Function Name: NtDeleteAtom
Status: Not hooked

#: 059    Function Name: NtDelayExecution
Status: Not hooked

#: 058    Function Name: NtDebugContinue
Status: Not hooked

#: 056    Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb731fa

#: 055    Function Name: NtCreateToken
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb733aa

#: 052    Function Name: NtCreateSymbolicLinkObject
Status: Not hooked

#: 049    Function Name: NtCreateProfile
Status: Not hooked

#: 048    Function Name: NtCreateProcessEx
Status: Not hooked

#: 047    Function Name: NtCreateProcess
Status: Not hooked

#: 046    Function Name: NtCreatePort
Status: Not hooked

#: 045    Function Name: NtCreatePagingFile
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xb9ef2e52

#: 044    Function Name: NtCreateNamedPipeFile
Status: Not hooked

#: 042    Function Name: NtCreateMailslotFile
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb73350

#: 040    Function Name: NtCreateJobSet
Status: Not hooked

#: 039    Function Name: NtCreateJobObject
Status: Not hooked

#: 037    Function Name: NtCreateFile
Status: Not hooked

#: 034    Function Name: NtCreateDirectoryObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb74af8

#: 033    Function Name: NtCreateDebugObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb74c54

#: 032    Function Name: NtContinue
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb7341a

#: 031    Function Name: NtConnectPort
Status: Not hooked

#: 030    Function Name: NtCompressKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xb9ef4b30

#: 029    Function Name: NtCompleteConnectPort
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb74636

#: 028    Function Name: NtCompareTokens
Status: Not hooked

#: 027    Function Name: NtCompactKeys
Status: Not hooked

#: 026    Function Name: NtCloseObjectAuditAlarm
Status: Not hooked

#: 024    Function Name: NtClearEvent
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacc1f41c

#: 023    Function Name: NtCancelTimer
Status: Not hooked

#: 022    Function Name: NtCancelIoFile
Status: Not hooked

#: 021    Function Name: NtCancelDeviceWakeupRequest
Status: Not hooked

#: 020    Function Name: NtCallbackReturn
Status: Not hooked

#: 018    Function Name: NtAreMappedFilesTheSame
Status: Not hooked

#: 016    Function Name: NtAllocateUuids
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb73640

#: 015    Function Name: NtAllocateUserPhysicalPages
Status: Not hooked

#: 014    Function Name: NtAllocateLocallyUniqueId
Status: Not hooked

#: 013    Function Name: NtAlertThread
Status: Not hooked

#: 012    Function Name: NtAlertResumeThread
Status: Not hooked

#: 011    Function Name: NtAdjustPrivilegesToken
Status: Not hooked

#: 010    Function Name: NtAdjustGroupsToken
Status: Not hooked

#: 008    Function Name: NtAddAtom
Status: Not hooked

#: 007    Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked

#: 006    Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0xacb73f1a

#: 005    Function Name: NtAccessCheckByTypeResultList
Status: Not hooked

#: 004    Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked

#: 003    Function Name: NtAccessCheckByType
Status: Not hooked

#: 002    Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked

#: 001    Function Name: NtAccessCheck
Status: Not hooked

#: 000    Function Name: NtAcceptConnectPort
Status: Not hooked
Werde daraus irgendwie nicht so ganz schlau, würde mich freuen, wenn jemand einen Tip für mich hat.

Vielen Dank schonmal im voraus.

Gruß
Sunday
Seitenanfang Seitenende
05.12.2012, 18:16
Gool
Member
Avatar Gool

Beiträge: 4730
#2 Probiere mal Folgendes:
Gib Deinem normalen Account Admin-Rechte und logge Dich damit ein. Wenn er nicht abstürzt, dann logst Du Dich aus, nimmst die Admin-Rechte wieder weg und logst Dich wieder ein.
Mein Gedanke dabei: Vielleicht möchte irgendein Dienst (avast! ist hier meine favorisierte Fehlerquelle) irgendwas aktualisieren, kann es aber nicht, weil ihm Rechte fehlen, was dann zu einem Absturz führt.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Seitenanfang Seitenende
06.12.2012, 08:06
Sundaymorning
...neu hier

Themenstarter

Beiträge: 2
#3 Hallo Gool,

die Idee mit avast hatte ich auch, habe avast nebst Dienst deaktiviert, leider mit demselben Ergebnis. Habe das Problem jetzt mit der "Axt" gelöst: alles unter C:\Dok.+Einst.\Benutzername\ mit wipefile 4x überschrieben, Konto gelöscht, neues erstellt ---> alles läuft wieder rund. Trotzdem vielen Dank für Deine Überlegungen :-)

Gruß
Sunday
Seitenanfang Seitenende
07.12.2012, 10:22
Gool
Member
Avatar Gool

Beiträge: 4730
#4 4fach überschrieben? Hast Du zu viel Zeit, die Du mit unnötigem Firlefanz vertreiben musst? Normales Löschen hätte es auch getan. Aber schön, dass es wieder läuft ;)
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Seitenanfang Seitenende
07.12.2012, 12:03
Xeper
Member
Avatar Xeper

Beiträge: 5291
#5

Zitat

4fach überschrieben? Hast Du zu viel Zeit, die Du mit unnötigem Firlefanz vertreiben musst?
WAAS? Blasphemie!! Denk an den Huth, wie man eine Diskette gefelixt 30k ordentlich überschreibt.
__________
E-Mail: therion at ninth-art dot de
IRC: megatherion @ Freenode
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1