Real Upgrade Logon TaskS-1-5-21....

Volker68 · 31.10.2011, 22:56

Hallo Arne,
hier die zweite log-Datei nach dem Scan:OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 31.10.2011 22:26:24 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Volker Stelzl\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 70,28% Memory free
5,34 Gb Paging File | 3,90 Gb Available in Paging File | 73,04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 103,02 Gb Total Space | 29,90 Gb Free Space | 29,02% Space Free | Partition Type: NTFS
Drive D: | 36,71 Gb Total Space | 15,47 Gb Free Space | 42,14% Space Free | Partition Type: NTFS
Drive F: | 36,71 Gb Total Space | 15,47 Gb Free Space | 42,14% Space Free | Partition Type: NTFS
 
Computer Name: PC_STELZL | User Name: Volker Stelzl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\PVSW\bin\w3dbsmgr.exe" = C:\PVSW\bin\w3dbsmgr.exe:*:Enabled:Database Service Manager -- ()
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0CC0FE73-7A2A-4782-8881-807CDB678BAF}" = JUNG Facility-Pilot Planerversion
"{10F71228-EF32-431B-B6BB-D9A535677D79}" = Microsoft XML Parser
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1A1BEE58-8EA1-772E-10DF-97C19C5F1031}" = Nero 7 Demo
"{1EA84402-CD4F-4F19-AFED-C5C228259873}" = G DATA AntiVirus
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29296877-9CE6-4E31-9AB6-6B5C41355F27}" = Praxisgerechte Lösungen 3
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2ABA3053-48A3-4103-ADDA-B7347EBCF5C5}" = EIBA ETS Falcon Diagnostic Applications
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D0AEE5F-D26C-4C39-8C98-CAB234AF5339}" = KNX eteC Falcon Runtime v1.6
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon Camera WIA Driver
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series
"{3CE5D820-34E8-4362-BA66-02C50E1AF75E}" = ATI Catalyst Control Center
"{4337BA09-3208-4DBB-84B7-47939003C0C9}" = Norka Katalog 07 / 2007
"{46AE0161-4BB6-4F01-AB45-AEB7144FF739}" = CA 01 - der interaktive Katalog von Drive Technologies and Industry Automation
"{489CA224-C163-41FB-B370-83813BB77232}" = SG-Tutor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4F2A0E-07B5-41DE-8782-CEB49603D404}" = Brother HL-5240
"{562D0D31-FBAF-4505-8B27-4EC92EEA91D6}" = DIAL Communication Framework
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{572880F8-A845-48E1-97B8-3800E9155B18}" = ETS3 Professional
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1 
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C548372-9779-41BD-96B4-A4B77F8CC4D2}" = ESTOS ProCall Invers
"{81E84F78-F124-487B-BE49-6036561B7233}" = CrystalReport
"{8234A27D-C5A4-4F84-8718-3BF34BCFC89F}" = JourneySoftwarePromo
"{833CF9E6-42DD-46EB-BC96-50A88FFC7A61}" = Foxit PDF Preview Handler for XP
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94A6C63C-540C-4D64-BD12-9D209B54AF6C}" = instrom pro 4
"{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}" = Sentinel Protection Installer 7.6.3
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{9EA50CFF-A90E-4469-89C3-D96FD106F85C}" = KNX ETS Falcon Diagnostic Applications
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A2E8B3-3303-4C0D-AD39-0BE28325C840}" = setup
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BFEDA49F-2E91-4B54-A366-F5A198FE1173}" = DVB-PC TV Star
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C3C2D2D0-33E3-4D53-947F-8EB6E0F4CF0F}" = DDS-CAD 7.3
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CA9EB2CC-FFF0-498E-A784-21D2A77774F2}" = WEKA PraxisCheck-Elektro 4.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{D8C0330E-C815-4C6F-9BFD-0FD570155790}" = Pervasive.SQL 9 SP2 Workgroup for Windows (9.5)
"{DD5854B2-E17F-4F52-8CF7-1CC0AA3B6D91}" = EasyLog USB
"{DE3F165D-D00A-ws-008-ETS3}_is1" = ETS3 - Wetterstation 2v03 Gira
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EAB8FB39-E751-421D-8E36-E78BDC8E7459}" = BEGA Katalog 12 / 2010
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}" = HP Deskjet 5400 series
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F15D925E-9E7E-4F8D-8F5F-803B6EF23A58}" = KNX eteC Falcon Runtime v1.7
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F4FC063B-55AE-400B-895C-6FA5814B4BD3}" = Downloader MK III
"{F5804182-BDF3-4EB5-B401-04C4C32B839A}" = Siemens ETS3 PlugIn Setup V 1.2.7
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{FD0D6478-A1A8-4BA6-A64E-C982402E9200}" = INSTROM pro 2
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"6315-1853-9670-8217" = Polysun Inside 5.6.11.14836
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"AstroViewer 2.11.0" = AstroViewer 2.11.0
"ATI Display Driver" = ATI Display Driver
"Az008ETS3_is1" = ETS3 - Alarmzentrale Gira 1v06
"Basis-FM Tool (Mini-FMTool)" = Basis-FM Tool (Mini-FMTool)
"BDE 32 4.0" = BDE 32 4.0
"BDE Information Utility" = BDE Information Utility
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CorelDRAW 10" = CorelDRAW 10
"CSCLIB" = Canon Camera Support Core Library
"ct008ETS3_is1" = ETS3 - InfoTerminal Touch Gira 1v03
"CtIp008ETS3_is1" = ETS3 - InfoTerminal Touch Gira 1v02
"DasTelefonbuch Deutschland" = DasTelefonbuch Deutschland
"DIALux" = DIALux 4.9
"Elcom 5.1" = Hager - Tehalit 5.1
"ElcomPDF" = ElcomPDF
"ElcomPdf Port Monitor" = ElcomPdf
"Eleplus" = powerbird 8.104
"EL-USB&10C4&0002" = EasyLog USB Device (Driver Removal)
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"ETS3 Professional" = ETS3 Professional
"F100008ETS3_is1" = ETS3 - Tastsensor 2plus Fläche Gira 1v00
"FRITZ! 2.0" = AVM FRITZ!
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"ID008ETS3_is1" = ETS3 - Infodisplay Gira 3.03
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA-Treiber
"InstallShield_{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon EOS-1D Mark II N WIA-Treiber
"InstallShield_{46AE0161-4BB6-4F01-AB45-AEB7144FF739}" = CA 01 - der interaktive Katalog von Drive Technologies and Industry Automation 10-2008 Deutsch
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA-Treiber
"InstallShield_{94A6C63C-540C-4D64-BD12-9D209B54AF6C}" = instrom pro 4
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA-Treiber
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"InstallShield_{FD0D6478-A1A8-4BA6-A64E-C982402E9200}" = INSTROM pro 2
"IOP008ETS3_is1" = ETS3 - SmartSensor Gira 3v0
"magnet" = Elektronischer Magnetplaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MT007ETS3_is1" = ETS3 - MT701 BJE 1v11
"MT008ETS3_is1" = ETS3 - MT701 Gira 1v11
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OBELISK top2_is1" = OBELISK top2
"OUTLOOKR" = Microsoft Office Outlook 2007
"PDASkat" = PDASkat (remove only)
"PDF-XChange 3_is1" = PDF-XChange 3
"Pervasive System Analyzer" = Pervasive System Analyzer
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Schilddirect" = Schilddirect
"Semiolog2" = Semiolog
"ST6UNST #1" = SG30
"T-Online Copas" = T-Online Copas
"Ts2B008ETS3_is1" = ETS3 - Tastsensor 2 plus Gira 2v10
"VDE-Anwendungsprogramm" = VDE-Anwendungsprogramm 8.1.1.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.35
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Helios" = Helios
"Moeller Katalog 2008 V1" = Moeller Katalog 2008 V1
"VDE-Anwendungsprogramm" = VDE-Anwendungsprogramm 8.0.17.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.12.2010 12:04:53 | Computer Name = PC_STELZL | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\CONFIG.MSI\1C4FA1.RBF> in der Hash-Zuordnung kann nicht
 aktualisiert werden.  Kontext:  Anwendung, SystemIndex Katalog  Details:  Ein an das 
System angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
Error - 18.12.2010 12:04:53 | Computer Name = PC_STELZL | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\CONFIG.MSI\1C4FA2.RBF> in der Hash-Zuordnung kann nicht
 aktualisiert werden.  Kontext:  Anwendung, SystemIndex Katalog  Details:  Ein an das 
System angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
Error - 20.12.2010 02:06:20 | Computer Name = PC_STELZL | Source = Windows Search Service | ID = 3013
Description = Eintrag <D:\ELE\DATA\~PVSW~.LOC> in der Hash-Zuordnung kann nicht 
aktualisiert werden.  Kontext:  Anwendung, SystemIndex Katalog  Details:  Ein an das System
 angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
Error - 21.12.2010 02:07:58 | Computer Name = PC_STELZL | Source = Windows Search Service | ID = 3013
Description = Eintrag <D:\ELE\DATA\~PVSW~.LOC> in der Hash-Zuordnung kann nicht 
aktualisiert werden.  Kontext:  Anwendung, SystemIndex Katalog  Details:  Ein an das System
 angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
Error - 22.12.2010 02:01:53 | Computer Name = PC_STELZL | Source = Windows Search Service | ID = 3013
Description = Eintrag <D:\ELE\DATA\~PVSW~.LOC> in der Hash-Zuordnung kann nicht 
aktualisiert werden.  Kontext:  Anwendung, SystemIndex Katalog  Details:  Ein an das System
 angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
Error - 22.12.2010 03:13:43 | Computer Name = PC_STELZL | Source = Windows Search Service | ID = 3013
Description = Eintrag <D:\ELE\DATA\~PVSW~.LOC> in der Hash-Zuordnung kann nicht 
aktualisiert werden.  Kontext:  Anwendung, SystemIndex Katalog  Details:  Ein an das System
 angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
Error - 24.12.2010 05:09:47 | Computer Name = PC_STELZL | Source = Windows Search Service | ID = 3013
Description = Eintrag <D:\ELE\DATA\~PVSW~.LOC> in der Hash-Zuordnung kann nicht 
aktualisiert werden.  Kontext:  Anwendung, SystemIndex Katalog  Details:  Ein an das System
 angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
Error - 24.12.2010 05:10:51 | Computer Name = PC_STELZL | Source = Windows Search Service | ID = 3013
Description = Eintrag <D:\ELE\DATA\~PVSW~.LOC> in der Hash-Zuordnung kann nicht 
aktualisiert werden.  Kontext:  Anwendung, SystemIndex Katalog  Details:  Ein an das System
 angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
Error - 27.12.2010 03:33:57 | Computer Name = PC_STELZL | Source = Windows Search Service | ID = 3013
Description = Eintrag <D:\ELE\DATA\~PVSW~.LOC> in der Hash-Zuordnung kann nicht 
aktualisiert werden.  Kontext:  Anwendung, SystemIndex Katalog  Details:  Ein an das System
 angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
Error - 28.12.2010 08:57:49 | Computer Name = PC_STELZL | Source = Windows Search Service | ID = 3013
Description = Eintrag <D:\ELE\DATA\~PVSW~.LOC> in der Hash-Zuordnung kann nicht 
aktualisiert werden.  Kontext:  Anwendung, SystemIndex Katalog  Details:  Ein an das System
 angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
[ OSession Events ]
Error - 23.04.2009 15:30:22 | Computer Name = PC_STELZL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 889
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 16.09.2011 06:49:42 | Computer Name = PC_STELZL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 30.10.2011 05:37:53 | Computer Name = PC_STELZL | Source = ati2mtag | ID = 44044
Description = I2c return failed
 
Error - 30.10.2011 05:37:53 | Computer Name = PC_STELZL | Source = ati2mtag | ID = 44044
Description = I2c return failed
 
Error - 30.10.2011 10:52:38 | Computer Name = PC_STELZL | Source = ati2mtag | ID = 44044
Description = I2c return failed
 
Error - 30.10.2011 10:52:38 | Computer Name = PC_STELZL | Source = ati2mtag | ID = 44044
Description = I2c return failed
 
Error - 30.10.2011 11:04:12 | Computer Name = PC_STELZL | Source = ati2mtag | ID = 44044
Description = I2c return failed
 
Error - 30.10.2011 11:04:12 | Computer Name = PC_STELZL | Source = ati2mtag | ID = 44044
Description = I2c return failed
 
Error - 30.10.2011 22:17:58 | Computer Name = PC_STELZL | Source = ati2mtag | ID = 44044
Description = I2c return failed
 
Error - 30.10.2011 22:17:58 | Computer Name = PC_STELZL | Source = ati2mtag | ID = 44044
Description = I2c return failed
 
Error - 31.10.2011 12:11:48 | Computer Name = PC_STELZL | Source = ati2mtag | ID = 44044
Description = I2c return failed
 
Error - 31.10.2011 12:11:48 | Computer Name = PC_STELZL | Source = ati2mtag | ID = 44044
Description = I2c return failed
 
 
< End of report >

--- --- ---

cosinus · 01.11.2011, 10:43

Zitat:

ttp=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80

Wozu hast du diesen Proxy eingetragen?

Zitat:

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

Wieso müllst du dir das System mit nutzlosen Toolbars zu?
Deinstalliere über Systemsteuerung unter Software bzw. Programme und Funktionen alles wo Toolbar zu sehen ist. Bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann.
Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung.

Volker68 · 01.11.2011, 17:42

Hallo Arne,
den angesprochene Proxy kenne ich nicht. Ich weiß ehrlich gesagt auch gar nicht, was das bedeutet. Ich denke mal, daß darüber der Datenverkehr zwischen PC und Internet gesteuert wird, oder so.
Ich bin dabei unnütze Anwendungen zu entfernen.

cosinus · 01.11.2011, 20:29

Ok, dann wie wie oben nochmal auf die gleiche Art und Weise ein neues OTL-Log

Volker68 · 01.11.2011, 21:25

Hallo Arne,
habe ein neues OTL-log angefertigt:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.11.2011 21:05:51 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Volker Stelzl\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 70,94% Memory free
5,34 Gb Paging File | 4,04 Gb Available in Paging File | 75,76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 103,02 Gb Total Space | 29,51 Gb Free Space | 28,64% Space Free | Partition Type: NTFS
Drive D: | 36,71 Gb Total Space | 15,42 Gb Free Space | 42,01% Space Free | Partition Type: NTFS
Drive F: | 36,71 Gb Total Space | 15,42 Gb Free Space | 42,01% Space Free | Partition Type: NTFS
 
Computer Name: PC_STELZL | User Name: Volker Stelzl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.31 22:23:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\OTL.exe
PRC - [2011.10.30 16:13:13 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2011.10.09 15:02:32 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.06.14 16:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011.06.09 12:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.06.08 13:49:48 | 000,159,744 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011.03.31 13:32:14 | 000,134,144 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2011.03.01 09:49:30 | 000,487,424 | ---- | M] (SHI Elektronische Medien GmbH) -- C:\Programme\WEKA\PraxisCheck-Elektro 4.2\SHIWebOnDisk.exe
PRC - [2010.10.20 00:00:02 | 000,292,128 | ---- | M] (SafeNet, Inc.) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
PRC - [2010.02.24 13:56:50 | 000,398,128 | ---- | M] () -- C:\Programme\TVG\OnlineUpdate\OnlineUpdateSvc.exe
PRC - [2008.10.29 10:03:54 | 000,955,976 | ---- | M] (G DATA Software AG) -- C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe
PRC - [2008.10.29 10:03:52 | 001,089,608 | ---- | M] (G DATA Software AG) -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
PRC - [2008.09.08 10:46:46 | 001,185,496 | ---- | M] (G DATA Software AG) -- C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe
PRC - [2008.08.19 16:20:50 | 000,386,120 | ---- | M] (G DATA Software AG) -- C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe
PRC - [2008.07.16 03:07:04 | 000,341,296 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!\IWatch.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
PRC - [2006.01.02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005.12.16 12:57:56 | 000,094,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
PRC - [2005.09.30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe
PRC - [2004.01.08 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.12 06:30:36 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d361595a\mscorlib.dll
MOD - [2011.10.12 06:30:34 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_5a810a56\system.drawing.dll
MOD - [2011.10.12 06:30:30 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_fe877702\system.xml.dll
MOD - [2011.10.12 06:30:27 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_a52c1850\system.windows.forms.dll
MOD - [2011.10.12 06:30:22 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_eec95b4c\system.dll
MOD - [2011.10.12 06:30:17 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2011.10.12 06:30:17 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011.09.05 18:04:58 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.01 09:49:34 | 000,045,056 | ---- | M] () -- C:\Programme\WEKA\PraxisCheck-Elektro 4.2\webapp\standard\dll\SHINativeUtil.dll
MOD - [2011.03.01 09:49:22 | 001,351,168 | ---- | M] () -- C:\Programme\WEKA\PraxisCheck-Elektro 4.2\ip-engine\StdFTS\cpl25m.dll
MOD - [2011.03.01 09:49:22 | 000,655,360 | ---- | M] () -- C:\Programme\WEKA\PraxisCheck-Elektro 4.2\ip-engine\StdFTS\config\prod\rca\SHICplUni.dll
MOD - [2011.03.01 09:49:22 | 000,296,960 | ---- | M] () -- C:\Programme\WEKA\PraxisCheck-Elektro 4.2\ip-engine\StdFTS\config\prod\lss\lss_unic.dll
MOD - [2011.03.01 09:49:22 | 000,226,816 | ---- | M] () -- C:\Programme\WEKA\PraxisCheck-Elektro 4.2\ip-engine\StdFTS\config\prod\lss\lss_back.dll
MOD - [2010.02.24 13:56:50 | 000,398,128 | ---- | M] () -- C:\Programme\TVG\OnlineUpdate\OnlineUpdateSvc.exe
MOD - [2008.10.29 14:30:14 | 000,441,416 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\avkregw.dll
MOD - [2008.10.28 11:26:04 | 001,541,704 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\MimeSniffer.dll
MOD - [2008.07.19 15:02:52 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\custmon32.dll
MOD - [2008.03.29 13:21:23 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.03.29 13:21:23 | 000,180,224 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_de_b77a5c561934e089\system.windows.forms.resources.dll
MOD - [2008.03.12 21:43:08 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008.03.12 21:43:08 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2008.03.12 21:43:08 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2008.03.12 21:43:08 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2008.03.12 21:43:07 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2006.03.09 13:58:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\cute2mon2k.dll
MOD - [2005.10.19 10:17:58 | 000,073,728 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll
MOD - [2002.11.26 12:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.09 15:02:32 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.02.13 21:56:59 | 001,623,552 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\DIAL GmbH\DIAL Communication Framework\DialComService.exe -- (DialComService)
SRV - [2010.10.20 00:00:02 | 000,292,128 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime)
SRV - [2010.02.24 13:56:50 | 000,398,128 | ---- | M] () [Auto | Running] -- C:\Programme\TVG\OnlineUpdate\OnlineUpdateSvc.exe -- (TVGOnlineUpdateSvc)
SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.29 10:03:52 | 001,089,608 | ---- | M] (G DATA Software AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2008.09.08 10:46:46 | 001,185,496 | ---- | M] (G DATA Software AG) [Auto | Running] -- C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2008.08.19 16:20:50 | 000,386,120 | ---- | M] (G DATA Software AG) [Auto | Running] -- C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.09.30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.05.18 09:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.05.18 09:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.05.18 09:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.05.18 09:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.10.20 06:05:02 | 000,038,472 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2010.08.27 13:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2010.01.06 15:00:04 | 000,014,592 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV - [2009.09.17 06:05:02 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2009.09.05 15:14:46 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009.03.12 21:49:28 | 000,068,424 | ---- | M] (G DATA Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2009.03.12 19:29:50 | 000,051,016 | ---- | M] (G DATA Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2009.03.12 18:45:51 | 000,048,712 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2009.03.12 18:45:47 | 000,032,328 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2008.11.04 11:25:00 | 000,054,784 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SSIPDDP.SYS -- (SSIPDDP)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.03.12 13:36:33 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.02.29 02:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008.02.29 02:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008.02.29 02:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007.11.29 01:17:56 | 000,036,368 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007.11.29 01:17:48 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.05.07 02:00:00 | 000,537,600 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase)
DRV - [2007.05.07 02:00:00 | 000,053,632 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2006.10.04 02:43:22 | 001,754,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.09.11 12:45:38 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.09.11 12:45:36 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.08.21 11:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.06.18 23:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.03.17 10:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005.09.29 11:28:50 | 000,343,040 | ---- | M] (B2C2, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SkyNet.sys -- (SKYNET)
DRV - [2004.08.13 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.12.17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003.12.17 09:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003.12.17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003.08.10 14:17:00 | 000,256,568 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2002.09.19 21:07:50 | 000,034,683 | ---- | M] (EIBA s.c.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Pei16Wdm.sys -- (Pei16Wdm)
DRV - [2002.08.15 09:20:04 | 000,035,547 | ---- | M] (EIBA s.c.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Pei10Wdm.sys -- (Pei10Wdm)
DRV - [2002.07.19 08:10:20 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)
DRV - [2001.08.17 12:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [2000.07.24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)
DRV - [2000.07.11 17:31:26 | 000,200,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETFRITZ.SYS -- (NETFRITZ)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = t-online.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = t-online.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Wetter Wettervorhersage Regenradar Reisewetter - wetteronline.de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.t-online.de;localhost;<local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.30 16:13:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.08.15 09:02:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.08.15 09:02:15 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2011.10.29 11:56:12 | 000,437,921 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	Free Spyware | Cash Advance | Debt Consolidation | Insurance | Cell Phones at 0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15061 more lines...
O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DIALux 3.1 ULDBrowserHelper Class) - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Programme\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Corel Reminder]  File not found
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe (G DATA Software AG)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [OSSelectorReinstall] C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe ()
O4 - HKLM..\Run: [SHIWebOnDiskManager] C:\Programme\SHIWebOnDiskManager\SHIWebOnDiskManager.exe (SHI Elektronische Medien GmbH)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe (AVM Berlin)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\bin\w3dbsmgr.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Volker Stelzl\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Volker Stelzl\Startmenü\Programme\Autostart\FRITZ!fax (2).lnk = C:\Programme\FRITZ!\FriFax32.exe (AVM Berlin)
O4 - Startup: C:\Dokumente und Einstellungen\Volker Stelzl\Startmenü\Programme\Autostart\FRITZ!fon (2).lnk = C:\Programme\FRITZ!\FriFon32.exe (AVM Berlin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: Pc_stelzl ([]file in Lokales Intranet)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{758EF327-F95A-410B-BAA4-4FD3746AAA14}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BE1B399-CBB9-4F63-869F-B88FB8359C29}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dialux {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Programme\DIALux\DLXToolBox.dll (DIAL GmbH, Germany)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.06 20:26:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\Shell - "" = AutoRun
O33 - MountPoints2\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe CAROLIN.vbs
O33 - MountPoints2\{3633c595-d387-11df-9ca1-001e8c7097c6}\Shell - "" = AutoRun
O33 - MountPoints2\{3633c595-d387-11df-9ca1-001e8c7097c6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3633c595-d387-11df-9ca1-001e8c7097c6}\Shell\AutoRun\command - "" = G:\BKCD.exe
O34 - HKLM BootExecute: (autocheck autochk autopartntautopartnt)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "WMPNetworkSvc"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Stelzl^Startmenü^Programme^Autostart^OpenOffice.org 2.3.lnk -  - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - 
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{3614C4B5-F86C-4D95-8C30-15840EEAF6F7} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.01 12:47:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\Neuer Ordner
[2011.10.31 22:23:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\OTL.exe
[2011.10.31 10:21:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\Trojaner
[2011.10.30 23:38:00 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.10.30 22:18:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Malwarebytes
[2011.10.30 22:17:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.10.30 22:17:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.10.30 22:17:44 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.10.30 22:17:44 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.10.30 16:14:00 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\xing shared
[2011.10.30 15:59:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.10.24 13:52:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\PV Ullrich
[2011.10.18 10:33:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\Tetzner
[2011.10.16 17:34:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2011.10.16 17:33:51 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.10.16 17:33:48 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.10.16 17:30:09 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.10.16 10:01:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\Landgut
[2011.10.16 09:30:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\Agrargen
[2011.10.15 11:12:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Data Design System 7.3
[2011.10.15 11:10:58 | 000,038,472 | ---- | C] (SafeNet, Inc.) -- C:\WINDOWS\System32\drivers\SNTNLUSB.SYS
[2011.10.15 11:10:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\Downloaded Installations
[2011.10.14 11:53:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\EasyLog USB
[2011.10.14 11:53:36 | 000,000,000 | ---D | C] -- C:\Programme\EasyLog USB
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.01 21:07:00 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.01 21:07:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011.11.01 20:00:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2011.11.01 13:39:16 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{32B8E417-DFA1-44E3-903A-ED5256AF022A}.job
[2011.11.01 12:46:34 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.11.01 07:07:00 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.01 06:56:33 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.01 06:55:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.10.31 22:23:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\OTL.exe
[2011.10.31 22:15:44 | 000,105,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\Artrium.pdf
[2011.10.31 19:00:56 | 000,036,684 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011.10.31 15:24:12 | 000,107,469 | ---- | M] () -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\4008321524461.pdf
[2011.10.31 03:00:46 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.10.30 22:17:55 | 000,000,797 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.30 16:22:39 | 000,000,265 | ---- | M] () -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\Startseite.url
[2011.10.30 16:18:58 | 000,336,317 | ---- | M] () -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\Stelzl_Aufkleber_Amtsauto.pdf
[2011.10.30 16:13:17 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011.10.30 10:44:48 | 000,043,520 | ---- | M] () -- C:\Dokumente und Einstellungen\Volker Stelzl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.30 10:42:21 | 000,487,238 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.10.30 10:42:21 | 000,444,016 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.10.30 10:42:21 | 000,095,562 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.10.30 10:42:21 | 000,072,274 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.29 11:56:12 | 000,437,921 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.10.28 20:50:04 | 000,016,487 | ---- | M] () -- C:\trace.dbg
[2011.10.27 07:22:55 | 001,198,220 | ---- | M] () -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\Inbetriebsetzungs-Aenderungsanzeige.pdf
[2011.10.27 07:18:07 | 001,060,729 | ---- | M] () -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\Anmeldung_zum_Netzanschluss.pdf
[2011.10.26 07:48:15 | 000,002,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\instrom pro 4.lnk
[2011.10.24 07:03:07 | 000,011,696 | ---- | M] () -- C:\Artikelgi.csv
[2011.10.24 06:33:32 | 000,002,505 | ---- | M] () -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\Excel 2007.lnk
[2011.10.15 11:13:00 | 000,001,613 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DDS-CAD 7.3.lnk
[2011.10.12 06:40:29 | 000,228,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.10.08 19:47:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.01 12:39:31 | 000,336,317 | ---- | C] () -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\Stelzl_Aufkleber_Amtsauto.pdf
[2011.10.31 22:15:45 | 000,105,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\Artrium.pdf
[2011.10.31 15:24:12 | 000,107,469 | ---- | C] () -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\4008321524461.pdf
[2011.10.30 22:17:55 | 000,000,797 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.27 07:22:55 | 001,198,220 | ---- | C] () -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\Inbetriebsetzungs-Aenderungsanzeige.pdf
[2011.10.27 07:18:07 | 001,060,729 | ---- | C] () -- C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\Anmeldung_zum_Netzanschluss.pdf
[2011.10.15 11:13:00 | 000,001,613 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DDS-CAD 7.3.lnk
[2011.09.21 15:46:07 | 000,000,161 | ---- | C] () -- C:\WINDOWS\SHISETUP.SYS
[2011.07.19 09:17:42 | 000,748,809 | ---- | C] () -- C:\WINDOWS\DDS-StartBsp.exe
[2011.07.19 09:17:42 | 000,748,809 | ---- | C] () -- C:\WINDOWS\DDS-StartBit.EXE
[2011.07.11 07:37:52 | 000,165,376 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2011.04.03 18:06:19 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Dialux.ini
[2011.01.14 11:42:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011.01.14 11:39:53 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011.01.14 11:39:46 | 002,515,656 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2011.01.14 11:39:46 | 000,136,650 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.01.14 11:33:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.01.14 11:27:58 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011.01.14 10:30:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010.11.25 01:31:14 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\DDSCollision1-0.dll
[2010.05.15 15:24:27 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll
[2010.05.10 09:51:21 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2010.05.10 09:51:18 | 000,000,024 | ---- | C] () -- C:\WINDOWS\brqikmon.ini
[2009.12.30 10:58:10 | 000,000,424 | ---- | C] () -- C:\WINDOWS\MFMTOOL.INI
[2009.12.30 10:58:10 | 000,000,143 | ---- | C] () -- C:\WINDOWS\FMLOADER.INI
[2009.10.10 19:53:24 | 000,049,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.09.05 15:14:46 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009.07.13 09:54:47 | 000,000,207 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009.07.13 09:54:47 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009.07.13 09:54:47 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7225N.dat
[2009.07.13 09:54:47 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009.07.13 09:54:11 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009.07.13 09:54:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009.07.13 09:52:43 | 000,027,114 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009.07.07 06:18:23 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009.03.12 18:37:41 | 000,437,921 | R--- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak
[2009.03.12 18:37:41 | 000,003,057 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak
[2009.03.12 18:37:41 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak
[2008.11.20 21:22:12 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETFRITZ.SYS
[2008.11.04 11:25:00 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSIREGI.EXE
[2008.11.04 11:25:00 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSIPDDP.SYS
[2008.09.14 18:31:04 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008.07.09 16:07:20 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008.04.16 06:32:57 | 000,000,761 | ---- | C] () -- C:\WINDOWS\DXFView.ini
[2008.03.26 09:00:29 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\cute2mon2k.dll
[2008.03.26 09:00:29 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\uninstcp.exe
[2008.03.18 17:58:19 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.03.16 17:40:09 | 000,000,184 | ---- | C] () -- C:\WINDOWS\bti.ini
[2008.03.16 17:39:08 | 000,043,760 | ---- | C] () -- C:\WINDOWS\System32\nwlocale.dll
[2008.03.13 19:41:10 | 000,043,520 | ---- | C] () -- C:\Dokumente und Einstellungen\Volker Stelzl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.11 16:56:02 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Volker Stelzl\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.03.10 12:36:51 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\$_hpcst$.hpc
[2008.03.10 11:50:26 | 000,081,646 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2008.03.10 11:50:26 | 000,001,350 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2008.03.10 11:50:18 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008.03.09 18:18:36 | 000,000,357 | ---- | C] () -- C:\WINDOWS\barcode.ini
[2008.03.09 16:40:22 | 000,000,032 | ---- | C] () -- C:\WINDOWS\HBUser.ini
[2008.03.07 12:27:10 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.03.07 09:37:15 | 000,001,428 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008.03.07 09:36:53 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008.03.07 09:36:53 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008.03.07 09:34:12 | 000,032,834 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008.03.07 09:34:12 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008.03.07 09:33:57 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.03.06 20:55:59 | 000,000,176 | ---- | C] () -- C:\WINDOWS\CSCLient.INI
[2008.03.06 20:55:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CSSVDT.INI
[2008.03.06 20:55:20 | 000,000,107 | ---- | C] () -- C:\WINDOWS\AMBERCS.INI
[2008.03.06 20:43:51 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2008.03.06 20:43:51 | 000,000,107 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008.03.06 20:43:51 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008.03.06 20:43:43 | 000,014,441 | ---- | C] () -- C:\WINDOWS\HL-5240.INI
[2008.03.06 20:43:31 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008.03.06 20:43:31 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD5240.DAT
[2008.03.06 20:32:09 | 000,036,684 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.03.06 20:28:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.03.06 20:24:43 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.03.06 20:17:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.03.06 20:16:57 | 000,228,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.10.29 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007.10.29 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007.10.29 13:00:00 | 000,487,238 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2007.10.29 13:00:00 | 000,444,016 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007.10.29 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007.10.29 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2007.10.29 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007.10.29 13:00:00 | 000,095,562 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2007.10.29 13:00:00 | 000,072,274 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007.10.29 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007.10.29 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2007.10.29 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007.10.29 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007.10.29 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007.10.29 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007.10.29 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.08.19 08:46:44 | 000,033,440 | ---- | C] () -- C:\WINDOWS\DdsSysOp.exe
[2007.04.12 15:07:48 | 001,941,558 | ---- | C] () -- C:\WINDOWS\System32\TKTopAlgo.dll
[2007.04.12 15:07:48 | 001,130,550 | ---- | C] () -- C:\WINDOWS\System32\TKService.dll
[2007.04.12 15:07:46 | 003,567,667 | ---- | C] () -- C:\WINDOWS\System32\TKBool.dll
[2007.04.12 15:07:46 | 003,235,895 | ---- | C] () -- C:\WINDOWS\System32\TKGeomBase.dll
[2007.04.12 15:07:46 | 002,977,842 | ---- | C] () -- C:\WINDOWS\System32\TKV3d.dll
[2007.04.12 15:07:46 | 002,064,436 | ---- | C] () -- C:\WINDOWS\System32\TKernel.dll
[2007.04.12 15:07:46 | 001,744,947 | ---- | C] () -- C:\WINDOWS\System32\TKMath.dll
[2007.04.12 15:07:46 | 001,216,561 | ---- | C] () -- C:\WINDOWS\System32\TKBO.dll
[2007.04.12 15:07:46 | 000,839,730 | ---- | C] () -- C:\WINDOWS\System32\TKG3d.dll
[2007.04.12 15:07:46 | 000,811,061 | ---- | C] () -- C:\WINDOWS\System32\TKOffset.dll
[2007.04.12 15:07:46 | 000,475,186 | ---- | C] () -- C:\WINDOWS\System32\TKV2d.dll
[2007.04.12 15:07:44 | 003,375,159 | ---- | C] () -- C:\WINDOWS\System32\TKGeomAlgo.dll
[2007.04.12 15:07:44 | 001,839,157 | ---- | C] () -- C:\WINDOWS\System32\TKFillet.dll
[2007.04.12 15:07:44 | 000,725,043 | ---- | C] () -- C:\WINDOWS\System32\TKBRep.dll
[2007.04.12 15:07:44 | 000,626,738 | ---- | C] () -- C:\WINDOWS\System32\TKHLR.dll
[2007.04.12 15:07:44 | 000,356,402 | ---- | C] () -- C:\WINDOWS\System32\TKG2d.dll
[2007.04.12 15:07:44 | 000,249,907 | ---- | C] () -- C:\WINDOWS\System32\TKPrim.dll
[2007.03.16 18:36:08 | 009,334,850 | ---- | C] () -- C:\WINDOWS\System32\edmikit400.dll
[2007.03.16 18:36:08 | 000,872,448 | ---- | C] () -- C:\WINDOWS\System32\iconv.dll
[2007.03.16 18:36:08 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\whiptkw.dll
[2007.03.16 18:36:08 | 000,274,497 | ---- | C] () -- C:\WINDOWS\System32\guisys.dll
[2007.03.16 18:36:08 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mscomstf.dll
[2007.03.16 18:36:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ifchttpclient.dll
[2007.03.16 18:36:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007.03.16 18:36:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007.03.16 18:36:08 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\msshlstf.dll
[2007.03.16 18:36:08 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2007.03.16 17:36:08 | 008,056,832 | ---- | C] () -- C:\WINDOWS\System32\Lads76.dll
[2007.03.16 17:36:08 | 000,204,476 | ---- | C] () -- C:\WINDOWS\sendmail.exe
[2005.12.21 15:57:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2005.12.21 15:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005.12.21 15:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2004.06.09 10:01:00 | 000,569,344 | ---- | C] () -- C:\WINDOWS\System32\tx11.dll
[2004.04.14 16:53:52 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\retlongpfadnameB.dll
[2004.03.30 02:10:00 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\tx11_ic.ini
[2003.08.27 12:42:23 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\JNISERUM2.dll
[2002.11.15 11:48:58 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\retlongpfadnameA.dll
[2002.11.15 11:48:58 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\retlongpfadname.dll
[2002.03.04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2000.10.16 12:01:38 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\Scint100.dll
[2000.10.16 12:01:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\sccres100.dll
[1999.09.20 10:05:32 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
 
========== LOP Check ==========
 
[2008.03.12 13:45:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2010.08.10 11:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avery
[2008.09.17 06:58:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Banking
[2008.10.12 19:57:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CMUV
[2011.04.03 18:06:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DIAL GmbH
[2011.08.31 09:01:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DIALux
[2011.08.31 09:08:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DIALux PlugIns
[2008.03.11 16:53:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elka Shared
[2009.09.20 20:45:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPL
[2009.03.18 21:28:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2008.11.20 21:27:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch
[2011.01.12 21:15:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2011.09.09 06:00:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2011.01.12 20:27:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2009.07.13 09:52:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2008.03.06 20:26:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sentinel
[2011.09.21 15:47:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SHI
[2008.10.24 06:19:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2008.03.10 11:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Technisat
[2009.10.14 06:59:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VDE Anwendung
[2009.03.14 10:58:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010.04.03 10:07:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.12 10:16:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.04.18 07:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.08.10 13:13:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Avery
[2008.03.11 09:43:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Canon
[2009.04.26 16:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\DasTelefonbuch Deutschland
[2011.11.01 06:59:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Dropbox
[2010.01.09 15:52:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\EIBA sc
[2009.07.10 14:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\FRITZ!
[2011.03.22 15:44:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\moeller
[2011.01.12 21:00:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Nokia
[2011.01.12 21:00:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Nokia Ovi Suite
[2009.04.18 15:34:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\OfficeUpdate12
[2011.01.12 20:57:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\PC Suite
[2011.09.01 14:45:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\QuickScan
[2009.07.14 09:02:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\ScanSoft
[2008.07.10 08:07:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\T-Online
[2011.10.07 04:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\TeamViewer
[2011.02.17 10:13:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Theben
[2009.04.26 16:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\TVG
[2009.11.05 08:59:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Windows Desktop Search
[2009.11.07 11:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Windows Search
[2011.11.01 13:39:16 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{32B8E417-DFA1-44E3-903A-ED5256AF022A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2009.10.07 09:11:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Office Genuine Advantage
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.09 10:51:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Adobe
[2009.12.06 17:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Ahead
[2011.01.29 17:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Apple Computer
[2011.01.14 10:37:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\ATI
[2010.08.10 13:13:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Avery
[2008.03.10 11:58:23 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Brother
[2008.03.11 09:43:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Canon
[2011.10.31 10:00:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Corel
[2009.04.26 16:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\DasTelefonbuch Deutschland
[2011.11.01 06:59:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Dropbox
[2010.01.09 15:52:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\EIBA sc
[2009.07.10 14:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\FRITZ!
[2008.03.13 07:57:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Google
[2008.03.29 13:21:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Help
[2008.03.10 11:54:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\HP
[2011.10.27 19:24:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\HpUpdate
[2009.03.23 07:11:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Identities
[2008.05.02 11:43:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Logitech
[2008.03.10 11:38:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Macromedia
[2011.10.30 22:18:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Malwarebytes
[2011.09.09 10:51:32 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Microsoft
[2011.03.22 15:44:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\moeller
[2011.01.12 21:00:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Nokia
[2011.01.12 21:00:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Nokia Ovi Suite
[2009.04.18 15:34:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\OfficeUpdate12
[2008.08.12 15:53:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\OpenOffice.org2
[2011.01.12 20:57:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\PC Suite
[2011.09.01 14:45:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\QuickScan
[2011.06.21 06:02:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Real
[2009.07.14 09:02:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\ScanSoft
[2008.03.14 15:51:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Sun
[2008.07.10 08:07:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\T-Online
[2011.10.07 04:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\TeamViewer
[2011.02.17 10:13:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Theben
[2009.04.26 16:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\TVG
[2009.11.05 08:59:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Windows Desktop Search
[2009.11.07 11:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Windows Search
[2008.03.11 16:44:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Dropbox\bin\Dropbox.exe
[2011.05.25 21:07:42 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Dropbox\bin\Uninstall.exe
[2011.01.14 11:42:40 | 000,009,158 | R--- | M] () -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Microsoft\Installer\{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}\ARPPRODUCTICON.exe
[2011.10.27 12:36:17 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe
[2011.10.27 15:36:55 | 026,533,840 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_data\RealPlayer_de.exe
[2011.10.27 15:36:22 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_exe\RealPlayer_de.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2007.10.29 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.07.20 09:02:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.07.20 09:02:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2007.10.29 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.07.20 09:02:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.07.20 09:02:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2007.10.29 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2007.10.29 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2007.10.29 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2007.10.29 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVATA.SYS  >
[2006.08.21 11:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\WINDOWS\system32\drivers\nvata.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2007.10.29 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007.10.29 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2007.10.29 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2007.10.29 13:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=00F0521FB60946D16AFA483C2FE68F34 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2007.10.29 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2007.10.29 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.03.06 21:16:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.03.06 21:16:09 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.03.06 21:16:09 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 5592 bytes -> C:\WINDOWS\System32\MBC-Logo.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5592 bytes -> C:\WINDOWS\MBC-Logo.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5084 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4856 bytes -> C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\Strbeldobb1.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4504 bytes -> C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\IMG_3119.JPG:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4064 bytes -> C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\DSC00155.JPG:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 2920 bytes -> C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\plan1.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 2576 bytes -> C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\plan2.jpg:Q30lsldxJoudresxAaaqpcawXc

< End of report >

--- --- ---

cosinus · 01.11.2011, 21:46

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = t-online.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = t-online.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Wetter Wettervorhersage Regenradar Reisewetter - wetteronline.de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.t-online.de;localhost;<local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Corel Reminder]  File not found
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.06 20:26:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\Shell - "" = AutoRun
O33 - MountPoints2\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe CAROLIN.vbs
O33 - MountPoints2\{3633c595-d387-11df-9ca1-001e8c7097c6}\Shell - "" = AutoRun
O33 - MountPoints2\{3633c595-d387-11df-9ca1-001e8c7097c6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3633c595-d387-11df-9ca1-001e8c7097c6}\Shell\AutoRun\command - "" = G:\BKCD.exe
@Alternate Data Stream - 5592 bytes -> C:\WINDOWS\System32\MBC-Logo.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5592 bytes -> C:\WINDOWS\MBC-Logo.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5084 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4856 bytes -> C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\Strbeldobb1.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4504 bytes -> C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\IMG_3119.JPG:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4064 bytes -> C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\DSC00155.JPG:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 2920 bytes -> C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\plan1.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 2576 bytes -> C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\plan2.jpg:Q30lsldxJoudresxAaaqpcawXc
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Volker68 · 05.11.2011, 13:46

Hallo Arne,
hatte jetzt erst die Zeit, deine beschriebenen Funktionen auszuführen.
hier das Resultat: (Meldung erscheint immer noch)

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Corel Reminder deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe CAROLIN.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3633c595-d387-11df-9ca1-001e8c7097c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3633c595-d387-11df-9ca1-001e8c7097c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3633c595-d387-11df-9ca1-001e8c7097c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3633c595-d387-11df-9ca1-001e8c7097c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3633c595-d387-11df-9ca1-001e8c7097c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3633c595-d387-11df-9ca1-001e8c7097c6}\ not found.
File G:\BKCD.exe not found.
ADS C:\WINDOWS\System32\MBC-Logo.bmp:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\WINDOWS\MBC-Logo.bmp:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\Strbeldobb1.jpg:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\IMG_3119.JPG:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\DSC00155.JPG:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\plan1.jpg:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\plan2.jpg:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 115654 bytes

User: Administrator.PC_STELZL
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98979 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 43179678 bytes

User: Stelzel

User: Stelzl
->Temp folder emptied: 103535571 bytes
->Temporary Internet Files folder emptied: 18206537 bytes
->Java cache emptied: 15252 bytes
->Flash cache emptied: 348 bytes

User: Volker Stelzl
->Temp folder emptied: 511699822 bytes
->Temporary Internet Files folder emptied: 570334081 bytes
->Java cache emptied: 27064802 bytes
->Apple Safari cache emptied: 883712 bytes
->Flash cache emptied: 12981 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 485681 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10572647 bytes
RecycleBin emptied: 2354161865 bytes

Total Files Cleaned = 3.472,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11052011_121247

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\Volker Stelzl\Lokale Einstellungen\Temp\WCESLog.log moved successfully.
C:\WINDOWS\temp\cteng_17_1_11320320384.dat moved successfully.
C:\WINDOWS\temp\cteng_17_1_21320078867.dat moved successfully.
C:\WINDOWS\temp\cteng_17_1_31320350422.dat moved successfully.
C:\WINDOWS\temp\cteng_17_1_41320487215.dat moved successfully.
C:\WINDOWS\temp\cteng_17_1_51319968811.dat moved successfully.
C:\WINDOWS\temp\cteng_17_2_11320447623.dat moved successfully.
C:\WINDOWS\temp\cteng_17_2_21320440420.dat moved successfully.
C:\WINDOWS\temp\cteng_17_2_31318795212.dat moved successfully.
C:\WINDOWS\temp\cteng_17_2_41320421556.dat moved successfully.
C:\WINDOWS\temp\cteng_17_2_51320421200.dat moved successfully.
C:\WINDOWS\temp\cteng_17_2_61320467915.dat moved successfully.
C:\WINDOWS\temp\cteng_17_2_71320421409.dat moved successfully.
C:\WINDOWS\temp\cteng_17_2_81320421331.dat moved successfully.
C:\WINDOWS\temp\cteng_17_2_91320472814.dat moved successfully.
C:\WINDOWS\temp\cteng_1_1_101320380208.dat moved successfully.
C:\WINDOWS\temp\cteng_1_1_111319552172.dat moved successfully.
C:\WINDOWS\temp\cteng_1_1_121318853260.dat moved successfully.
C:\WINDOWS\temp\cteng_1_1_131320321239.dat moved successfully.
C:\WINDOWS\temp\cteng_1_1_151316951786.dat moved successfully.
C:\WINDOWS\temp\cteng_1_1_161316951935.dat moved successfully.
C:\WINDOWS\temp\cteng_1_1_311320253907.dat moved successfully.
C:\WINDOWS\temp\cteng_1_1_441320440182.dat moved successfully.
C:\WINDOWS\temp\cteng_1_1_451317204030.dat moved successfully.
C:\WINDOWS\temp\cteng_1_1_471320259895.dat moved successfully.
C:\WINDOWS\temp\cteng_1_1_61316951534.dat moved successfully.
C:\WINDOWS\temp\cteng_1_1_71320349201.dat moved successfully.
C:\WINDOWS\temp\cteng_1_1_81320177199.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_101320386423.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_11318031148.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_121320476422.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_131320432716.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_141316952061.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_151320327176.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_161320454812.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_171320017330.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_181320451220.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_191316951754.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_201320361221.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_211316951173.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_21320440422.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_221317186677.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_241320414561.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_261320264006.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_281318872170.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_311316951790.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_331318014006.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_341320379220.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_361318344979.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_401317887256.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_41318906807.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_51320333409.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_551320311114.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_581319629495.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_611320469221.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_61316952014.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_631320433219.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_651320078747.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_671319925182.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_681320270876.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_71320260410.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_731320174596.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_741317178833.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_791320399317.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_801316951936.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_81320246635.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_921316951154.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_931320375617.dat moved successfully.
C:\WINDOWS\temp\cteng_1_2_941316951814.dat moved successfully.
C:\WINDOWS\temp\cteng_3_2_11316951733.dat moved successfully.
C:\WINDOWS\temp\cteng_8_2_11316951329.dat moved successfully.
C:\WINDOWS\temp\cteng_8_2_21316952017.dat moved successfully.
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 07.11.2011, 08:55

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Volker68 · 07.11.2011, 10:23

Hallo Arne,
hier das Ergebmis nach dem Scanvorgang von Kaspersky

10:17:13.0671 2716 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
10:17:13.0843 2716 ============================================================
10:17:13.0843 2716 Current date / time: 2011/11/07 10:17:13.0843
10:17:13.0843 2716 SystemInfo:
10:17:13.0843 2716
10:17:13.0843 2716 OS Version: 5.1.2600 ServicePack: 3.0
10:17:13.0843 2716 Product type: Workstation
10:17:13.0859 2716 ComputerName: PC_STELZL
10:17:13.0859 2716 UserName: Volker Stelzl
10:17:13.0859 2716 Windows directory: C:\WINDOWS
10:17:13.0859 2716 System windows directory: C:\WINDOWS
10:17:13.0859 2716 Processor architecture: Intel x86
10:17:13.0859 2716 Number of processors: 2
10:17:13.0859 2716 Page size: 0x1000
10:17:13.0859 2716 Boot type: Normal boot
10:17:13.0859 2716 ============================================================
10:17:14.0062 2716 Initialize success
10:17:32.0187 4344 ============================================================
10:17:32.0187 4344 Scan started
10:17:32.0187 4344 Mode: Manual; SigCheck; TDLFS;
10:17:32.0187 4344 ============================================================
10:17:32.0453 4344 Abiosdsk - ok
10:17:32.0453 4344 abp480n5 - ok
10:17:32.0484 4344 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:17:33.0718 4344 ACPI - ok
10:17:33.0781 4344 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:17:33.0921 4344 ACPIEC - ok
10:17:33.0953 4344 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
10:17:34.0000 4344 ADIHdAudAddService - ok
10:17:34.0015 4344 adpu160m - ok
10:17:34.0031 4344 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
10:17:34.0062 4344 AEAudio - ok
10:17:34.0093 4344 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:17:34.0203 4344 aec - ok
10:17:34.0234 4344 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:17:34.0265 4344 AFD - ok
10:17:34.0281 4344 Aha154x - ok
10:17:34.0296 4344 aic78u2 - ok
10:17:34.0296 4344 aic78xx - ok
10:17:34.0312 4344 AliIde - ok
10:17:34.0343 4344 AmdK8 (22ad3ec1f0486c863d70cdd50b97761b) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
10:17:34.0375 4344 AmdK8 - ok
10:17:34.0390 4344 amsint - ok
10:17:34.0406 4344 asc - ok
10:17:34.0406 4344 asc3350p - ok
10:17:34.0421 4344 asc3550 - ok
10:17:34.0453 4344 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:17:34.0546 4344 AsyncMac - ok
10:17:34.0578 4344 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:17:34.0671 4344 atapi - ok
10:17:34.0687 4344 Atdisk - ok
10:17:34.0781 4344 ati2mtag (6733656c24f4c6a29317c3dd9ac5980a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:17:34.0906 4344 ati2mtag - ok
10:17:34.0921 4344 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:17:35.0015 4344 Atmarpc - ok
10:17:35.0046 4344 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:17:35.0156 4344 audstub - ok
10:17:35.0203 4344 AVMCOWAN (0bcb6b3df2e248c8e8f2ffc6f58d1341) C:\WINDOWS\system32\DRIVERS\AVMCOWAN.sys
10:17:35.0234 4344 AVMCOWAN - ok
10:17:35.0265 4344 AVMWAN (c997af59c54d69232fb7bbea4dad86e2) C:\WINDOWS\system32\DRIVERS\avmwan.sys
10:17:35.0375 4344 AVMWAN - ok
10:17:35.0406 4344 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:17:35.0515 4344 Beep - ok
10:17:35.0546 4344 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
10:17:35.0562 4344 BrPar ( UnsignedFile.Multi.Generic ) - warning
10:17:35.0562 4344 BrPar - detected UnsignedFile.Multi.Generic (1)
10:17:35.0578 4344 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
10:17:35.0687 4344 BthEnum - ok
10:17:35.0718 4344 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
10:17:35.0843 4344 BTHMODEM - ok
10:17:35.0859 4344 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
10:17:35.0968 4344 BthPan - ok
10:17:36.0000 4344 BTHPORT (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
10:17:36.0046 4344 BTHPORT - ok
10:17:36.0062 4344 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
10:17:36.0156 4344 BTHUSB - ok
10:17:36.0187 4344 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:17:36.0312 4344 cbidf2k - ok
10:17:36.0312 4344 cd20xrnt - ok
10:17:36.0328 4344 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:17:36.0453 4344 Cdaudio - ok
10:17:36.0468 4344 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:17:36.0562 4344 Cdfs - ok
10:17:36.0578 4344 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:17:36.0671 4344 Cdrom - ok
10:17:36.0687 4344 Changer - ok
10:17:36.0718 4344 Cinemsup (f6a0f51706cb4b0d5b8718ff69f831ba) C:\WINDOWS\system32\drivers\Cinemsup.sys
10:17:36.0718 4344 Cinemsup ( UnsignedFile.Multi.Generic ) - warning
10:17:36.0718 4344 Cinemsup - detected UnsignedFile.Multi.Generic (1)
10:17:36.0734 4344 CmdIde - ok
10:17:36.0750 4344 Cpqarray - ok
10:17:36.0765 4344 dac2w2k - ok
10:17:36.0781 4344 dac960nt - ok
10:17:36.0796 4344 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:17:36.0906 4344 Disk - ok
10:17:36.0953 4344 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
10:17:37.0062 4344 dmboot - ok
10:17:37.0078 4344 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
10:17:37.0171 4344 dmio - ok
10:17:37.0187 4344 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:17:37.0296 4344 dmload - ok
10:17:37.0312 4344 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:17:37.0406 4344 DMusic - ok
10:17:37.0421 4344 dpti2o - ok
10:17:37.0437 4344 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:17:37.0546 4344 drmkaud - ok
10:17:37.0578 4344 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:17:37.0671 4344 Fastfat - ok
10:17:37.0687 4344 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:17:37.0812 4344 Fdc - ok
10:17:37.0828 4344 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
10:17:37.0921 4344 Fips - ok
10:17:37.0937 4344 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:17:38.0031 4344 Flpydisk - ok
10:17:38.0046 4344 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:17:38.0140 4344 FltMgr - ok
10:17:38.0187 4344 fpcibase (25baa9e7e21ca204b3202637c4f0d44e) C:\WINDOWS\system32\DRIVERS\fpcibase.sys
10:17:38.0265 4344 fpcibase - ok
10:17:38.0281 4344 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:17:38.0390 4344 Fs_Rec - ok
10:17:38.0390 4344 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:17:38.0500 4344 Ftdisk - ok
10:17:38.0531 4344 GDMnIcpt (9a58148406e1bb4a2265b84320dedc2b) C:\WINDOWS\system32\drivers\MiniIcpt.sys
10:17:38.0562 4344 GDMnIcpt - ok
10:17:38.0593 4344 GDTdiInterceptor (e6d8269ee03119fa4c54b7b59d9699bf) C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
10:17:38.0609 4344 GDTdiInterceptor - ok
10:17:38.0625 4344 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
10:17:38.0640 4344 GEARAspiWDM - ok
10:17:38.0671 4344 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:17:38.0765 4344 Gpc - ok
10:17:38.0796 4344 GRD (aaea50a15f0e0b0e92848dbfdc072ece) C:\WINDOWS\system32\drivers\GRD.sys
10:17:38.0812 4344 GRD - ok
10:17:38.0859 4344 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys
10:17:38.0921 4344 Hardlock - ok
10:17:38.0953 4344 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
10:17:38.0968 4344 Haspnt ( UnsignedFile.Multi.Generic ) - warning
10:17:38.0968 4344 Haspnt - detected UnsignedFile.Multi.Generic (1)
10:17:38.0984 4344 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:17:39.0078 4344 HDAudBus - ok
10:17:39.0093 4344 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:17:39.0203 4344 hidusb - ok
10:17:39.0234 4344 HookCentre (33ef584aa0b583d2f106d62fd3a5a053) C:\WINDOWS\system32\drivers\HookCentre.sys
10:17:39.0250 4344 HookCentre - ok
10:17:39.0265 4344 hpn - ok
10:17:39.0296 4344 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:17:39.0312 4344 HPZid412 - ok
10:17:39.0328 4344 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:17:39.0359 4344 HPZipr12 - ok
10:17:39.0359 4344 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:17:39.0390 4344 HPZius12 - ok
10:17:39.0421 4344 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:17:39.0468 4344 HTTP - ok
10:17:39.0484 4344 i2omgmt - ok
10:17:39.0484 4344 i2omp - ok
10:17:39.0531 4344 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:17:39.0640 4344 i8042prt - ok
10:17:39.0656 4344 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:17:39.0750 4344 Imapi - ok
10:17:39.0765 4344 InCDFs - ok
10:17:39.0781 4344 InCDPass - ok
10:17:39.0796 4344 InCDRm - ok
10:17:39.0796 4344 ini910u - ok
10:17:39.0812 4344 IntelIde - ok
10:17:39.0843 4344 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:17:39.0921 4344 Ip6Fw - ok
10:17:39.0953 4344 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:17:40.0062 4344 IpFilterDriver - ok
10:17:40.0078 4344 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:17:40.0187 4344 IpInIp - ok
10:17:40.0203 4344 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:17:40.0296 4344 IpNat - ok
10:17:40.0312 4344 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:17:40.0406 4344 IPSec - ok
10:17:40.0437 4344 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:17:40.0531 4344 IRENUM - ok
10:17:40.0562 4344 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:17:40.0640 4344 isapnp - ok
10:17:40.0671 4344 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:17:40.0765 4344 Kbdclass - ok
10:17:40.0796 4344 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:17:40.0890 4344 kbdhid - ok
10:17:40.0906 4344 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:17:40.0984 4344 kmixer - ok
10:17:41.0015 4344 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:17:41.0062 4344 KSecDD - ok
10:17:41.0078 4344 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
10:17:41.0093 4344 L8042Kbd - ok
10:17:41.0109 4344 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
10:17:41.0125 4344 L8042mou - ok
10:17:41.0140 4344 L8042pr2 (0f8b7bf7097d1e8d78f2f52a2bea03cd) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
10:17:41.0187 4344 L8042pr2 - ok
10:17:41.0203 4344 lbrtfdc - ok
10:17:41.0234 4344 LHidFilt (23d84187822a0020b9f1ea71c7db3193) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
10:17:41.0250 4344 LHidFilt - ok
10:17:41.0281 4344 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
10:17:41.0312 4344 LHidFlt2 - ok
10:17:41.0312 4344 LMouFilt (596499c81cb4b5841f91cfe3f514d202) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
10:17:41.0328 4344 LMouFilt - ok
10:17:41.0328 4344 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
10:17:41.0359 4344 LMouFlt2 - ok
10:17:41.0375 4344 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
10:17:41.0390 4344 LMouKE - ok
10:17:41.0453 4344 MACNDIS5 (e949d673842858d458f7e6bcd46a2a5d) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
10:17:41.0453 4344 MACNDIS5 ( UnsignedFile.Multi.Generic ) - warning
10:17:41.0453 4344 MACNDIS5 - detected UnsignedFile.Multi.Generic (1)
10:17:41.0468 4344 MBAMSwissArmy - ok
10:17:41.0484 4344 MIINPazX (5e5024d9e2351db2563b30912b4c4146) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
10:17:41.0500 4344 MIINPazX ( UnsignedFile.Multi.Generic ) - warning
10:17:41.0500 4344 MIINPazX - detected UnsignedFile.Multi.Generic (1)
10:17:41.0531 4344 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:17:41.0656 4344 mnmdd - ok
10:17:41.0687 4344 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
10:17:41.0781 4344 Modem - ok
10:17:41.0796 4344 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:17:41.0890 4344 Mouclass - ok
10:17:41.0921 4344 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:17:42.0046 4344 mouhid - ok
10:17:42.0046 4344 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:17:42.0156 4344 MountMgr - ok
10:17:42.0156 4344 mraid35x - ok
10:17:42.0171 4344 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:17:42.0265 4344 MRxDAV - ok
10:17:42.0296 4344 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:17:42.0359 4344 MRxSmb - ok
10:17:42.0375 4344 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:17:42.0468 4344 Msfs - ok
10:17:42.0484 4344 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:17:42.0578 4344 MSKSSRV - ok
10:17:42.0593 4344 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:17:42.0687 4344 MSPCLOCK - ok
10:17:42.0718 4344 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:17:42.0812 4344 MSPQM - ok
10:17:42.0843 4344 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:17:42.0937 4344 mssmbios - ok
10:17:42.0984 4344 MTOnlPktAlyX (036300114255b3c78bfb616ce8bc7ad9) C:\PROGRA~1\T-Online\T-ONLI~2\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
10:17:43.0000 4344 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning
10:17:43.0000 4344 MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1)
10:17:43.0031 4344 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
10:17:43.0046 4344 MTsensor - ok
10:17:43.0078 4344 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:17:43.0109 4344 Mup - ok
10:17:43.0125 4344 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:17:43.0218 4344 NDIS - ok
10:17:43.0250 4344 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:17:43.0281 4344 NdisTapi - ok
10:17:43.0296 4344 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:17:43.0390 4344 Ndisuio - ok
10:17:43.0406 4344 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:17:43.0500 4344 NdisWan - ok
10:17:43.0531 4344 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:17:43.0562 4344 NDProxy - ok
10:17:43.0578 4344 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:17:43.0671 4344 NetBIOS - ok
10:17:43.0687 4344 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:17:43.0812 4344 NetBT - ok
10:17:43.0843 4344 NETFRITZ (004539c10fd06186aeb06e909d9201e6) C:\WINDOWS\system32\DRIVERS\NETFRITZ.SYS
10:17:43.0843 4344 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\NETFRITZ.SYS. Real md5: 004539c10fd06186aeb06e909d9201e6, Fake md5: 404cf7407e87a0f3cc832162ab9deaf2
10:17:43.0843 4344 NETFRITZ ( ForgedFile.Multi.Generic ) - warning
10:17:43.0843 4344 NETFRITZ - detected ForgedFile.Multi.Generic (1)
10:17:43.0875 4344 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
10:17:43.0984 4344 nm - ok
10:17:44.0000 4344 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys
10:17:44.0156 4344 nmwcd - ok
10:17:44.0187 4344 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys
10:17:44.0250 4344 nmwcdc - ok
10:17:44.0265 4344 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:17:44.0359 4344 Npfs - ok
10:17:44.0390 4344 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:17:44.0500 4344 Ntfs - ok
10:17:44.0531 4344 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:17:44.0640 4344 Null - ok
10:17:44.0671 4344 nvata (4d6c6b46b3edf6f2e219a86b61d104ae) C:\WINDOWS\system32\DRIVERS\nvata.sys
10:17:44.0687 4344 nvata - ok
10:17:44.0734 4344 NVENETFD (1b83b60541be1b6db81641c448007f21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
10:17:44.0765 4344 NVENETFD - ok
10:17:44.0781 4344 nvnetbus (57b669f9234604a350174b86764444b0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
10:17:44.0812 4344 nvnetbus - ok
10:17:44.0843 4344 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:17:44.0937 4344 NwlnkFlt - ok
10:17:44.0937 4344 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:17:45.0046 4344 NwlnkFwd - ok
10:17:45.0078 4344 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
10:17:45.0171 4344 Parport - ok
10:17:45.0187 4344 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:17:45.0281 4344 PartMgr - ok
10:17:45.0296 4344 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
10:17:45.0390 4344 ParVdm - ok
10:17:45.0421 4344 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
10:17:45.0468 4344 pccsmcfd - ok
10:17:45.0468 4344 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
10:17:45.0578 4344 PCI - ok
10:17:45.0578 4344 PCIDump - ok
10:17:45.0593 4344 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:17:45.0703 4344 PCIIde - ok
10:17:45.0718 4344 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:17:45.0812 4344 Pcmcia - ok
10:17:45.0828 4344 PDCOMP - ok
10:17:45.0843 4344 PDFRAME - ok
10:17:45.0843 4344 PDRELI - ok
10:17:45.0859 4344 PDRFRAME - ok
10:17:45.0890 4344 Pei10Wdm (76e1e107355d986842779bde5fb35d5f) C:\WINDOWS\system32\Drivers\Pei10Wdm.sys
10:17:45.0906 4344 Pei10Wdm ( UnsignedFile.Multi.Generic ) - warning
10:17:45.0906 4344 Pei10Wdm - detected UnsignedFile.Multi.Generic (1)
10:17:45.0921 4344 Pei16Wdm (1035daa6900f040fa087866421da0e47) C:\WINDOWS\system32\Drivers\Pei16Wdm.sys
10:17:45.0937 4344 Pei16Wdm ( UnsignedFile.Multi.Generic ) - warning
10:17:45.0937 4344 Pei16Wdm - detected UnsignedFile.Multi.Generic (1)
10:17:45.0953 4344 perc2 - ok
10:17:45.0953 4344 perc2hib - ok
10:17:46.0046 4344 PORTMON - ok
10:17:46.0046 4344 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:17:46.0140 4344 PptpMiniport - ok
10:17:46.0156 4344 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
10:17:46.0250 4344 Processor - ok
10:17:46.0250 4344 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:17:46.0343 4344 PSched - ok
10:17:46.0359 4344 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:17:46.0453 4344 Ptilink - ok
10:17:46.0468 4344 ql1080 - ok
10:17:46.0468 4344 Ql10wnt - ok
10:17:46.0484 4344 ql12160 - ok
10:17:46.0500 4344 ql1240 - ok
10:17:46.0500 4344 ql1280 - ok
10:17:46.0515 4344 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:17:46.0609 4344 RasAcd - ok
10:17:46.0625 4344 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:17:46.0734 4344 Rasl2tp - ok
10:17:46.0750 4344 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:17:46.0859 4344 RasPppoe - ok
10:17:46.0859 4344 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:17:46.0953 4344 Raspti - ok
10:17:46.0984 4344 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:17:47.0078 4344 Rdbss - ok
10:17:47.0093 4344 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:17:47.0187 4344 RDPCDD - ok
10:17:47.0218 4344 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:17:47.0312 4344 rdpdr - ok
10:17:47.0343 4344 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:17:47.0375 4344 RDPWD - ok
10:17:47.0390 4344 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:17:47.0468 4344 redbook - ok
10:17:47.0500 4344 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
10:17:47.0593 4344 RFCOMM - ok
10:17:47.0609 4344 RkHit - ok
10:17:47.0640 4344 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
10:17:47.0718 4344 ROOTMODEM - ok
10:17:47.0750 4344 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys
10:17:47.0765 4344 rspndr ( UnsignedFile.Multi.Generic ) - warning
10:17:47.0765 4344 rspndr - detected UnsignedFile.Multi.Generic (1)
10:17:47.0796 4344 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:17:47.0890 4344 Secdrv - ok
10:17:47.0937 4344 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
10:17:47.0968 4344 SenFiltService - ok
10:17:48.0000 4344 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
10:17:48.0015 4344 Sentinel - ok
10:17:48.0015 4344 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:17:48.0109 4344 serenum - ok
10:17:48.0125 4344 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
10:17:48.0234 4344 Serial - ok
10:17:48.0250 4344 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:17:48.0343 4344 Sfloppy - ok
10:17:48.0359 4344 Simbad - ok
10:17:48.0390 4344 SIUSBXP (f39c03d8068331438221f6dbdcc6f9c7) C:\WINDOWS\system32\drivers\SiUSBXp.sys
10:17:48.0421 4344 SIUSBXP - ok
10:17:48.0453 4344 SKYNET (7932513cc4f8c173da6c01594a844f41) C:\WINDOWS\system32\DRIVERS\SkyNET.SYS
10:17:48.0468 4344 SKYNET ( UnsignedFile.Multi.Generic ) - warning
10:17:48.0468 4344 SKYNET - detected UnsignedFile.Multi.Generic (1)
10:17:48.0500 4344 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys
10:17:48.0515 4344 snapman - ok
10:17:48.0546 4344 SNTNLUSB (4cd88cd1891b63d0d84c1a0fa3786b47) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
10:17:48.0562 4344 SNTNLUSB - ok
10:17:48.0593 4344 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
10:17:48.0687 4344 SONYPVU1 - ok
10:17:48.0703 4344 Sparrow - ok
10:17:48.0718 4344 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:17:48.0812 4344 splitter - ok
10:17:48.0828 4344 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
10:17:48.0921 4344 sr - ok
10:17:48.0953 4344 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:17:49.0000 4344 Srv - ok
10:17:49.0031 4344 SSIPDDP (818ecec4024e6518f504329af60d1cbf) C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS
10:17:49.0046 4344 SSIPDDP ( UnsignedFile.Multi.Generic ) - warning
10:17:49.0046 4344 SSIPDDP - detected UnsignedFile.Multi.Generic (1)
10:17:49.0062 4344 StillCam (a2dbcc4c8860449df1ab758ea28b4de0) C:\WINDOWS\system32\DRIVERS\serscan.sys
10:17:49.0171 4344 StillCam - ok
10:17:49.0187 4344 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:17:49.0281 4344 swenum - ok
10:17:49.0296 4344 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:17:49.0390 4344 swmidi - ok
10:17:49.0390 4344 symc810 - ok
10:17:49.0406 4344 symc8xx - ok
10:17:49.0421 4344 sym_hi - ok
10:17:49.0437 4344 sym_u3 - ok
10:17:49.0453 4344 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:17:49.0546 4344 sysaudio - ok
10:17:49.0578 4344 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:17:49.0671 4344 Tcpip - ok
10:17:49.0687 4344 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:17:49.0781 4344 TDPIPE - ok
10:17:49.0796 4344 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:17:49.0906 4344 TDTCP - ok
10:17:49.0921 4344 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:17:50.0015 4344 TermDD - ok
10:17:50.0031 4344 TosIde - ok
10:17:50.0046 4344 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:17:50.0140 4344 Udfs - ok
10:17:50.0156 4344 ultra - ok
10:17:50.0203 4344 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:17:50.0312 4344 Update - ok
10:17:50.0343 4344 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
10:17:50.0390 4344 upperdev - ok
10:17:50.0421 4344 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:17:50.0468 4344 USBAAPL - ok
10:17:50.0500 4344 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:17:50.0593 4344 usbccgp - ok
10:17:50.0609 4344 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:17:50.0703 4344 usbehci - ok
10:17:50.0718 4344 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:17:50.0828 4344 usbhub - ok
10:17:50.0828 4344 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:17:50.0921 4344 usbohci - ok
10:17:50.0937 4344 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:17:51.0031 4344 usbprint - ok
10:17:51.0046 4344 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:17:51.0125 4344 usbscan - ok
10:17:51.0156 4344 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
10:17:51.0250 4344 usbser - ok
10:17:51.0265 4344 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
10:17:51.0343 4344 UsbserFilt - ok
10:17:51.0359 4344 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:17:51.0453 4344 USBSTOR - ok
10:17:51.0453 4344 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:17:51.0546 4344 usbuhci - ok
10:17:51.0562 4344 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:17:51.0656 4344 VgaSave - ok
10:17:51.0671 4344 ViaIde - ok
10:17:51.0703 4344 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
10:17:51.0796 4344 VolSnap - ok
10:17:51.0812 4344 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:17:51.0906 4344 Wanarp - ok
10:17:51.0937 4344 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
10:17:51.0984 4344 wceusbsh - ok
10:17:52.0015 4344 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
10:17:52.0046 4344 Wdf01000 - ok
10:17:52.0062 4344 WDICA - ok
10:17:52.0093 4344 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:17:52.0203 4344 wdmaud - ok
10:17:52.0218 4344 WinDriver6 (2c7d830e86b378771af5dafeae428a09) C:\WINDOWS\system32\drivers\windrvr6.sys
10:17:52.0234 4344 WinDriver6 ( UnsignedFile.Multi.Generic ) - warning
10:17:52.0234 4344 WinDriver6 - detected UnsignedFile.Multi.Generic (1)
10:17:52.0281 4344 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:17:52.0343 4344 WpdUsb - ok
10:17:52.0359 4344 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:17:52.0468 4344 WS2IFSL - ok
10:17:52.0500 4344 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:17:52.0546 4344 WudfPf - ok
10:17:52.0562 4344 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:17:52.0593 4344 WudfRd - ok
10:17:52.0625 4344 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
10:17:52.0734 4344 \Device\Harddisk0\DR0 - ok
10:17:52.0734 4344 Boot (0x1200) (28a162f03460282831bd8fab4089f72d) \Device\Harddisk0\DR0\Partition0
10:17:52.0734 4344 \Device\Harddisk0\DR0\Partition0 - ok
10:17:52.0734 4344 Boot (0x1200) (2cbbd03237235a992fb4be37bdd4ab42) \Device\Harddisk0\DR0\Partition1
10:17:52.0734 4344 \Device\Harddisk0\DR0\Partition1 - ok
10:17:52.0734 4344 ============================================================
10:17:52.0734 4344 Scan finished
10:17:52.0734 4344 ============================================================
10:17:52.0843 3028 Detected object count: 13
10:17:52.0843 3028 Actual detected object count: 13
10:18:56.0531 3028 BrPar ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:56.0531 3028 BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:56.0531 3028 Cinemsup ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:56.0531 3028 Cinemsup ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:56.0531 3028 Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:56.0531 3028 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:56.0531 3028 MACNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:56.0531 3028 MACNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:56.0531 3028 MIINPazX ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:56.0531 3028 MIINPazX ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:56.0546 3028 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:56.0546 3028 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:56.0546 3028 NETFRITZ ( ForgedFile.Multi.Generic ) - skipped by user
10:18:56.0546 3028 NETFRITZ ( ForgedFile.Multi.Generic ) - User select action: Skip
10:18:56.0546 3028 Pei10Wdm ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:56.0546 3028 Pei10Wdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:56.0546 3028 Pei16Wdm ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:56.0546 3028 Pei16Wdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:56.0546 3028 rspndr ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:56.0546 3028 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:56.0546 3028 SKYNET ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:56.0546 3028 SKYNET ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:56.0546 3028 SSIPDDP ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:56.0546 3028 SSIPDDP ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:56.0546 3028 WinDriver6 ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:56.0546 3028 WinDriver6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 07.11.2011, 10:52

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Volker68 · 07.11.2011, 11:40

Hallo Arne,
hier das Ergebnis:

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-11-07.02 - Volker Stelzl 07.11.2011  11:10:35.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3582.2460 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Volker Stelzl\Desktop\ComboFix.exe
AV: G DATA AntiVirus *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Volker Stelzl\Recent\Thumbs.db
c:\dokumente und einstellungen\Volker Stelzl\WINDOWS
C:\Thumbs.db
c:\windows\dasetup.log
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-07 bis 2011-11-07  ))))))))))))))))))))))))))))))
.
.
2011-11-05 11:12 . 2011-11-05 11:12	--------	d-----w-	C:\_OTL
2011-11-03 08:43 . 2010-06-17 20:56	45056	----a-w-	c:\windows\system32\unredmon.exe
2011-11-03 08:43 . 2010-06-17 20:56	116224	----a-w-	c:\windows\system32\redmonnt.dll
2011-11-03 08:43 . 2011-11-03 08:43	--------	d-----w-	c:\programme\FreePDF_XP
2011-11-03 08:43 . 2011-11-03 08:43	--------	d-----w-	c:\dokumente und einstellungen\Volker Stelzl\Anwendungsdaten\FreePDF
2011-10-30 22:38 . 2011-10-30 22:38	--------	d-----w-	c:\programme\ESET
2011-10-30 21:18 . 2011-10-30 21:18	--------	d-----w-	c:\dokumente und einstellungen\Volker Stelzl\Anwendungsdaten\Malwarebytes
2011-10-30 21:17 . 2011-10-30 21:17	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-10-30 21:17 . 2011-10-30 21:18	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2011-10-30 21:17 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-30 15:14 . 2011-10-30 15:14	--------	d-----w-	c:\programme\Gemeinsame Dateien\xing shared
2011-10-30 14:59 . 2011-10-30 15:01	--------	dc-h--w-	c:\windows\ie8
2011-10-16 16:33 . 2011-10-16 16:33	--------	d-----w-	c:\programme\iPod
2011-10-16 16:33 . 2011-10-16 16:34	--------	d-----w-	c:\programme\iTunes
2011-10-16 16:30 . 2011-10-16 16:30	--------	d-----w-	c:\programme\Bonjour
2011-10-15 10:10 . 2010-10-20 05:05	38472	----a-w-	c:\windows\system32\drivers\SNTNLUSB.SYS
2011-10-14 10:53 . 2011-10-15 07:25	--------	d-----w-	c:\programme\EasyLog USB
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 15:13 . 2007-03-16 17:36	499712	----a-w-	c:\windows\system32\msvcp71.dll
2011-10-19 05:00 . 2011-05-18 05:07	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 03:06 . 2010-05-03 05:40	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2009-04-16 16:27	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2007-10-29 12:00	23040	----a-w-	c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2007-10-09 12:03	614912	----a-w-	c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2007-10-29 12:00	220160	----a-w-	c:\windows\system32\oleacc.dll
2011-09-09 09:11 . 2007-10-29 12:00	604160	----a-w-	c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2007-10-29 12:00	1859072	----a-w-	c:\windows\system32\win32k.sys
2011-08-30 21:05 . 2011-08-30 21:05	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-08-22 23:41 . 2007-10-29 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2007-10-29 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2007-10-29 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2007-10-29 12:00	385024	------w-	c:\windows\system32\html.iec
2011-08-17 13:49 . 2007-10-29 12:00	138496	------w-	c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\dokumente und einstellungen\Volker Stelzl\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\dokumente und einstellungen\Volker Stelzl\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\dokumente und einstellungen\Volker Stelzl\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\dokumente und einstellungen\Volker Stelzl\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"NokiaOviSuite2"="c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-08-04 966712]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"OSSelectorReinstall"="c:\programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-03-09 2224104]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"G DATA AntiVirus Trayapplication"="c:\programme\G DATA\AntiVirus\AVKTray\AVKTray.exe" [2008-10-29 955976]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-09 57393]
"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-09 40960]
"ControlCenter2.0"="c:\programme\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ATICCC"="c:\programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SHIWebOnDiskManager"="c:\programme\SHIWebOnDiskManager\SHIWebOnDiskManager.exe" [2011-03-01 233472]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2011-10-30 273528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Volker Stelzl\Startmenü\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\Volker Stelzl\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
FRITZ!fax (2).lnk - c:\programme\FRITZ!\FriFax32.exe [2008-11-20 1504560]
FRITZ!fon (2).lnk - c:\programme\FRITZ!\FriFon32.exe [2008-11-20 1156400]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
ISDNWatch.lnk - c:\programme\FRITZ!\IWatch.exe [2008-11-20 341296]
Pervasive.SQL Workgroup Engine.lnk - c:\pvsw\bin\w3dbsmgr.exe [2006-5-18 106546]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk autopartntautopartnt
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Stelzl^Startmenü^Programme^Autostart^OpenOffice.org 2.3.lnk]
path=c:\dokumente und einstellungen\Stelzl\Startmenü\Programme\Autostart\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Dokumente und Einstellungen\\Volker Stelzl\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\PVSW\\bin\\w3dbsmgr.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [12.03.2009 21:49 68424]
R2 AVKProxy;G DATA AntiVirus Proxy;c:\programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [19.08.2008 16:20 1089608]
R2 AVKService;G DATA Scheduler;c:\programme\G DATA\AntiVirus\AVK\AVKService.exe [19.08.2008 16:20 386120]
R2 AVKWCtl;AntiVirus Wächter;c:\programme\G DATA\AntiVirus\AVK\AVKWCtl.exe [14.08.2008 08:55 1185496]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [12.03.2009 18:37 51016]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [09.03.2009 11:00 61440]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [20.10.2010 00:00 292128]
R2 SSIPDDP;SSIPDDP Parallel port device driver;c:\windows\system32\drivers\SSIPDDP.SYS [04.11.2008 11:25 54784]
R2 TVGOnlineUpdateSvc;TVG OnlineUpdate-Service;c:\programme\TVG\OnlineUpdate\OnlineUpdateSvc.exe [11.04.2010 17:25 398128]
R3 AVMCOWAN;AVMCOWAN;c:\windows\system32\drivers\avmcowan.sys [07.05.2007 02:00 53632]
R3 fpcibase;FRITZ!Card PCI;c:\windows\system32\drivers\fpcibase.sys [10.03.2008 11:02 537600]
R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [12.03.2009 18:37 48712]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [12.03.2009 18:37 32328]
R3 Pei10Wdm;PEI10 Protokoll Treiber;c:\windows\system32\drivers\Pei10Wdm.sys [15.08.2002 09:20 35547]
R3 Pei16Wdm;PEI16 Protokoll Treiber;c:\windows\system32\drivers\Pei16Wdm.sys [19.09.2002 21:07 34683]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [22.10.2009 15:12 133104]
S3 AVMWAN;AVM NDIS WAN CAPI-Treiber;c:\windows\system32\drivers\avmwan.sys [10.03.2008 11:02 37568]
S3 DialComService;DIAL Communication Service;c:\programme\DIAL GmbH\DIAL Communication Framework\DialComService.exe [13.02.2011 21:56 1623552]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [22.10.2009 15:12 133104]
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [09.03.2009 11:00 17280]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [29.03.2008 13:29 17152]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~2\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [09.08.2006 15:39 19200]
S3 NETFRITZ;AVM FRITZ!web PPP over ISDN;c:\windows\system32\drivers\NETFRITZ.SYS [20.11.2008 21:22 200192]
S3 PORTMON;PORTMON;\??\c:\dokumente und einstellungen\Volker Stelzl\Desktop\Portmon\PORTMSYS.SYS --> c:\dokumente und einstellungen\Volker Stelzl\Desktop\Portmon\PORTMSYS.SYS [?]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [06.01.2010 15:00 14592]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNet.sys [10.03.2008 11:12 343040]
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-11-07 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-13 20:06]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-10-22 14:12]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-10-22 14:12]
.
2011-11-07 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36]
.
2011-11-06 c:\windows\Tasks\User_Feed_Synchronization-{32B8E417-DFA1-44E3-903A-ED5256AF022A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{758EF327-F95A-410B-BAA4-4FD3746AAA14}: NameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-BDE 32 4.0 - c:\windows\unin0407.exe
AddRemove-Desktop - d:\elektro\ELE\unstall.exe
AddRemove-EL-USB&10C4&0002 - c:\windows\system32\Silabs\DriverUninstaller.exe USBXpress\EL-USB&10C4&0002
AddRemove-Elcom 5.1 - c:\windows\IsUn0407.exe
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-Semiolog2 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-07 11:26
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4648)
c:\programme\Logitech\MouseWare\System\LgWndHk.dll
c:\dokumente und einstellungen\Volker Stelzl\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
c:\programme\Gemeinsame Dateien\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\SearchIndexer.exe
c:\programme\Canon\CAL\CALMAIN.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\rundll32.exe
c:\programme\ATI Technologies\ATI.ACE\CLI.EXE
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe
c:\programme\Logitech\MouseWare\system\em_exec.exe
c:\programme\WEKA\PraxisCheck-Elektro 4.2\SHIWebOnDisk.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\PC Connectivity Solution\ServiceLayer.exe
c:\programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\programme\ATI Technologies\ATI.ACE\cli.exe
c:\programme\ATI Technologies\ATI.ACE\cli.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-07  11:34:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-07 10:33
.
Vor Suchlauf: 22 Verzeichnis(se), 34.804.989.952 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 34.804.633.600 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - E150C9B9BDF5DC56D1ABA8E49F2A35C4

--- --- ---

cosinus · 07.11.2011, 12:49

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Volker68 · 08.11.2011, 18:19

Hallo Arne,
hier die Scans:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 17:29:18 on 08.11.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"HPpromotions journeysoftware.job" - "hp" - C:\Programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"PavCPL" - ? - C:\WINDOWS\system32\pavcpl.cpl  (File not found)
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys
"Antwort für Verbindungsschicht-Topologieerkennung" (rspndr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rspndr.sys
"AVM FRITZ!web PPP over ISDN" (NETFRITZ) - ? - C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS  (File found, but it contains no detailed information)
"BrPar" (BrPar) - "Brother Industries Ltd." - C:\WINDOWS\System32\drivers\BrPar.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Cinemsup" (Cinemsup) - "Sonic Solutions" - C:\WINDOWS\system32\drivers\Cinemsup.sys
"G DATA Rootkit Detector Driver" (GRD) - "G DATA Software" - C:\WINDOWS\system32\drivers\GRD.sys
"GDMnIcpt" (GDMnIcpt) - "G DATA Software AG" - C:\WINDOWS\system32\drivers\MiniIcpt.sys
"GDTdiInterceptor" (GDTdiInterceptor) - ? - C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
"Haspnt" (Haspnt) - "Aladdin Knowledge Systems" - C:\WINDOWS\system32\drivers\Haspnt.sys
"HookCentre" (HookCentre) - "G DATA Software AG" - C:\WINDOWS\system32\drivers\HookCentre.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"InCD Reader" (InCDRm) - ? - C:\WINDOWS\System32\drivers\InCDRm.sys  (File not found)
"InCDPass" (InCDPass) - ? - C:\WINDOWS\System32\drivers\InCDPass.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"Logitech SetPoint Keyboard Driver" (L8042Kbd) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys
"Logitech SetPoint KMDF HID Filter Driver" (LHidFilt) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys
"Logitech SetPoint KMDF Mouse Filter Driver" (LMouFilt) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\WINDOWS\system32\drivers\mbamswissarmy.sys  (File not found)
"MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~2\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PEI10 Protokoll Treiber" (Pei10Wdm) - "EIBA s.c." - C:\WINDOWS\System32\Drivers\Pei10Wdm.sys
"PEI16 Protokoll Treiber" (Pei16Wdm) - "EIBA s.c." - C:\WINDOWS\System32\Drivers\Pei16Wdm.sys
"PORTMON" (PORTMON) - ? - C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\Portmon\PORTMSYS.SYS  (File not found)
"Sentinel" (Sentinel) - "SafeNet, Inc." - C:\WINDOWS\System32\Drivers\SENTINEL.SYS
"SetPoint Mouse Filter Driver" (LMouKE) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LMouKE.Sys
"SetPoint PS/2 Mouse Filter Driver" (L8042mou) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\L8042mou.Sys
"SSIPDDP Parallel port device driver" (SSIPDDP) - ? - C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS
"TechniSat DVB-PC TV Star PCI" (SKYNET) - "B2C2, Inc." - C:\WINDOWS\System32\DRIVERS\SkyNET.SYS
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WinDriver6" (WinDriver6) - "Jungo" - C:\WINDOWS\System32\drivers\windrvr6.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} "DIALux 2.0 ArchivProtocol Class" - "DIAL GmbH, Germany" - C:\Programme\DIALux\DLXToolBox.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell-Erweiterungskomponente" - ? - C:\Programme\Corel\Graphics10\Draw\CdrViewer\CrlShell100.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - ? - C:\WINDOWS\system32\hticons.dll  (File not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Wcesview.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\programme\real\realplayer\rpshell.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
DIALux Doc ShellExtension "{7889C2D5-D128-43e2-A8D8-A7590A12C8B3}" - ? -   (File not found | COM-object registry key not found)
DIALux LumFile ShellExtension "{7EFFF3DD-71B3-11D4-A25E-005056DCFB89}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} "BitDefender QuickScan Control" - "BitDefender LLC" - C:\WINDOWS\DOWNLO~1\qsax.dll / hxxp://quickscan.bitdefender.com/qsax/qsax.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\INetRepl.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\INetRepl.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{0124123D-61B4-456f-AF86-78C53A0790C5} "G DATA WebFilter" - ? - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} "DIALux 3.1 ULDBrowserHelper Class" - "DIAL GmbH, Germany" - C:\Programme\DIALux\DLXShellExtension.dll
{0124123D-61B4-456f-AF86-78C53A0790C5} "G DATA WebFilter" - ? - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll  (File found, but it contains no detailed information)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"ISDNWatch.lnk" - "AVM Berlin" - C:\Programme\FRITZ!\IWatch.exe  (Shortcut exists | File exists)
"Pervasive.SQL Workgroup Engine.lnk" - "Pervasive Software Inc." - C:\PVSW\bin\w3dbsmgr.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Volker Stelzl\Startmenü\Programme\Autostart\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
"FRITZ!fax (2).lnk" - "AVM Berlin" - C:\Programme\FRITZ!\FriFax32.exe  (Shortcut exists | File exists)
"FRITZ!fon (2).lnk" - "AVM Berlin" - C:\Programme\FRITZ!\FriFon32.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
"NokiaOviSuite2" - "Nokia" - C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"ATICCC" - ? - "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"  (File found, but it contains no detailed information)
"ControlCenter2.0" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
"G DATA AntiVirus Trayapplication" - "G DATA Software AG" - C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe
"HP Software Update" - "Hewlett-Packard" - C:\Programme\HP\HP Software Update\HPWuSchd2.exe
"IndexSearch" - "ScanSoft, Inc." - C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"NokiaMServer" - "Nokia" - C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles startup
"OSSelectorReinstall" - ? - C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe  (File found, but it contains no detailed information)
"PaperPort PTD" - "ScanSoft, Inc." - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SHIWebOnDiskManager" - "SHI Elektronische Medien GmbH" - "C:\Programme\SHIWebOnDiskManager\SHIWebOnDiskManager.exe"
"SSBkgdUpdate" - "Scansoft, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\programme\real\realplayer\update\realsched.exe"  -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"CPW Monitor" - ? - C:\WINDOWS\system32\cute2mon2k.dll  (File found, but it contains no detailed information)
"CUSTPDF Writer Monitor x86" - ? - C:\WINDOWS\system32\custmon32.dll  (File found, but it contains no detailed information)
"FRITZ!fax Color Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaColorMon.dll
"FRITZ!fax Port Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaMon.dll
"PDF-XChange" - "Tracker Software" - C:\WINDOWS\system32\pxc25pm.dll
"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"AntiVirus Wächter" (AVKWCtl) - "G DATA Software AG" - C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe
"DIAL Communication Service" (DialComService) - ? - C:\Programme\DIAL GmbH\DIAL Communication Framework\DialComService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"G DATA AntiVirus Proxy" (AVKProxy) - "G DATA Software AG" - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
"G DATA Scheduler" (AVKService) - "G DATA Software AG" - C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe
"Sentinel Security Runtime" (SentinelSecurityRuntime) - "SafeNet, Inc." - C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
"TVG OnlineUpdate-Service" (TVGOnlineUpdateSvc) - ? - C:\Programme\TVG\OnlineUpdate\OnlineUpdateSvc.exe  (File found, but it contains no detailed information)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-08 17:32:29
-----------------------------
17:32:29.109 OS Version: Windows 5.1.2600 Service Pack 3
17:32:29.109 Number of processors: 2 586 0x6B02
17:32:29.109 ComputerName: PC_STELZL UserName:
17:32:29.437 Initialize success
17:34:51.000 AVAST engine defs: 11110801
17:35:03.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000085
17:35:03.796 Disk 0 Vendor: WDC_WD1500AHFD-00RAR5 21.07QR5 Size: 143089MB BusType: 3
17:35:05.796 Disk 0 MBR read successfully
17:35:05.796 Disk 0 MBR scan
17:35:05.828 Disk 0 Windows XP default MBR code
17:35:05.828 Disk 0 scanning sectors +293041665
17:35:05.875 Disk 0 scanning C:\WINDOWS\system32\drivers
17:35:15.312 Service scanning
17:35:16.328 Modules scanning
17:35:20.000 Disk 0 trace - called modules:
17:35:20.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
17:35:20.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afa6ab8]
17:35:20.015 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000086[0x8af50f18]
17:35:20.015 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\00000085[0x8afa6030]
17:35:20.484 AVAST engine scan C:\WINDOWS
17:35:33.828 AVAST engine scan C:\WINDOWS\system32
17:37:24.093 AVAST engine scan C:\WINDOWS\system32\drivers
17:37:37.500 AVAST engine scan C:\Dokumente und Einstellungen\Volker Stelzl
17:50:44.562 AVAST engine scan C:\Dokumente und Einstellungen\All Users
18:05:54.468 Scan finished successfully
18:12:59.515 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\MBR.dat"
18:12:59.515 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\aswMBR.txt"

cosinus · 08.11.2011, 20:00

GMER ging nicht?

Volker68 · 20.11.2011, 17:22

Hallo Arne,
habe zwischenzeitlich die aktuellste Version des Virenscanners von GDATA installiert. Damit ist das Problem nicht wieder aufgetreten. Ich denke, somit sind keine weiteren scans erforderlich.
Vielen Dank nochmal

01.11.2011, 20:29	#19
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Real Upgrade Logon TaskS-1-5-21.... Ok, dann wie wie oben nochmal auf die gleiche Art und Weise ein neues OTL-Log __________________ Logfiles bitte immer in CODE-Tags posten

08.11.2011, 20:00	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Real Upgrade Logon TaskS-1-5-21.... GMER ging nicht? __________________ Logfiles bitte immer in CODE-Tags posten

Real Upgrade Logon TaskS-1-5-21....

Log-Analyse und Auswertung: Real Upgrade Logon TaskS-1-5-21....