Das Tagesgeschäft steht sowieso still egal ob ich den Rechner bereinigen muss oder neu aufsetzen oder ob ich einen neuen Rechner komplett neu installiere (was sowieso demnächst ansteht, aber halt nicht jetzt sofort). Und in diesem Fall kann ich gar nicht abschätzen wie verseucht der Rechner ist mit welchen Auswirkungen :-(

Egal. Mach wir einfach weiter.

Zitat:

[2012.02.01 10:13:55 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.05.15 09:42:40 | 000,000,000 | ---D | M] (Conduit Engine) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\engine@conduit.com
[2011.07.27 13:21:08 | 000,000,000 | ---D | M] ("Nero Toolbar") -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\toolbar@ask.com

Wieso müllst du dir das System mit nutzlosen Toolbars zu?
Deinstalliere über Systemsteuerung unter Software bzw. Programme und Funktionen alles wo Toolbar zu sehen ist. Bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann.
Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung.

o.k. Mozilla Add-ons sind deinstalliert und überflüssige Programme auch.

Gruß
Angela

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code: Alles auswählenAufklappen

ATTFilter

 hier steht das Log
         

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Setze oben mittig den Haken bei Scanne alle Benutzer
• Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code: Alles auswählenAufklappen

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Klick auf .
• Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier kommt das neue OTL Log:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 13.02.2012 15:50:23 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Benutzer\XXX\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 43,90% Memory free
6,73 Gb Paging File | 4,26 Gb Available in Paging File | 63,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,45 Gb Total Space | 81,66 Gb Free Space | 68,37% Space Free | Partition Type: NTFS
Drive D: | 205,59 Gb Total Space | 104,03 Gb Free Space | 50,60% Space Free | Partition Type: NTFS
Drive F: | 143,53 Gb Total Space | 84,63 Gb Free Space | 58,96% Space Free | Partition Type: NTFS
Drive G: | 462,94 Gb Total Space | 371,47 Gb Free Space | 80,24% Space Free | Partition Type: NTFS
Drive P: | 1009,51 Mb Total Space | 1009,22 Mb Free Space | 99,97% Space Free | Partition Type: FAT32
 
Computer Name: CALLAS | User Name: Chef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.13 10:36:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Benutzer\XXX\Desktop\OTL.exe
PRC - [2012.02.11 18:40:44 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011.12.09 02:20:00 | 000,079,872 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
PRC - [2011.12.08 08:48:00 | 000,027,136 | ---- | M] (DATEV e.G.) -- F:\DATEV\SYSTEM\DVREWEDZSMSTR030A.exe
PRC - [2011.11.04 08:51:48 | 000,176,128 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
PRC - [2011.09.13 09:40:36 | 000,184,320 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Check\DkDataSvr.exe
PRC - [2011.09.09 05:30:00 | 000,080,992 | ---- | M] (DATEV eG) -- F:\DATEV\SYSTEM\Nuko\NKWLOGIN.exe
PRC - [2011.09.06 14:25:54 | 000,009,824 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe
PRC - [2011.09.06 14:22:46 | 000,063,488 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
PRC - [2011.09.01 18:12:16 | 000,010,848 | ---- | M] (DATEV eG) -- F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
PRC - [2011.07.25 02:49:00 | 000,269,920 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe
PRC - [2011.07.25 02:49:00 | 000,172,640 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe
PRC - [2011.06.28 09:22:08 | 000,549,472 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe
PRC - [2011.06.28 09:18:54 | 002,409,056 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
PRC - [2011.05.09 14:52:04 | 000,271,456 | ---- | M] (Datev eG) -- F:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
PRC - [2011.05.09 14:52:02 | 000,595,552 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000398\SiPaHost.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
PRC - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.11.26 15:53:14 | 000,878,176 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Sws\LiMaService.exe
PRC - [2010.11.26 15:53:14 | 000,378,976 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Sws\LiMaServer.exe
PRC - [2010.09.22 16:47:40 | 000,368,736 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe
PRC - [2010.09.22 16:47:22 | 000,292,960 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe
PRC - [2010.09.13 17:58:00 | 000,866,912 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0001363\SCmIdentityScanner.exe
PRC - [2010.09.03 14:50:22 | 000,406,112 | ---- | M] (DATEV e.G.) -- F:\DATEV\PROGRAMM\B0001364\DtvScSer.exe
PRC - [2010.08.25 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2010.08.25 20:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010.08.25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010.08.25 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010.08.25 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2010.06.04 17:59:08 | 000,533,808 | ---- | M] (Acronis) -- C:\Programme\Acronis\DriveMonitor\adm_tray.exe
PRC - [2010.06.04 17:57:46 | 003,427,312 | ---- | M] (Acronis) -- C:\Programme\Acronis\DriveMonitor\adm.exe
PRC - [2010.03.26 02:07:42 | 000,091,992 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe
PRC - [2010.03.26 02:07:42 | 000,091,992 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
PRC - [2010.03.22 16:19:11 | 001,540,096 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\netzmanager.exe
PRC - [2010.03.22 15:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.10.27 18:23:50 | 000,660,504 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009.10.27 18:20:18 | 000,365,560 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.08.25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009.08.25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe
PRC - [2009.08.25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe
PRC - [2009.08.25 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\McTray.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.06.18 07:13:20 | 000,036,448 | ---- | M] (DATEV eG) -- F:\DATEV\SYSTEM\RzpjWtch.exe
PRC - [2008.04.21 23:27:06 | 000,498,952 | ---- | M] () -- C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2008.04.21 23:00:36 | 000,911,168 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008.04.21 22:54:38 | 002,622,296 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008.03.26 12:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.01 18:51:15 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\Datev.Viwas.UserSession.Interfaces\6.1.0.0__cbc631f1c682336b\Datev.Viwas.UserSession.Interfaces.dll
MOD - [2012.02.01 08:56:40 | 000,559,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mic#\ab897c9ae44064f06a572ace612ef96a\Datev.Framework.MicroParts.Interface.ni.dll
MOD - [2012.02.01 08:56:35 | 000,092,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Lic#\9af47ea84c5be571f69a62e7ac94c9e7\Datev.Framework.LicenseManagement.PlugIn.ni.dll
MOD - [2012.02.01 08:56:31 | 002,413,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Int#\6a6701bcb6da8f46138f5b1640780d7e\Datev.Framework.Interface.ni.dll
MOD - [2012.02.01 08:56:25 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Env#\ae95f9864b550d732008d36bbf8fa83c\Datev.Framework.Environment.ni.dll
MOD - [2012.02.01 08:56:22 | 000,209,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dir#\bdad833b78b3073f32424e5094f3087d\Datev.Framework.DirectStart.ni.dll
MOD - [2012.02.01 08:56:03 | 000,114,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Stor#\5366d4f5a42e8eb59356a2268c79791b\Datev.ConfigDB.StorageProvider.ni.dll
MOD - [2012.02.01 08:56:03 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Plug#\fd32ce8960bd6f90fabce86a6691d5fa\Datev.ConfigDB.PlugIn.ni.dll
MOD - [2012.02.01 08:56:02 | 000,664,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB\ebabcc37e465653b44e7534ce4ef497e\Datev.ConfigDB.ni.dll
MOD - [2012.02.01 08:56:02 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Inte#\b74271af9aa9c73597572b99b8c71446\Datev.ConfigDB.Interfaces.ni.dll
MOD - [2012.02.01 08:38:32 | 000,922,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dia#\866dc35fd221fbfeb1aba2bd2bf08b4c\Datev.Framework.Diagnostics.RealTimeTracing.ni.dll
MOD - [2012.02.01 08:38:30 | 002,469,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mic#\cfc192a04e1d1d97ee4f00297a630fc4\Datev.Framework.MicroKernel.ni.dll
MOD - [2012.01.12 18:53:34 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\6a1e2938633d08d9d97c6940a537b1ff\System.IdentityModel.ni.dll
MOD - [2012.01.12 18:53:32 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\a2046fbb45b00425d083cc8706b75479\System.ServiceModel.ni.dll
MOD - [2012.01.12 18:52:59 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2012.01.12 18:52:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2011.10.16 18:44:39 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\16c385f23b5e493899f0d206dfb60094\System.IdentityModel.ni.dll
MOD - [2011.10.16 18:44:37 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\559ebac0a85ae55da09827b8048f77bd\System.ServiceModel.ni.dll
MOD - [2011.10.16 18:42:18 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\aab1c287bc73a03c51b55fb3f102c27e\System.ServiceProcess.ni.dll
MOD - [2011.10.16 18:42:10 | 000,244,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\6df772247e44fc7cdaba2a87318ded7a\System.Runtime.Caching.ni.dll
MOD - [2011.10.16 18:41:53 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\41a4f6cc5d596e952fd880ae1a47308f\System.Runtime.DurableInstancing.ni.dll
MOD - [2011.10.16 18:41:53 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\caf1d94cb89859c72d6c8cd8774068d3\System.Transactions.ni.dll
MOD - [2011.10.16 18:41:51 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\993f89ba22499c379d2a9dd25d13cd94\System.Runtime.Serialization.ni.dll
MOD - [2011.10.16 18:41:51 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\398a52caf1e9fd1a6ea9dd589b0f6e68\SMDiagnostics.ni.dll
MOD - [2011.10.16 18:41:48 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\bd729791a7504ef9ecb4ad6ebfd94935\System.Xml.Linq.ni.dll
MOD - [2011.10.16 18:04:35 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll
MOD - [2011.10.16 17:47:35 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll
MOD - [2011.10.16 17:47:30 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll
MOD - [2011.10.16 17:45:37 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011.10.16 17:44:16 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\02768700bc8f762ccfe37785ba8eb498\System.EnterpriseServices.ni.dll
MOD - [2011.10.16 17:44:15 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll
MOD - [2011.10.16 17:44:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011.10.13 07:01:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.10.13 07:01:03 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.13 07:00:49 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.13 07:00:06 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011.10.13 07:00:02 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011.10.13 06:59:45 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011.10.13 06:59:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011.10.13 06:59:29 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.13 06:59:22 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.10.12 17:02:39 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll
MOD - [2011.10.12 17:02:37 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
MOD - [2011.10.12 17:02:33 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
MOD - [2011.10.12 17:02:33 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll
MOD - [2011.10.12 17:02:31 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
MOD - [2011.10.12 17:02:24 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2011.06.28 09:22:06 | 000,068,704 | ---- | M] () -- F:\DATEV\PROGRAMM\B0000150\ScServer\ScEventSourcePlugin.dll
MOD - [2011.05.09 14:52:00 | 000,203,264 | ---- | M] () -- F:\DATEV\SYSTEM\DVCCSipaHostApidll.dll
MOD - [2010.07.12 09:05:32 | 000,030,304 | ---- | M] () -- F:\DATEV\PROGRAMM\B0000150\ScServer\ScWinMagicPlugin.dll
MOD - [2010.06.04 17:40:26 | 000,012,128 | ---- | M] () -- C:\Programme\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
MOD - [2009.09.22 16:06:38 | 000,087,040 | ---- | M] () -- F:\DATEV\PROGRAMM\B0000391\DokSchutzShExt.dll
MOD - [2009.09.16 17:24:04 | 000,101,888 | ---- | M] () -- F:\DATEV\SYSTEM\DVCCDBNETCONVAPIAX300.DLL
MOD - [2009.03.29 20:42:20 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.29 20:42:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.29 20:42:14 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.03.29 20:42:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.03.29 20:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.18 10:39:54 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2009.01.18 14:50:02 | 000,417,792 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2008.05.02 05:15:37 | 000,010,240 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll
MOD - [2008.04.21 22:43:20 | 001,336,600 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\fox.dll
MOD - [2007.11.16 16:02:18 | 000,479,232 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007.11.16 16:02:18 | 000,401,408 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll
MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (DVDFUEavmnwapi)
SRV - File not found [On_Demand | Running] --  -- (Datev.Framework.RemoteServices.Messaging.CentralMessagingService)
SRV - File not found [On_Demand | Running] --  -- (Datev.Framework.RemoteServices)
SRV - File not found [Auto | Running] --  -- (Datev.Framework.RemoteServiceModel.EnablerService)
SRV - File not found [On_Demand | Running] --  -- (Datev.Database.Conserve)
SRV - [2012.02.11 18:40:44 | 000,159,608 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011.12.09 02:20:00 | 000,079,872 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2011.11.04 08:51:48 | 000,176,128 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe -- (Dcmanag)
SRV - [2011.09.06 14:22:46 | 000,063,488 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe -- (DATEV ViwasClientService)
SRV - [2011.07.25 02:49:00 | 000,172,640 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2011.06.28 09:18:54 | 002,409,056 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe -- (DVckService)
SRV - [2011.05.09 14:52:04 | 000,271,456 | ---- | M] (Datev eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe -- (Sicherheitspaket-Dienst)
SRV - [2010.09.22 16:47:22 | 000,292,960 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe -- (SCardService)
SRV - [2010.09.03 14:50:22 | 000,406,112 | ---- | M] (DATEV e.G.) [Auto | Running] -- F:\DATEV\PROGRAMM\B0001364\DtvScSer.exe -- (DATEV Logon Service)
SRV - [2010.08.25 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2010.08.25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010.08.25 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2010.08.25 07:54:06 | 000,194,144 | ---- | M] (KOBIL Systems GmbH) [Disabled | Stopped] -- F:\DATEV\PROGRAMM\B0000404\msdisrv.exe -- (KOBIL_MSDI)
SRV - [2010.03.22 15:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2009.10.27 18:23:50 | 000,660,504 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.08.25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009.07.20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.01.28 09:52:46 | 002,790,400 | ---- | M] (Aladdin Knowledge Systems Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2008.12.29 16:27:40 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.05.29 09:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.04.21 23:27:06 | 000,498,952 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006.12.07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2006.12.07 16:52:10 | 000,095,128 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.11 18:40:44 | 000,475,704 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012.02.11 18:40:44 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.07.19 14:28:42 | 000,075,320 | ---- | M] (Datev eG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\d3_kafm.sys -- (SC_Serv3D)
DRV - [2010.08.25 20:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010.08.25 20:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010.08.25 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010.08.25 20:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010.03.04 12:50:14 | 000,261,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.10.08 15:45:22 | 000,023,424 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KOBCCEX.sys -- (KOBCCEX)
DRV - [2009.10.08 15:45:10 | 000,084,352 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KOBCCID.sys -- (KOBCCID)
DRV - [2009.07.09 13:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2009.06.22 09:06:32 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 17:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009.06.17 17:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009.05.21 15:43:20 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2009.02.03 02:10:12 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2009.01.16 10:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.12.29 18:08:51 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008.12.29 18:08:51 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008.12.29 18:08:50 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.12.29 18:08:48 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008.08.29 13:19:36 | 000,040,368 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2008.03.19 18:30:00 | 007,438,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.01.19 06:55:32 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2008.01.19 06:49:30 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2007.09.12 17:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DslTestSp5.sys -- (dsltestSp5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.datev.de/portal/ShowPage.do?pid=dpi&nid=302
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.datev.de/
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.18
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:3.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.9.99999
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@datev.de/DATEV_BestellManager,version=1.7: F:\DATEV\PROGRAMM\A0000015\npdvbm.dll ( DATEV eG)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 08:40:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.01 08:22:33 | 000,000,000 | ---D | M]
 
[2009.02.01 13:57:41 | 000,000,000 | ---D | M] (No name found) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Extensions
[2012.02.13 15:10:02 | 000,000,000 | ---D | M] (No name found) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions
[2011.07.27 13:20:58 | 000,000,000 | ---D | M] (FoxClocks) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012.02.02 08:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.09.13 18:39:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
() (No name found) -- D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\EXTENSIONS\{1F91CDE0-C040-11DA-A94D-0800200C9A66}.XPI
() (No name found) -- D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.29 17:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.08.25 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.05.25 15:10:28 | 001,386,600 | ---- | M] (LINK & LINK Software) -- C:\Program Files\mozilla firefox\plugins\npideapl.dll
[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {557F4852-8868-44dd-B5E9-9890AC4B1FD5} - No CLSID value found.
O2 - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - F:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - F:\DATEV\SYSTEM\DVCCSASCardBHO002.dll (DATEV eG)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [adm_tray.exe] C:\Programme\Acronis\DriveMonitor\adm_tray.exe (Acronis)
O4 - HKLM..\Run: [DATEV Update-Monitor] F:\DATEV\PROGRAMM\Install\DvInesASDMon.exe (DATEV eG)
O4 - HKLM..\Run: [DATEV_SCardMan] F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe (DATEV eG)
O4 - HKLM..\Run: [Dell MFP Color Laser Printer 3115cn Launcher] C:\Program Files\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe (Dell Inc.)
O4 - HKLM..\Run: [DVCCSAWTSSetEntryNTE] F:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe (DATEV eG)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ScreenManager Pro for LCD] C:\Programme\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SiPaHost] F:\DATEV\PROGRAMM\B0000398\SiPaHost.exe (DATEV eG)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [Datev.Arbeitsplatz.Scheduler.exe] F:\DATEV\PROGRAMM\K0005000\Datev.Arbeitsplatz.Scheduler.exe (DATEV eG)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [DFÜ-Sammler] F:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe ()
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [GGAopsUxiAA.exe] C:\ProgramData\GGAopsUxiAA.exe File not found
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe File not found
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002..\Run: [Datev.Arbeitsplatz.Scheduler.exe] F:\DATEV\PROGRAMM\K0005000\Datev.Arbeitsplatz.Scheduler.exe (DATEV eG)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002..\Run: [DFÜ-Sammler] F:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe ()
O4 - Startup: D:\Benutzer\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O4 - Startup: D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CD-MENU.LNK =  File not found
O4 - Startup: D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VIWAS - USB Scanner.url ()
O4 - Startup: D:\Benutzer\Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DATEV Arbeitsplatz.lnk = F:\DATEV\PROGRAMM\K0005000\Arbeitsplatz.exe (DATEV eG)
O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .IPC - C:\Programme\Mozilla Firefox\plugins\npideapl.dll (LINK & LINK Software)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: bio-discount-markt.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.com ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.com ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([www] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([www] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([www.wissensvermittlung] * in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevnet.de ([*.services] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevnet.de ([*.services] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: handelsblatt.com ([www] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: ing-diba.de ([www] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: jonglieren-lernen.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: kaufdown.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: lswb.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: lufthansa.com ([newsletter] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: premium-content-center.de ([www.vhb] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: staatsoper.de ([secure] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: sueddeutsche.de ([kaufdown] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: sueddeutsche.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: sued-west.com ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: vkb.de ([cms] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: wirtschaftspresse.biz ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: adac.de ([www] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.at ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.at ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.com ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.com ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([www] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([www] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevnet.de ([*.services] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevnet.de ([*.services] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: dell.com ([support.euro] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: deutschepost.de ([stampitweb] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: localhost ([]http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: localhost ([]https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: t-online.de ([email] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: top20free.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Ranges: LocalHost ([http] in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D50606D-CA42-4B5F-A889-FD51BCAB22AA}: DhcpNameServer = 192.168.123.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Benutzer\Public\Pictures\Sample Pictures\Tornado2.jpg
O24 - Desktop BackupWallPaper: D:\Benutzer\Public\Pictures\Sample Pictures\Tornado2.jpg
O30 - LSA: Authentication Packages - (relog_ap) -C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk - C:\Programme\Audible\Bin\AudibleDownloadHelper.exe - (Audible, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hardcopy.LNK - C:\Programme\Hardcopy\hardcopy.exe - (sw4you, Siegfried Weckmann)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.1 HD Edition.lnk - C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe - (Panasonic Corporation)
MsConfig - StartUpFolder: D:^Benutzer^Chef^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: DLPSP - hkey= - key= - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KeePass Password Safe - hkey= - key= - C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: phonostarTimer - hkey= - key= - C:\Programme\phonostar-Player\phonostarTimer.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: STAMPIT-Tray - hkey= - key= - C:\Programme\STAMPIT\Binary\STRAY.EXE (Deutsche Post AG)
MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 0
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0F1D198F-E5EA-4542-930E-2FB2B099F3F3} - LanaConfigTool_3383
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} - msiexec /fus {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} /quiet
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - tsccvid.dll File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.12 16:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.11 19:42:31 | 000,000,000 | ---D | C] -- D:\Benutzer\Chef\AppData\Roaming\Malwarebytes
[2012.02.11 19:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.11 19:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.11 19:42:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.11 19:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.11 18:59:01 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.02.11 18:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012.02.11 17:11:08 | 000,000,000 | ---D | C] -- C:\Quarantäne
[2012.02.01 18:52:32 | 000,091,896 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2012.02.01 18:52:32 | 000,087,656 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2012.02.01 18:52:32 | 000,076,024 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2012.02.01 18:52:32 | 000,043,192 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2012.02.01 18:52:31 | 000,475,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2012.02.01 18:52:31 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2012.02.01 18:52:31 | 000,064,208 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys
[2012.02.01 18:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.02.01 18:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.02.01 18:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012.02.01 14:07:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.13 15:51:54 | 000,003,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.13 15:51:54 | 000,003,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.13 15:41:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.13 10:32:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.02.13 10:23:01 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7B350D1C-3775-4BB6-855B-FA96CDF39FC4}.job
[2012.02.13 07:58:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.13 07:51:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.12 09:28:13 | 000,000,000 | ---- | M] () -- D:\Benutzer\Chef\defogger_reenable
[2012.02.11 18:59:01 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.02.11 18:40:44 | 000,475,704 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2012.02.11 18:40:44 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2012.02.11 18:40:44 | 000,087,656 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2012.02.09 17:24:20 | 001,009,612 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.09 17:24:20 | 000,911,982 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.09 17:24:20 | 000,278,674 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.09 17:24:20 | 000,219,280 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.02 19:58:34 | 000,000,705 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.02.01 19:03:30 | 000,000,021 | ---- | M] () -- C:\Windows\DvInesKurusOleServer003.INI
[2012.02.01 11:03:37 | 000,000,694 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DATEV-Hinweis Mitteilungsdienst.lnk
[2012.02.01 10:39:00 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\DATEV Arbeitsplatz pro V.2.03.lnk
[2012.02.01 10:30:51 | 000,000,862 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office SR V.5.02 Initialisierung.lnk
[2012.02.01 10:17:34 | 000,000,849 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
[2012.02.01 09:22:10 | 000,000,828 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DFÜ-Manager.lnk
[2012.02.01 09:00:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_Lansche.job
[2012.02.01 09:00:00 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_FIBU.job
[2012.02.01 08:34:11 | 000,000,102 | ---- | M] () -- C:\Windows\Startup.INI
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.12 11:35:43 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office SR V.5.02 Initialisierung.lnk
[2012.02.12 11:35:43 | 000,000,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
[2012.02.12 11:35:43 | 000,000,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DFÜ-Manager.lnk
[2012.02.12 11:35:43 | 000,000,719 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lizenz-Manager Server.lnk
[2012.02.12 11:35:43 | 000,000,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RZ-Druckertreiber V.2.3.lnk
[2012.02.12 09:28:13 | 000,000,000 | ---- | C] () -- D:\Benutzer\Chef\defogger_reenable
[2012.02.01 10:39:00 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\DATEV Arbeitsplatz pro V.2.03.lnk
[2012.02.01 08:22:33 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.10.19 15:23:20 | 002,897,408 | ---- | C] () -- C:\Program Files\EPortoInstaller2010_v2.1.msi
[2011.10.19 15:23:20 | 000,436,736 | ---- | C] () -- C:\Program Files\setup.exe
[2011.07.01 12:55:07 | 000,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.04.19 13:37:11 | 000,000,093 | ---- | C] () -- D:\Benutzer\Chef\AppData\Roaming\BEVI.CFG
[2010.12.17 08:38:47 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.09.22 16:48:26 | 000,032,352 | ---- | C] () -- C:\Windows\System32\JNILibrary.dll
[2010.09.22 16:48:06 | 000,114,272 | ---- | C] () -- C:\Windows\System32\INetCert.dll
[2010.07.26 11:12:23 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.07.26 11:12:23 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.07.26 11:12:23 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.07.26 11:12:23 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.07.26 11:12:23 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.07.26 11:12:23 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.07.26 11:12:23 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.07.26 11:12:23 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.07.26 11:12:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.07.26 11:12:23 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.07.26 11:12:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.07.26 11:12:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.07.26 11:12:23 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.07.26 11:12:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.07.26 11:12:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.07.26 11:12:23 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.07.26 11:12:23 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.07.26 11:12:23 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.07.26 11:12:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.04.16 07:40:49 | 000,000,118 | ---- | C] () -- C:\Windows\gmbhr.ini
[2010.04.16 07:40:39 | 000,015,840 | ---- | C] () -- C:\Windows\System32\Machnm1.exe
[2009.12.03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.10.21 07:45:09 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.10.21 07:44:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.21 07:44:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nsldap32v60.dll
[2009.05.26 09:31:09 | 000,014,680 | ---- | C] () -- C:\Windows\System32\skypdfmonpro.dll
[2009.05.26 09:31:09 | 000,012,632 | ---- | C] () -- C:\Windows\System32\skypdfmonuipro.dll
[2009.05.25 21:00:46 | 000,000,021 | ---- | C] () -- C:\Windows\KurusDeinstall.INI
[2009.05.21 10:33:06 | 000,000,012 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009.05.17 12:27:18 | 000,000,164 | ---- | C] () -- C:\Windows\DEINSTAL.INI
[2009.05.17 12:05:44 | 000,000,000 | ---- | C] () -- C:\Windows\netop.ini
[2009.05.17 09:28:58 | 000,000,095 | ---- | C] () -- D:\Benutzer\Chef\AppData\Local\fusioncache.dat
[2009.05.17 08:57:01 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2009.05.17 08:54:29 | 000,000,101 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2009.05.17 08:54:28 | 000,000,101 | ---- | C] () -- C:\Windows\dvinesinstart001.INI
[2009.05.17 08:52:06 | 000,000,102 | ---- | C] () -- C:\Windows\Startup.INI
[2009.01.02 13:52:17 | 000,008,192 | ---- | C] () -- D:\Benutzer\Chef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.28 15:03:13 | 000,000,705 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.20 12:47:34 | 004,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll
[2008.12.20 12:47:34 | 000,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll
[2008.11.30 14:19:21 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2008.11.30 12:58:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\System32\nsldapssl32v60.dll
[2008.10.30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\System32\nsldappr32v60.dll
[2008.09.26 17:40:50 | 000,024,376 | ---- | C] () -- C:\Windows\System32\TALDM32A.dll
[2008.09.26 17:40:50 | 000,022,832 | ---- | C] () -- C:\Windows\System32\TALDM32.DLL
[2008.09.26 17:40:48 | 000,052,536 | ---- | C] () -- C:\Windows\System32\TAL12832.DLL
[2008.09.13 13:53:35 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2008.07.09 16:23:08 | 000,255,288 | ---- | C] () -- C:\Windows\System32\SBSPAIN3.DLL
[2008.07.09 16:22:28 | 000,075,576 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL
[2007.01.15 08:19:16 | 000,016,473 | ---- | C] () -- C:\Windows\System32\SELF32.INI
[2006.11.02 16:42:41 | 001,009,612 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:42:41 | 000,278,674 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:43 | 000,342,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,911,982 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,219,280 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.08.16 12:48:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\OrdMen.dll
[2005.08.16 12:48:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\SOFFICK2.dll
[2005.08.16 12:47:52 | 000,045,056 | ---- | C] () -- C:\Windows\System32\SBSPAIN2.DLL
[2005.08.16 12:47:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2003.09.24 11:42:12 | 000,000,093 | ---- | C] () -- C:\Windows\tm.ini
[2003.09.24 10:42:00 | 000,000,093 | ---- | C] () -- C:\Windows\System32\tm.ini
[2001.05.07 14:51:42 | 000,001,091 | ---- | C] () -- C:\Windows\PCDBAudit.ini
[1999.08.26 14:50:36 | 000,020,480 | ---- | C] () -- C:\Windows\System32\ddma32.dll
[1999.01.19 14:18:30 | 000,110,080 | ---- | C] () -- C:\Windows\System32\LFPNG60N.DLL
[1999.01.19 14:18:30 | 000,046,080 | ---- | C] () -- C:\Windows\System32\LFTIF60N.DLL
[1999.01.19 14:18:30 | 000,043,008 | ---- | C] () -- C:\Windows\System32\LTFIL60N.DLL
[1999.01.19 14:18:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\LFPSD60N.DLL
[1999.01.19 14:18:30 | 000,019,968 | ---- | C] () -- C:\Windows\System32\LFTGA60N.DLL
[1999.01.19 14:18:30 | 000,019,456 | ---- | C] () -- C:\Windows\System32\LFWPG60N.DLL
[1999.01.19 14:18:30 | 000,019,456 | ---- | C] () -- C:\Windows\System32\LFWMF60N.DLL
[1999.01.19 14:18:28 | 000,176,128 | ---- | C] () -- C:\Windows\System32\LFFAX60N.DLL
[1999.01.19 14:18:28 | 000,141,824 | ---- | C] () -- C:\Windows\System32\LFCMP60N.DLL
[1999.01.19 14:18:28 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LFPCX60N.DLL
[1999.01.19 14:18:28 | 000,022,528 | ---- | C] () -- C:\Windows\System32\LFPCT60N.DLL
[1999.01.19 14:18:28 | 000,022,528 | ---- | C] () -- C:\Windows\System32\LFEPS60N.DLL
[1999.01.19 14:18:28 | 000,022,016 | ---- | C] () -- C:\Windows\System32\LFBMP60N.DLL
[1999.01.19 14:18:28 | 000,018,432 | ---- | C] () -- C:\Windows\System32\LFMSP60N.DLL
[1999.01.19 14:18:28 | 000,017,920 | ---- | C] () -- C:\Windows\System32\LFMAC60N.DLL
[1998.05.07 13:10:16 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ODMA32.DLL
[1995.05.19 10:13:00 | 000,005,440 | ---- | C] () -- C:\Windows\System32\WINDVS16.DLL
[1995.02.14 23:11:00 | 000,017,920 | ---- | C] () -- C:\Windows\System32\IMPLODE.DLL
 
========== LOP Check ==========
 
[2009.05.25 22:00:57 | 000,000,000 | ---D | M] -- D:\Benutzer\Administrator\AppData\Roaming\TuneUp Software
[2011.07.21 14:19:41 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DATEV
[2010.05.13 13:14:32 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DMS
[2009.02.01 13:50:16 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\KeePass
[2009.06.24 07:56:49 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\MGS
[2009.02.08 14:01:44 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Notepad++
[2009.10.21 07:36:38 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH
[2009.11.20 10:17:38 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\phonostar-Player
[2008.12.20 12:54:12 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\T-Online
[2008.12.29 16:14:42 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\TuneUp Software
[2009.11.03 15:28:27 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\Analyzer
[2011.07.08 08:03:19 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\Avery
[2012.02.07 09:02:16 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\BelegCache
[2010.05.13 18:04:58 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\DATEV
[2011.08.12 10:15:25 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\DatevScan
[2010.05.13 19:28:30 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\DMS
[2011.08.05 09:43:15 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\DokOrg
[2012.02.13 07:59:23 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\Dropbox
[2011.01.02 13:55:49 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\Free Download Manager
[2010.11.07 22:00:11 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\GeoSetter
[2009.02.01 22:41:38 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\KeePass
[2010.05.14 07:19:44 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\linkundlink
[2011.03.24 08:21:19 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\MGS
[2009.10.06 19:26:50 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\Mp3tag
[2009.12.15 15:08:17 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\Notepad++
[2009.10.21 14:53:36 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\phonostar GmbH
[2009.11.19 07:38:45 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\phonostar-Player
[2008.12.20 12:14:40 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\T-Online
[2009.05.21 19:29:57 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\Ulead Systems
[2012.02.12 22:29:13 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.02.13 10:23:01 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7B350D1C-3775-4BB6-855B-FA96CDF39FC4}.job
[2012.02.01 09:00:00 | 000,000,942 | ---- | M] () -- C:\Windows\Tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_FIBU.job
[2012.02.01 09:00:00 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_Lansche.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.12.25 18:07:00 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Adobe
[2009.05.22 16:09:45 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Ahead
[2009.09.13 12:26:18 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Apple Computer
[2011.07.21 14:19:41 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DATEV
[2010.10.06 20:17:09 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DivX
[2010.05.13 13:14:32 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DMS
[2008.12.31 12:36:21 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Google
[2009.05.18 19:35:41 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Help
[2008.12.20 12:32:22 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Identities
[2010.07.26 11:12:22 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\InstallShield
[2009.02.01 13:50:16 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\KeePass
[2009.05.22 09:15:59 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Logitech
[2008.12.23 13:51:17 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Macromedia
[2012.02.11 19:42:31 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Malwarebytes
[2011.07.01 12:53:27 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\McAfee
[2009.06.24 07:56:49 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\MGS
[2011.03.24 15:16:46 | 000,000,000 | --SD | M] -- D:\Benutzer\Chef\AppData\Roaming\Microsoft
[2009.02.01 13:57:41 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Mozilla
[2009.02.08 14:01:44 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Notepad++
[2009.10.21 07:36:38 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH
[2009.11.20 10:17:38 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\phonostar-Player
[2008.12.20 12:54:12 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\T-Online
[2008.12.29 16:14:42 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\TuneUp Software
 
< %APPDATA%\*.exe /s >
[2008.12.25 17:36:29 | 000,025,214 | R--- | M] () -- D:\Benutzer\Chef\AppData\Roaming\Microsoft\Installer\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}\_52312b2a.exe
[2011.07.27 16:32:14 | 012,727,952 | ---- | M] (                                                            ) -- D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH\phonostar-Player\update.exe
[1 D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH\phonostar-Player\*.tmp files -> D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH\phonostar-Player\*.tmp -> ]
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.11.27 22:02:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.11.27 22:02:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.11.27 22:02:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.03.05 10:25:58 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=5DC962B15A2057814728D2BDE118BE07 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 5.1 HD\Core\EventLog\EventLog.dll
[2010.03.05 10:25:58 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=5DC962B15A2057814728D2BDE118BE07 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 5.1 HD\Core\Spec\AVCHD\BDCore\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.11.27 21:49:57 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.11.27 21:49:57 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         

Gruß
Angela

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O2 - BHO: (no name) - {557F4852-8868-44dd-B5E9-9890AC4B1FD5} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [GGAopsUxiAA.exe] C:\ProgramData\GGAopsUxiAA.exe File not found
O4 - Startup: D:\Benutzer\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O4 - Startup: D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CD-MENU.LNK =  File not found
O4 - Startup: D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VIWAS - USB Scanner.url ()
O4 - Startup: D:\Benutzer\Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Commands
[emptytemp]
[resethosts]
         

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Guten Morgen!

Beim ersten Durchlauf hat sich OTL aufgehängt. Log vom zweiten Durchlauf nach Neustart:

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{557F4852-8868-44dd-B5E9-9890AC4B1FD5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{557F4852-8868-44dd-B5E9-9890AC4B1FD5}\ not found.
Registry value HKEY_USERS\S-1-5-21-3145037949-670496425-2720176754-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3145037949-670496425-2720176754-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3145037949-670496425-2720176754-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-3145037949-670496425-2720176754-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-3145037949-670496425-2720176754-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3145037949-670496425-2720176754-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
Registry value HKEY_USERS\S-1-5-21-3145037949-670496425-2720176754-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GGAopsUxiAA.exe not found.
File move failed. D:\Benutzer\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk scheduled to be moved on reboot.
File move failed. D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CD-MENU.LNK scheduled to be moved on reboot.
File D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VIWAS - USB Scanner.url not found.
File move failed. D:\Benutzer\Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk scheduled to be moved on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Chef
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Didi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: XXX
->Temp folder emptied: 33109 bytes
->Temporary Internet Files folder emptied: 38253 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19164516 bytes
->Flash cache emptied: 456 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8522130 bytes
RecycleBin emptied: 19421769 bytes
 
Total Files Cleaned = 45,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02142012_084549

Files\Folders moved on Reboot...
File\Folder D:\Benutzer\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk not found!
File\Folder D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CD-MENU.LNK not found!
File\Folder D:\Benutzer\Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk not found!
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Gruß
Angela

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop.

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

ComboFix ist problemlos durchgelaufen und - oh Wunder - meine schöne Schnellstartleiste und das Startmenü waren wieder wie vorher. Leider haben sich keine Anwendungen aufrufen lassen und ich habe einen Neustart durchgeführt. Jetzt ist die Schnellstartleiste und das Startmenü wieder weg :-(

ComboFix.txt:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-02-13.01 - Chef 14.02.2012  11:28:05.1.4 - x86
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.49.1031.18.3327.1780 [GMT 1:00]
ausgeführt von:: d:\benutzer\XXX\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
d:\benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
d:\benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
d:\benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-14 bis 2012-02-14  ))))))))))))))))))))))))))))))
.
.
2012-02-14 10:35 . 2012-02-14 10:35	--------	d-----w-	d:\benutzer\Chef\AppData\Local\temp
2012-02-12 15:36 . 2012-02-12 15:36	--------	d-----w-	c:\program files\ESET
2012-02-11 20:50 . 2012-02-11 20:50	--------	d-----w-	d:\benutzer\XXX\AppData\Roaming\Malwarebytes
2012-02-11 18:42 . 2012-02-11 18:42	--------	d-----w-	d:\benutzer\Chef\AppData\Roaming\Malwarebytes
2012-02-11 18:42 . 2012-02-11 18:42	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-11 18:42 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-11 18:42 . 2012-02-11 18:42	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-11 17:59 . 2012-02-11 17:59	14664	----a-w-	c:\windows\stinger.sys
2012-02-11 17:40 . 2012-02-11 18:14	--------	d-----w-	c:\program files\stinger
2012-02-11 16:11 . 2012-02-13 17:54	--------	d-----w-	C:\Quarantäne
2012-02-01 17:52 . 2010-08-25 19:07	23864	----a-w-	c:\program files\Mozilla Firefox\components\Scriptff.dll
2012-02-01 17:52 . 2012-02-11 17:40	87656	----a-w-	c:\windows\system32\drivers\mferkdet.sys
2012-02-01 17:52 . 2010-08-25 19:07	91896	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2012-02-01 17:52 . 2010-08-25 19:07	76024	----a-w-	c:\windows\system32\drivers\mfeapfk.sys
2012-02-01 17:52 . 2010-08-25 19:07	43192	----a-w-	c:\windows\system32\drivers\mfebopk.sys
2012-02-01 17:52 . 2012-02-11 17:40	475704	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2012-02-01 17:52 . 2012-02-11 17:40	159608	----a-w-	c:\windows\system32\mfevtps.exe
2012-02-01 17:52 . 2010-08-25 19:07	64208	----a-w-	c:\windows\system32\drivers\mfetdik.sys
2012-02-01 17:51 . 2012-02-01 17:52	--------	d-----w-	c:\programdata\McAfee
2012-02-01 17:51 . 2012-02-01 17:52	--------	d-----w-	c:\program files\McAfee
2012-01-31 06:22 . 2011-11-17 06:48	440192	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-31 06:22 . 2011-11-16 16:23	278528	----a-w-	c:\windows\system32\schannel.dll
2012-01-31 06:22 . 2011-11-16 16:21	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-31 06:22 . 2011-11-16 16:23	377344	----a-w-	c:\windows\system32\winhttp.dll
2012-01-31 06:22 . 2011-11-16 16:23	72704	----a-w-	c:\windows\system32\secur32.dll
2012-01-31 06:22 . 2011-11-16 14:12	9728	----a-w-	c:\windows\system32\lsass.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-01 09:38 . 2011-05-15 15:34	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 09:19 . 2011-11-28 09:19	467968	------w-	c:\windows\system32\rsct_ot.ocx
2011-11-25 15:59 . 2012-01-11 12:37	376320	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-15 07:13	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 20:23 . 2012-01-11 12:37	1205064	----a-w-	c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-11 12:37	66560	----a-w-	c:\windows\system32\packager.dll
2011-04-21 14:33 . 2011-10-19 14:23	2897408	----a-w-	c:\program files\EPortoInstaller2010_v2.1.msi
2011-04-21 14:33 . 2011-10-19 14:23	436736	----a-w-	c:\program files\setup.exe
2012-01-29 16:12 . 2011-03-25 12:57	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-25 19:07 . 2012-02-01 17:52	23864	----a-w-	c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EF6B546-25FB-455B-801F-FDB3B3D39F9E}]
2011-06-01 08:05	611936	------w-	f:\datev\PROGRAMM\B0000397\DtvIePwdSafe.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"DFÜ-Sammler"="f:\datev\PROGRAMM\RZKOMM\ccsrv2.exe" [2011-11-04 143360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-06 39408]
"Datev.Arbeitsplatz.Scheduler.exe"="f:\datev\PROGRAMM\K0005000\Datev.Arbeitsplatz.Scheduler.exe" [2011-09-19 34816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-21 2622296]
"ScreenManager Pro for LCD"="c:\program files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2007-04-20 10913320]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-19 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-19 13531680]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-21 911168]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-10-27 365560]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"adm_tray.exe"="c:\program files\Acronis\DriveMonitor\adm_tray.exe" [2010-06-04 533808]
"Dell MFP Color Laser Printer 3115cn Launcher"="c:\program files\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe" [2006-12-23 635800]
"SiPaHost"="f:\datev\PROGRAMM\B0000398\SiPaHost.exe" [2011-05-09 595552]
"DVCCSAWTSSetEntryNTE"="f:\datev\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe" [2011-06-28 549472]
"DATEV_SCardMan"="f:\datev\PROGRAMM\B0000347\ScMgmt\ScardManager.exe" [2010-09-22 368736]
"DATEV Update-Monitor"="f:\datev\PROGRAMM\Install\DvInesASDMon.exe" [2011-07-25 269920]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-25 124224]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
.
d:\benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DATEV Arbeitsplatz.lnk - f:\datev\PROGRAMM\K0005000\Arbeitsplatz.exe [2011-9-19 505856]
Dropbox.lnk - d:\benutzer\Chef\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe [2010-3-22 1540096]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Basisschnittstelle Office SR V.5.02 Initialisierung.lnk - f:\datev\PROGRAMM\BSOffice\service\OfficeDiag.exe [2011-11-2 38496]
DATEV-Hinweis Mitteilungsdienst.lnk - f:\datev\PROGRAMM\A0000007\DHNC.exe [2009-5-27 45056]
DFÜ-Manager.lnk - f:\datev\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe [2011-11-4 356412]
Lizenz-Manager Server.lnk - f:\datev\PROGRAMM\Sws\LiMaServer.exe [2010-11-26 378976]
RZ-Druckertreiber V.2.3.lnk - f:\datev\SYSTEM\rzpjwtch.exe [2008-6-18 36448]
SkyUserDevmode-Update.lnk - f:\datev\PROGRAMM\B0001401\UpdateDevmode.exe [2011-7-29 27744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hardcopy.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
backup=c:\windows\pss\Hardcopy.LNK.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.1 HD Edition.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.1 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 5.1 HD Edition.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\D:^Benutzer^Chef^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
path=d:\benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 06:51	59240	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 10:13	152872	----a-w-	c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLPSP]
2006-12-07 15:52	340888	----a-w-	c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 16:22	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass Password Safe]
2009-12-04 11:44	773120	----a-w-	c:\program files\KeePass Password Safe\KeePass.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 07:27	570664	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostarTimer]
2011-12-23 14:28	41472	----a-w-	c:\program files\phonostar-Player\phonostarTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STAMPIT-Tray]
2008-07-09 15:22	83248	----a-w-	c:\program files\STAMPIT\Binary\STRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15	15872	----a-w-	c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-25 08:06]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 20:58]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 20:58]
.
2012-02-14 c:\windows\Tasks\User_Feed_Synchronization-{7B350D1C-3775-4BB6-855B-FA96CDF39FC4}.job
- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]
.
2012-02-01 c:\windows\Tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_FIBU.job
- f:\datev\PROGRAMM\WPACL\WPACLTask.exe [2011-12-21 08:58]
.
2012-02-01 c:\windows\Tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_Lansche.job
- f:\datev\PROGRAMM\WPACL\WPACLTask.exe [2011-12-21 08:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.datev.de/
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: adac.de\www
Trusted Zone: dell.com\support.euro
Trusted Zone: deutschepost.de\stampitweb
Trusted Zone: localhost
Trusted Zone: t-online.de\email
Trusted Zone: top20free.de\www
TCP: DhcpNameServer = 192.168.123.1
FF - ProfilePath - d:\benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM_ActiveSetup-{ADD9AEE8-B916-4CD6-A04B-9386DF90D594} - msiexec
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-14 11:35
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msftesql$DATEV_CL_DE01]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe\" -s:MSSQL.4 -f:DATEV_CL_DE01"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msftesql$DATEV_SV_DE01]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:DATEV_SV_DE01"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(856)
c:\windows\system32\relog_ap.dll
.
Zeit der Fertigstellung: 2012-02-14  11:38:30
ComboFix-quarantined-files.txt  2012-02-14 10:38
.
Vor Suchlauf: 16 Verzeichnis(se), 84.418.355.200 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 84.008.583.168 Bytes frei
.
- - End Of File - - F6C1F522DDD905C1932D3EE64CE0A208
         

Gruß
Angela

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe - (aswMBR.exe Anleitung)
  Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
  Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS-Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Also hier nun die logs im Anhang.

aswMBR habe ich zweimal laufen lassen, ist leider jedesmal abgestürzt.

Gruß
Angela

Die Logs bitte in CODE-Tags posten!!

Sorry aber da bekomme ich leider eine Fehlermeldung, dass es zuviele Zeichen sind :-(

Gruß
Angela

Neuer Versuch

OSAM

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:00:34 on 14.02.2012

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_FIBU.job" - "DATEV eG" - F:\DATEV\PROGRAMM\WPACL\WPACLTask.exe
"WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_Lansche.job" - "DATEV eG" - F:\DATEV\PROGRAMM\WPACL\WPACLTask.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\Windows\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\Windows\System32\DRIVERS\tifsfilt.sys
"Acronis Try&Decide and Restore Points filter" (tdrpman) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpman.sys
"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys
"catchme" (catchme) - ? - D:\Benutzer\Chef\AppData\Local\Temp\catchme.sys  (File not found)
"dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\System32\Drivers\dsltestSp5.sys
"hotcore3" (hotcore3) - "Paragon Software Group" - C:\Windows\System32\drivers\hotcore3.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"McAfee Inc. mfeapfk" (mfeapfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeapfk.sys
"McAfee Inc. mfeavfk" (mfeavfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeavfk.sys
"McAfee Inc. mfebopk" (mfebopk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfebopk.sys
"McAfee Inc. mfehidk" (mfehidk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfehidk.sys
"McAfee Inc. mferkdet" (mferkdet) - "McAfee, Inc." - C:\Windows\System32\drivers\mferkdet.sys
"McAfee Inc. mfetdik" (mfetdik) - "McAfee, Inc." - C:\Windows\System32\drivers\mfetdik.sys
"Motorola USB Modem Driver for MPT" (usbsermpt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbsermpt.sys
"SC_Serv3D" (SC_Serv3D) - "Datev eG" - C:\Windows\system32\drivers\d3_kafm.sys
"T-Online Dialerschutz VoIP Service" (SipIMNDI) - ? - C:\Windows\System32\DRIVERS\SipIMNDI.sys  (File not found)
"uxddqpod" (uxddqpod) - ? - D:\Benutzer\Chef\AppData\Local\Temp\uxddqpod.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{ED8B52AD-6EBA-4FF3-9986-4BF976173E24} "TiffMerge.Handler" - "DATEV e.G." - F:\DATEV\PROGRAMM\BEVI\TiffMerge.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\Windows\System32\uxtuneup.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
DATEV Dokumenentenschutz shell extension "{006FA56D-E213-4bd7-A9D5-635C17CACBF6}" - ? -   (File not found | COM-object registry key not found)
GERVA shell ext "{942C058F-DE1C-40f7-A845-E79AA8F4C1DD}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension )-----
"Location" - "LINK & LINK Software" - C:\Program Files\Mozilla Firefox\Plugins\npideapl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{6EF6B546-25FB-455B-801F-FDB3B3D39F9E} "DtvIePwdSafeBHO Class" - "DATEV eG" - F:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
{AF8CD625-E04A-4A8F-A90A-0C74846C2E30} "SCardBHOEvent Class" - "DATEV eG" - F:\DATEV\SYSTEM\DVCCSAScardBHO002.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Acronis" - C:\Windows\system32\relog_ap.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Basisschnittstelle Office SR V.5.02 Initialisierung.lnk" - "DATEV eG" - F:\DATEV\PROGRAMM\BSOffice\service\OfficeDiag.exe  (Shortcut exists | File exists)
"DATEV-Hinweis Mitteilungsdienst.lnk" - ? - F:\DATEV\PROGRAMM\A0000007\DHNC.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"DFÜ-Manager.lnk" - "DATEV eG" - F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe  (Shortcut exists | File exists)
"Lizenz-Manager Server.lnk" - "DATEV eG" - F:\DATEV\PROGRAMM\Sws\LiMaServer.exe  (Shortcut exists | File exists)
"RZ-Druckertreiber V.2.3.lnk" - "DATEV eG" - F:\DATEV\SYSTEM\rzpjwtch.exe  (Shortcut exists | File exists)
"SkyUserDevmode-Update.lnk" - "DATEV eG" - F:\DATEV\PROGRAMM\B0001401\UpdateDevmode.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Datev.Arbeitsplatz.Scheduler.exe" - "DATEV eG" - F:\DATEV\PROGRAMM\K0005000\Datev.Arbeitsplatz.Scheduler.exe
"DFÜ-Sammler" - ? - F:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe /SammlerEin /Delay 30  (File found, but it contains no detailed information)
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
"adm_tray.exe" - "Acronis" - C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
"DATEV Update-Monitor" - "DATEV eG" - "F:\DATEV\PROGRAMM\Install\DvInesASDMon.exe"
"DATEV_SCardMan" - "DATEV eG" - F:\DATEV\PROGRAMM\B0000347\ScMgmt\ScardManager.exe
"Dell MFP Color Laser Printer 3115cn Launcher" - "Dell Inc." - "C:\Program Files\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe"  /s
"DVCCSAWTSSetEntryNTE" - "DATEV eG" - F:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe
"McAfeeUpdaterUI" - "McAfee, Inc." - "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
"ScreenManager Pro for LCD" - "EIZO NANAO CORPORATION" - C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
"ShStatEXE" - "McAfee, Inc." - "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
"SiPaHost" - "DATEV eG" - F:\DATEV\PROGRAMM\B0000398\SiPaHost.exe F:\DATEV\KONFIG\B0000398
"TrueImageMonitor.exe" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"SkyPDF_Pro Port Monitor" - ? - C:\Windows\system32\skypdfmonpro.dll  (File found, but it contains no detailed information)
"Status Monitor Language Monitor for Dell MFP Laser 3115cn" - "Dell Inc." - C:\Windows\system32\DLXBAZIL.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\Windows\System32\TuneUpDefragService.exe
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software GmbH" - C:\Windows\System32\uxtuneup.dll
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
"Acronis Try And Decide Service" (TryAndDecideService) - ? - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe  (File found, but it contains no detailed information)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\Windows\System32\bgsvcgen.exe
"DATEV Connection Service" (Datev.Database.Conserve) - "DATEV eG" - F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
"DATEV DFL Infrastruktur-Dienst" (Datev.Framework.RemoteServices) - "DATEV eG" - F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
"DATEV DFL-Service-Manager" (Datev.Framework.RemoteServiceModel.EnablerService) - "DATEV eG" - F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
"DATEV DFÜ-Erweiterung-Zugriffssteuerung" (DVDFUEavmnwapi) - ? - "F:\DATEV\PROGRAMM\B0000303\EXTRANET\DVDFUEavmnwapi.exe"  (File not found)
"DATEV DFÜ-System Dienst" (Dcmanag) - "DATEV eG" - F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
"DATEV Druckservice" (DatevPrintService) - "DATEV eG" - F:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE
"DATEV Logon Service" (DATEV Logon Service) - "DATEV e.G." - F:\DATEV\PROGRAMM\B0001364\DtvScSer.exe
"DATEV Messaging-Service" (Datev.Framework.RemoteServices.Messaging.CentralMessagingService) - "DATEV eG" - F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
"DATEV SmartCard Service" (SCardService) - "DATEV eG" - F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe
"DATEV Update-Service" (DATEV Update-Service) - "DATEV eG" - F:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe
"DATEV ViwasClientService" (DATEV ViwasClientService) - "DATEV eG" - F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
"DVckService" (DVckService) - "DATEV eG" - F:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
"McAfee Engine Service" (McAfeeEngineService) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
"McAfee Framework-Dienst" (McAfeeFramework) - "McAfee, Inc." - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
"McAfee McShield" (McShield) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
"McAfee Task Manager" (McTaskManager) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
"McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Windows\system32\mfevtps.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Netzmanager Infrastruktur Informationssystem Dienst" (Netzmanager Service) - "Deutsche Telekom AG" - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"Sicherheitspaket-Dienst" (Sicherheitspaket-Dienst) - "Datev eG" - F:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
"SQL Server (DATEV_CL_DE01)" (MSSQL$DATEV_CL_DE01) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
"SQL Server (DATEV_SV_DE01)" (MSSQL$DATEV_SV_DE01) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Volltextsuche (DATEV_CL_DE01)" (msftesql$DATEV_CL_DE01) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe
"SQL Server-Volltextsuche (DATEV_SV_DE01)" (msftesql$DATEV_SV_DE01) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

GMER geht beim besten Willen nicht.

"Der Text, den Sie eingegeben haben, besteht aus 216319 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 100000 Zeichen.
Logs bitte als Archiv an den Beitrag anhängen!"

Gruß
Angela