hallo, mein computer mit "win xp pro" hat sich mit dem bundespolizei trojaner infiziert. wenn ich im abgesicherten modus hochfahren möchte, kommt er nur bis zum anzeigen von systemdateien und startet dann neu!
hoffentlich könnt ihr mir helfen.

gruß Benjamin

hi,
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.

• Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
• Lege eine leere CD in Deinen Brenner.
• ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
• Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
• Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan

• Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
• Mache einen Doppelklick auf das OTLPE Icon.
• Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
• Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
• OTLpe sollte nun starten.
• Drücke Run Scan, um den Scan zu starten.
• Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
• Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
• Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

hier nun die logfile und
vielen dank schon mal im vorraus!

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 3/28/2012 5:21:03 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
447.00 Mb Total Physical Memory | 246.00 Mb Available Physical Memory | 55.00% Memory free
363.00 Mb Paging File | 271.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19.53 Gb Total Space | 4.59 Gb Free Space | 23.52% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 1.41 Gb Free Space | 2.40% Space Free | Partition Type: NTFS
Drive E: | 70.91 Gb Total Space | 6.51 Gb Free Space | 9.18% Space Free | Partition Type: NTFS
Drive F: | 1.93 Gb Total Space | 0.02 Gb Free Space | 0.79% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/12/15 09:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/15 09:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2007/08/03 07:51:18 | 000,382,248 | ---- | M] (Nero AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (TotRec8)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (hwdatacard)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2012/02/17 14:25:23 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/12/15 10:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/15 10:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 09:19:50 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/06/17 09:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/21 07:16:17 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/04 11:13:36 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/12/06 11:11:18 | 000,035,328 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfsync03.sys -- (sfsync03) StarForce Protection Synchronization Driver (version 3.x)
DRV - [2005/08/10 08:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 09:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2001/08/17 07:19:58 | 000,072,192 | ---- | M] (ESS Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\es1969.sys -- (es1969) ESS 1969-Audiotreiber (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://search.orbitdownloader.com [binary data]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.709: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: d:\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/12 13:46:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\10017 [2012/03/16 19:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012/02/17 14:24:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012/01/29 08:02:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\10017 [2012/03/16 19:34:32 | 000,000,000 | ---D | M]
 
[2009/10/18 08:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions
[2012/01/22 07:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\l4gqb0ib.default\extensions
[2010/04/28 05:20:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\l4gqb0ib.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
File not found (No name found) -- 
 
O1 HOSTS File: ([2004/11/11 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [gema] C:\WINDOWS\system32\gema.exe (WnZd)
O4 - HKLM..\Run: [gema.] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe (WnZd)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz]  File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Update] C:\WINDOWS\system32\0.8768173204689121h7i.exe ()
O4 - HKU\Administrator_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Administrator_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe (WnZd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/C/A/7/CA7D2024-EA89-4F15-908C-DA65C1666614/msaud.CAB (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255898992250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe (WnZd)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\gema.exe) - C:\WINDOWS\system32\gema.exe (WnZd)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe (WnZd)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/18 07:32:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3ee80c58-c0bf-11de-a8fc-805f1a02f4d0}\Shell - "" = AutoRun
O33 - MountPoints2\{3ee80c58-c0bf-11de-a8fc-805f1a02f4d0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ee80c58-c0bf-11de-a8fc-805f1a02f4d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3ee80c59-c0bf-11de-a8fc-805f1a02f4d0}\Shell - "" = AutoRun
O33 - MountPoints2\{3ee80c59-c0bf-11de-a8fc-805f1a02f4d0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ee80c59-c0bf-11de-a8fc-805f1a02f4d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78e35e8d-bbda-11de-a8ea-91666807d3ae}\Shell - "" = AutoRun
O33 - MountPoints2\{78e35e8d-bbda-11de-a8ea-91666807d3ae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78e35e8d-bbda-11de-a8ea-91666807d3ae}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78e35e91-bbda-11de-a8ea-91666807d3ae}\Shell - "" = AutoRun
O33 - MountPoints2\{78e35e91-bbda-11de-a8ea-91666807d3ae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78e35e91-bbda-11de-a8ea-91666807d3ae}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8e23cdd8-bbe3-11de-a8eb-aa379b80dba4}\Shell - "" = AutoRun
O33 - MountPoints2\{8e23cdd8-bbe3-11de-a8eb-aa379b80dba4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e23cdd8-bbe3-11de-a8eb-aa379b80dba4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8e23cdd9-bbe3-11de-a8eb-aa379b80dba4}\Shell - "" = AutoRun
O33 - MountPoints2\{8e23cdd9-bbe3-11de-a8eb-aa379b80dba4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e23cdd9-bbe3-11de-a8eb-aa379b80dba4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a04fda44-bd67-11de-a8f6-d6b7760417d1}\Shell - "" = AutoRun
O33 - MountPoints2\{a04fda44-bd67-11de-a8f6-d6b7760417d1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a04fda44-bd67-11de-a8f6-d6b7760417d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{bfe3e8ba-bf0a-11de-a8f9-afe511e539d0}\Shell - "" = AutoRun
O33 - MountPoints2\{bfe3e8ba-bf0a-11de-a8f9-afe511e539d0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bfe3e8ba-bf0a-11de-a8f9-afe511e539d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{bfe3e8bd-bf0a-11de-a8f9-afe511e539d0}\Shell - "" = AutoRun
O33 - MountPoints2\{bfe3e8bd-bf0a-11de-a8f9-afe511e539d0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bfe3e8bd-bf0a-11de-a8f9-afe511e539d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ff142a24-be4a-11de-a8f8-a4c8bddb3ad1}\Shell - "" = AutoRun
O33 - MountPoints2\{ff142a24-be4a-11de-a8f8-a4c8bddb3ad1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff142a24-be4a-11de-a8f8-a4c8bddb3ad1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ff142a25-be4a-11de-a8f8-a4c8bddb3ad1}\Shell - "" = AutoRun
O33 - MountPoints2\{ff142a25-be4a-11de-a8f8-a4c8bddb3ad1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff142a25-be4a-11de-a8f8-a4c8bddb3ad1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/19 09:29:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema
[2012/03/19 09:29:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema
[2012/03/19 09:29:24 | 000,274,432 | ---- | C] (WnZd) -- C:\WINDOWS\System32\gema.exe
[2012/03/18 19:03:02 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2012/03/16 19:34:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10017
[2012/03/14 18:22:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2012/03/14 15:07:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10016
[2012/03/14 15:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2012/03/14 15:07:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[2012/03/11 17:12:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
[2012/02/29 16:45:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/28 09:11:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/23 17:56:14 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-484763869-1677128483-682003330-500.job
[2012/03/23 17:56:11 | 000,254,497 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/03/23 17:55:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/19 09:29:15 | 000,274,432 | ---- | M] (WnZd) -- C:\WINDOWS\System32\gema.exe
[2012/03/19 09:29:15 | 000,156,672 | ---- | M] () -- C:\WINDOWS\System32\0.8768173204689121h7i.exe
[2012/03/17 12:21:26 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
[2012/03/15 16:27:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/15 10:57:41 | 000,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 10:38:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/14 18:23:49 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-1677128483-682003330-500.job
[2012/03/07 18:08:29 | 000,000,668 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/03 11:45:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/03/19 09:29:23 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\0.8768173204689121h7i.exe
[2012/03/14 15:07:48 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
[2012/03/07 18:08:29 | 000,000,668 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/29 14:10:36 | 000,000,579 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2011/08/06 15:07:51 | 000,000,532 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/01/25 18:49:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/14 07:16:56 | 000,002,121 | ---- | C] () -- C:\WINDOWS\gsb2010.ini
[2010/06/09 11:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/22 07:39:02 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/11/25 08:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/20 15:40:19 | 000,013,824 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/18 10:00:29 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/18 08:53:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/18 08:20:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/18 08:17:35 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/18 07:35:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/18 07:30:08 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/27 10:12:22 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/12/09 11:23:13 | 000,053,752 | RHS- | C] () -- C:\WINDOWS\System32\appconf32.exe
[2004/11/11 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/11/11 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/11/11 08:00:00 | 000,448,892 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/11/11 08:00:00 | 000,432,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/11/11 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/11/11 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/11/11 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/11/11 08:00:00 | 000,080,332 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/11/11 08:00:00 | 000,067,734 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/11/11 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/11/11 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/11/11 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/11/11 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/11/11 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/11 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/11/11 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010/06/11 17:26:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Crayon Physics Deluxe
[2010/04/21 07:43:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite
[2010/04/21 07:12:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Pro
[2010/03/26 08:51:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Engelmann Media
[2012/03/19 09:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema
[2010/03/02 07:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GrabPro
[2009/10/18 07:48:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kontragramme
[2010/03/27 21:14:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NCH Swift Sound
[2010/03/12 13:36:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Orbit
[2010/03/07 07:40:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\streamripper
[2010/03/02 09:50:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TheLastRipper
[2010/06/12 07:45:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\uTorrent
[2010/04/26 08:30:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy
[2010/04/22 08:09:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Age of Empires 3
[2010/04/21 07:15:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010/04/21 07:12:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2010/03/07 07:52:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATA BECKER Downloads
[2010/11/23 11:54:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2012/03/19 09:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema
[2010/04/21 15:28:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster
[2010/03/27 21:17:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2010/03/25 11:10:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2010/03/27 21:13:59 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\expressripSevenDays.job
[2010/03/27 21:13:59 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\expressripShakeIcon.job
[2010/03/27 21:22:34 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2010/03/30 17:19:13 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009/10/18 07:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012/02/05 09:40:52 | 000,000,000 | ---D | M] -- C:\downloads
[2012/02/11 07:53:24 | 000,000,000 | ---D | M] -- C:\Netgear
[2012/02/06 11:34:50 | 000,000,000 | R--D | M] -- C:\Programme
[2009/10/18 07:40:12 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011/10/29 14:38:50 | 000,000,000 | ---D | M] -- C:\SIERRA
[2012/02/06 11:43:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/03/17 12:19:14 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2012/02/12 06:13:41 | 000,000,000 | ---D | M] -- C:\Worms Reloaded
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004/11/11 08:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/03/04 12:27:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/03/04 12:27:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004/11/11 08:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/03/04 12:27:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/03/04 12:27:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/11/11 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/11/11 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004/11/11 08:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/11/11 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/11/11 08:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004/11/11 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/11/11 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/11/11 08:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004/11/11 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004/11/11 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009/10/18 09:16:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/10/18 09:16:55 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/10/18 09:16:55 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2011/12/18 09:43:24 | 011,082,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2011/12/17 15:43:23 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 10:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
         

--- --- ---

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O4 - HKLM..\Run: [gema] C:\WINDOWS\system32\gema.exe (WnZd)
O4 - HKLM..\Run: [gema.] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe (WnZd)
O4 - HKLM..\Run: [Update] C:\WINDOWS\system32\0.8768173204689121h7i.exe ()
O4 - HKU\Administrator_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe (WnZd)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe
(WnZd)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\gema.exe) - C:\WINDOWS\system32\gema.exe (WnZd)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe
(WnZd)
[2008/12/09 11:23:13 | 000,053,752 | RHS- | C] () -- C:\WINDOWS\System32\appconf32.exe
[2012/03/16 19:34:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10017
[2012/03/14 18:22:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2012/03/14 15:07:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10016
[2012/03/14 15:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2012/03/14 15:07:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
:Files
C:\WINDOWS\system32\gema.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema
C:\WINDOWS\system32\0.8768173204689121h7i.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.


falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die + E Taste.

• Öffne dein Systemlaufwerk ( meistens C: )
• Suche nun
  folgenden Ordner: _OTL und öffne diesen.
• Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
• 
  Dies wird eine Movedfiles.zip Datei in _OTL erstellen
• Lade diese bitte in unseren Uploadchannel
  hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 3/28/2012 5:21:03 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
447.00 Mb Total Physical Memory | 246.00 Mb Available Physical Memory | 55.00% Memory free
363.00 Mb Paging File | 271.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19.53 Gb Total Space | 4.59 Gb Free Space | 23.52% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 1.41 Gb Free Space | 2.40% Space Free | Partition Type: NTFS
Drive E: | 70.91 Gb Total Space | 6.51 Gb Free Space | 9.18% Space Free | Partition Type: NTFS
Drive F: | 1.93 Gb Total Space | 0.02 Gb Free Space | 0.79% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/12/15 09:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/15 09:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2007/08/03 07:51:18 | 000,382,248 | ---- | M] (Nero AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (TotRec8)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (hwdatacard)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2012/02/17 14:25:23 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/12/15 10:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/15 10:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 09:19:50 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/06/17 09:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/21 07:16:17 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/04 11:13:36 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/12/06 11:11:18 | 000,035,328 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfsync03.sys -- (sfsync03) StarForce Protection Synchronization Driver (version 3.x)
DRV - [2005/08/10 08:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 09:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2001/08/17 07:19:58 | 000,072,192 | ---- | M] (ESS Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\es1969.sys -- (es1969) ESS 1969-Audiotreiber (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://search.orbitdownloader.com [binary data]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.709: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: d:\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/12 13:46:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\10017 [2012/03/16 19:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012/02/17 14:24:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012/01/29 08:02:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\10017 [2012/03/16 19:34:32 | 000,000,000 | ---D | M]
 
[2009/10/18 08:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions
[2012/01/22 07:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\l4gqb0ib.default\extensions
[2010/04/28 05:20:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\l4gqb0ib.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
File not found (No name found) -- 
 
O1 HOSTS File: ([2004/11/11 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [gema] C:\WINDOWS\system32\gema.exe (WnZd)
O4 - HKLM..\Run: [gema.] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe (WnZd)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz]  File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Update] C:\WINDOWS\system32\0.8768173204689121h7i.exe ()
O4 - HKU\Administrator_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Administrator_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe (WnZd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/C/A/7/CA7D2024-EA89-4F15-908C-DA65C1666614/msaud.CAB (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255898992250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe (WnZd)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\gema.exe) - C:\WINDOWS\system32\gema.exe (WnZd)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe (WnZd)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/18 07:32:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3ee80c58-c0bf-11de-a8fc-805f1a02f4d0}\Shell - "" = AutoRun
O33 - MountPoints2\{3ee80c58-c0bf-11de-a8fc-805f1a02f4d0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ee80c58-c0bf-11de-a8fc-805f1a02f4d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3ee80c59-c0bf-11de-a8fc-805f1a02f4d0}\Shell - "" = AutoRun
O33 - MountPoints2\{3ee80c59-c0bf-11de-a8fc-805f1a02f4d0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ee80c59-c0bf-11de-a8fc-805f1a02f4d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78e35e8d-bbda-11de-a8ea-91666807d3ae}\Shell - "" = AutoRun
O33 - MountPoints2\{78e35e8d-bbda-11de-a8ea-91666807d3ae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78e35e8d-bbda-11de-a8ea-91666807d3ae}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78e35e91-bbda-11de-a8ea-91666807d3ae}\Shell - "" = AutoRun
O33 - MountPoints2\{78e35e91-bbda-11de-a8ea-91666807d3ae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78e35e91-bbda-11de-a8ea-91666807d3ae}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8e23cdd8-bbe3-11de-a8eb-aa379b80dba4}\Shell - "" = AutoRun
O33 - MountPoints2\{8e23cdd8-bbe3-11de-a8eb-aa379b80dba4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e23cdd8-bbe3-11de-a8eb-aa379b80dba4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8e23cdd9-bbe3-11de-a8eb-aa379b80dba4}\Shell - "" = AutoRun
O33 - MountPoints2\{8e23cdd9-bbe3-11de-a8eb-aa379b80dba4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e23cdd9-bbe3-11de-a8eb-aa379b80dba4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a04fda44-bd67-11de-a8f6-d6b7760417d1}\Shell - "" = AutoRun
O33 - MountPoints2\{a04fda44-bd67-11de-a8f6-d6b7760417d1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a04fda44-bd67-11de-a8f6-d6b7760417d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{bfe3e8ba-bf0a-11de-a8f9-afe511e539d0}\Shell - "" = AutoRun
O33 - MountPoints2\{bfe3e8ba-bf0a-11de-a8f9-afe511e539d0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bfe3e8ba-bf0a-11de-a8f9-afe511e539d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{bfe3e8bd-bf0a-11de-a8f9-afe511e539d0}\Shell - "" = AutoRun
O33 - MountPoints2\{bfe3e8bd-bf0a-11de-a8f9-afe511e539d0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bfe3e8bd-bf0a-11de-a8f9-afe511e539d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ff142a24-be4a-11de-a8f8-a4c8bddb3ad1}\Shell - "" = AutoRun
O33 - MountPoints2\{ff142a24-be4a-11de-a8f8-a4c8bddb3ad1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff142a24-be4a-11de-a8f8-a4c8bddb3ad1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ff142a25-be4a-11de-a8f8-a4c8bddb3ad1}\Shell - "" = AutoRun
O33 - MountPoints2\{ff142a25-be4a-11de-a8f8-a4c8bddb3ad1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff142a25-be4a-11de-a8f8-a4c8bddb3ad1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/19 09:29:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema
[2012/03/19 09:29:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema
[2012/03/19 09:29:24 | 000,274,432 | ---- | C] (WnZd) -- C:\WINDOWS\System32\gema.exe
[2012/03/18 19:03:02 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2012/03/16 19:34:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10017
[2012/03/14 18:22:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2012/03/14 15:07:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10016
[2012/03/14 15:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2012/03/14 15:07:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[2012/03/11 17:12:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
[2012/02/29 16:45:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/28 09:11:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/23 17:56:14 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-484763869-1677128483-682003330-500.job
[2012/03/23 17:56:11 | 000,254,497 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/03/23 17:55:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/19 09:29:15 | 000,274,432 | ---- | M] (WnZd) -- C:\WINDOWS\System32\gema.exe
[2012/03/19 09:29:15 | 000,156,672 | ---- | M] () -- C:\WINDOWS\System32\0.8768173204689121h7i.exe
[2012/03/17 12:21:26 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
[2012/03/15 16:27:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/15 10:57:41 | 000,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 10:38:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/14 18:23:49 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-1677128483-682003330-500.job
[2012/03/07 18:08:29 | 000,000,668 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/03 11:45:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/03/19 09:29:23 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\0.8768173204689121h7i.exe
[2012/03/14 15:07:48 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
[2012/03/07 18:08:29 | 000,000,668 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/29 14:10:36 | 000,000,579 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2011/08/06 15:07:51 | 000,000,532 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/01/25 18:49:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/14 07:16:56 | 000,002,121 | ---- | C] () -- C:\WINDOWS\gsb2010.ini
[2010/06/09 11:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/22 07:39:02 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/11/25 08:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/20 15:40:19 | 000,013,824 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/18 10:00:29 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/18 08:53:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/18 08:20:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/18 08:17:35 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/18 07:35:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/18 07:30:08 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/27 10:12:22 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/12/09 11:23:13 | 000,053,752 | RHS- | C] () -- C:\WINDOWS\System32\appconf32.exe
[2004/11/11 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/11/11 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/11/11 08:00:00 | 000,448,892 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/11/11 08:00:00 | 000,432,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/11/11 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/11/11 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/11/11 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/11/11 08:00:00 | 000,080,332 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/11/11 08:00:00 | 000,067,734 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/11/11 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/11/11 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/11/11 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/11/11 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/11/11 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/11 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/11/11 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010/06/11 17:26:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Crayon Physics Deluxe
[2010/04/21 07:43:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite
[2010/04/21 07:12:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Pro
[2010/03/26 08:51:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Engelmann Media
[2012/03/19 09:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema
[2010/03/02 07:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GrabPro
[2009/10/18 07:48:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kontragramme
[2010/03/27 21:14:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NCH Swift Sound
[2010/03/12 13:36:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Orbit
[2010/03/07 07:40:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\streamripper
[2010/03/02 09:50:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TheLastRipper
[2010/06/12 07:45:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\uTorrent
[2010/04/26 08:30:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy
[2010/04/22 08:09:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Age of Empires 3
[2010/04/21 07:15:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010/04/21 07:12:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2010/03/07 07:52:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATA BECKER Downloads
[2010/11/23 11:54:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2012/03/19 09:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema
[2010/04/21 15:28:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster
[2010/03/27 21:17:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2010/03/25 11:10:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2010/03/27 21:13:59 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\expressripSevenDays.job
[2010/03/27 21:13:59 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\expressripShakeIcon.job
[2010/03/27 21:22:34 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2010/03/30 17:19:13 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009/10/18 07:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012/02/05 09:40:52 | 000,000,000 | ---D | M] -- C:\downloads
[2012/02/11 07:53:24 | 000,000,000 | ---D | M] -- C:\Netgear
[2012/02/06 11:34:50 | 000,000,000 | R--D | M] -- C:\Programme
[2009/10/18 07:40:12 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011/10/29 14:38:50 | 000,000,000 | ---D | M] -- C:\SIERRA
[2012/02/06 11:43:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/03/17 12:19:14 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2012/02/12 06:13:41 | 000,000,000 | ---D | M] -- C:\Worms Reloaded
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004/11/11 08:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/03/04 12:27:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/03/04 12:27:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004/11/11 08:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/03/04 12:27:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/03/04 12:27:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/11/11 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/11/11 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004/11/11 08:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/11/11 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/11/11 08:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004/11/11 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/11/11 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/11/11 08:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004/11/11 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004/11/11 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009/10/18 09:16:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/10/18 09:16:55 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/10/18 09:16:55 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2011/12/18 09:43:24 | 011,082,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2011/12/17 15:43:23 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 10:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
         

--- --- ---

beim herunterfahren vom neustart ist er abgestürzt und musste ihn reset'en, sonst scheint alles geklappt zu haben.
der upload war erfolgreich.
wars das nun? jedenfalls, vielen dank!

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 3/28/2012 5:21:03 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
447.00 Mb Total Physical Memory | 246.00 Mb Available Physical Memory | 55.00% Memory free
363.00 Mb Paging File | 271.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19.53 Gb Total Space | 4.59 Gb Free Space | 23.52% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 1.41 Gb Free Space | 2.40% Space Free | Partition Type: NTFS
Drive E: | 70.91 Gb Total Space | 6.51 Gb Free Space | 9.18% Space Free | Partition Type: NTFS
Drive F: | 1.93 Gb Total Space | 0.02 Gb Free Space | 0.79% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/12/15 09:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/15 09:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2007/08/03 07:51:18 | 000,382,248 | ---- | M] (Nero AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (TotRec8)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (hwdatacard)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2012/02/17 14:25:23 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/12/15 10:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/15 10:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 09:19:50 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/06/17 09:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/21 07:16:17 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/04 11:13:36 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/12/06 11:11:18 | 000,035,328 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfsync03.sys -- (sfsync03) StarForce Protection Synchronization Driver (version 3.x)
DRV - [2005/08/10 08:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 09:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2001/08/17 07:19:58 | 000,072,192 | ---- | M] (ESS Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\es1969.sys -- (es1969) ESS 1969-Audiotreiber (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://search.orbitdownloader.com [binary data]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.709: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: d:\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/12 13:46:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\10017 [2012/03/16 19:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012/02/17 14:24:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012/01/29 08:02:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\10017 [2012/03/16 19:34:32 | 000,000,000 | ---D | M]
 
[2009/10/18 08:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions
[2012/01/22 07:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\l4gqb0ib.default\extensions
[2010/04/28 05:20:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\l4gqb0ib.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
File not found (No name found) -- 
 
O1 HOSTS File: ([2004/11/11 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [gema] C:\WINDOWS\system32\gema.exe (WnZd)
O4 - HKLM..\Run: [gema.] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe (WnZd)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz]  File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Update] C:\WINDOWS\system32\0.8768173204689121h7i.exe ()
O4 - HKU\Administrator_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Administrator_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe (WnZd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/C/A/7/CA7D2024-EA89-4F15-908C-DA65C1666614/msaud.CAB (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255898992250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe (WnZd)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\gema.exe) - C:\WINDOWS\system32\gema.exe (WnZd)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe (WnZd)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/18 07:32:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3ee80c58-c0bf-11de-a8fc-805f1a02f4d0}\Shell - "" = AutoRun
O33 - MountPoints2\{3ee80c58-c0bf-11de-a8fc-805f1a02f4d0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ee80c58-c0bf-11de-a8fc-805f1a02f4d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3ee80c59-c0bf-11de-a8fc-805f1a02f4d0}\Shell - "" = AutoRun
O33 - MountPoints2\{3ee80c59-c0bf-11de-a8fc-805f1a02f4d0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ee80c59-c0bf-11de-a8fc-805f1a02f4d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78e35e8d-bbda-11de-a8ea-91666807d3ae}\Shell - "" = AutoRun
O33 - MountPoints2\{78e35e8d-bbda-11de-a8ea-91666807d3ae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78e35e8d-bbda-11de-a8ea-91666807d3ae}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78e35e91-bbda-11de-a8ea-91666807d3ae}\Shell - "" = AutoRun
O33 - MountPoints2\{78e35e91-bbda-11de-a8ea-91666807d3ae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78e35e91-bbda-11de-a8ea-91666807d3ae}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8e23cdd8-bbe3-11de-a8eb-aa379b80dba4}\Shell - "" = AutoRun
O33 - MountPoints2\{8e23cdd8-bbe3-11de-a8eb-aa379b80dba4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e23cdd8-bbe3-11de-a8eb-aa379b80dba4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8e23cdd9-bbe3-11de-a8eb-aa379b80dba4}\Shell - "" = AutoRun
O33 - MountPoints2\{8e23cdd9-bbe3-11de-a8eb-aa379b80dba4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e23cdd9-bbe3-11de-a8eb-aa379b80dba4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a04fda44-bd67-11de-a8f6-d6b7760417d1}\Shell - "" = AutoRun
O33 - MountPoints2\{a04fda44-bd67-11de-a8f6-d6b7760417d1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a04fda44-bd67-11de-a8f6-d6b7760417d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{bfe3e8ba-bf0a-11de-a8f9-afe511e539d0}\Shell - "" = AutoRun
O33 - MountPoints2\{bfe3e8ba-bf0a-11de-a8f9-afe511e539d0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bfe3e8ba-bf0a-11de-a8f9-afe511e539d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{bfe3e8bd-bf0a-11de-a8f9-afe511e539d0}\Shell - "" = AutoRun
O33 - MountPoints2\{bfe3e8bd-bf0a-11de-a8f9-afe511e539d0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bfe3e8bd-bf0a-11de-a8f9-afe511e539d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ff142a24-be4a-11de-a8f8-a4c8bddb3ad1}\Shell - "" = AutoRun
O33 - MountPoints2\{ff142a24-be4a-11de-a8f8-a4c8bddb3ad1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff142a24-be4a-11de-a8f8-a4c8bddb3ad1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ff142a25-be4a-11de-a8f8-a4c8bddb3ad1}\Shell - "" = AutoRun
O33 - MountPoints2\{ff142a25-be4a-11de-a8f8-a4c8bddb3ad1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff142a25-be4a-11de-a8f8-a4c8bddb3ad1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/19 09:29:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema
[2012/03/19 09:29:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema
[2012/03/19 09:29:24 | 000,274,432 | ---- | C] (WnZd) -- C:\WINDOWS\System32\gema.exe
[2012/03/18 19:03:02 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2012/03/16 19:34:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10017
[2012/03/14 18:22:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2012/03/14 15:07:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10016
[2012/03/14 15:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2012/03/14 15:07:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[2012/03/11 17:12:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
[2012/02/29 16:45:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/28 09:11:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/23 17:56:14 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-484763869-1677128483-682003330-500.job
[2012/03/23 17:56:11 | 000,254,497 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/03/23 17:55:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/19 09:29:15 | 000,274,432 | ---- | M] (WnZd) -- C:\WINDOWS\System32\gema.exe
[2012/03/19 09:29:15 | 000,156,672 | ---- | M] () -- C:\WINDOWS\System32\0.8768173204689121h7i.exe
[2012/03/17 12:21:26 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
[2012/03/15 16:27:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/15 10:57:41 | 000,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 10:38:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/14 18:23:49 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-1677128483-682003330-500.job
[2012/03/07 18:08:29 | 000,000,668 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/03 11:45:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/03/19 09:29:23 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\0.8768173204689121h7i.exe
[2012/03/14 15:07:48 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
[2012/03/07 18:08:29 | 000,000,668 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/29 14:10:36 | 000,000,579 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2011/08/06 15:07:51 | 000,000,532 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/01/25 18:49:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/14 07:16:56 | 000,002,121 | ---- | C] () -- C:\WINDOWS\gsb2010.ini
[2010/06/09 11:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/22 07:39:02 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/11/25 08:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/20 15:40:19 | 000,013,824 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/18 10:00:29 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/18 08:53:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/18 08:20:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/18 08:17:35 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/18 07:35:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/18 07:30:08 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/27 10:12:22 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/12/09 11:23:13 | 000,053,752 | RHS- | C] () -- C:\WINDOWS\System32\appconf32.exe
[2004/11/11 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/11/11 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/11/11 08:00:00 | 000,448,892 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/11/11 08:00:00 | 000,432,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/11/11 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/11/11 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/11/11 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/11/11 08:00:00 | 000,080,332 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/11/11 08:00:00 | 000,067,734 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/11/11 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/11/11 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/11/11 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/11/11 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/11/11 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/11 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/11/11 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010/06/11 17:26:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Crayon Physics Deluxe
[2010/04/21 07:43:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite
[2010/04/21 07:12:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Pro
[2010/03/26 08:51:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Engelmann Media
[2012/03/19 09:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema
[2010/03/02 07:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GrabPro
[2009/10/18 07:48:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kontragramme
[2010/03/27 21:14:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NCH Swift Sound
[2010/03/12 13:36:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Orbit
[2010/03/07 07:40:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\streamripper
[2010/03/02 09:50:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TheLastRipper
[2010/06/12 07:45:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\uTorrent
[2010/04/26 08:30:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy
[2010/04/22 08:09:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Age of Empires 3
[2010/04/21 07:15:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010/04/21 07:12:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2010/03/07 07:52:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATA BECKER Downloads
[2010/11/23 11:54:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2012/03/19 09:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema
[2010/04/21 15:28:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster
[2010/03/27 21:17:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2010/03/25 11:10:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2010/03/27 21:13:59 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\expressripSevenDays.job
[2010/03/27 21:13:59 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\expressripShakeIcon.job
[2010/03/27 21:22:34 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2010/03/30 17:19:13 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009/10/18 07:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012/02/05 09:40:52 | 000,000,000 | ---D | M] -- C:\downloads
[2012/02/11 07:53:24 | 000,000,000 | ---D | M] -- C:\Netgear
[2012/02/06 11:34:50 | 000,000,000 | R--D | M] -- C:\Programme
[2009/10/18 07:40:12 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011/10/29 14:38:50 | 000,000,000 | ---D | M] -- C:\SIERRA
[2012/02/06 11:43:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/03/17 12:19:14 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2012/02/12 06:13:41 | 000,000,000 | ---D | M] -- C:\Worms Reloaded
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004/11/11 08:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/03/04 12:27:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/03/04 12:27:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004/11/11 08:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/03/04 12:27:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/03/04 12:27:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/11/11 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/11/11 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004/11/11 08:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/11/11 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/11/11 08:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004/11/11 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/11/11 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/11/11 08:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004/11/11 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004/11/11 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009/10/18 09:16:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/10/18 09:16:55 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/10/18 09:16:55 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2011/12/18 09:43:24 | 011,082,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2011/12/17 15:43:23 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 10:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
         

beim herunterfahren vom neustart ist er abgestürzt und musste ihn reset'en, sonst scheint alles geklappt zu haben.
der upload war erfolgreich.
wars das nun? jedenfalls, vielen dank!

--- --- ---

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O4 - HKLM..\Run: [gema] C:\WINDOWS\system32\gema.exe (WnZd)
O4 - HKLM..\Run: [gema.] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe (WnZd)
O4 - HKLM..\Run: [Update] C:\WINDOWS\system32
\0.8768173204689121h7i.exe ()
O4 - HKU\Administrator_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe (WnZd)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe
(WnZd)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\gema.exe) - C:\WINDOWS\system32\gema.exe (WnZd)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe
(WnZd)
[2012/03/19 09:29:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema
[2012/03/19 09:29:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema
[2012/03/19 09:29:24 | 000,274,432 | ---- | C] (WnZd) -- C:\WINDOWS\System32\gema.exe
[2012/03/16 19:34:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10017
[2012/03/14 15:07:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10016
[2012/03/14 15:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2008/12/09 11:23:13 | 000,053,752 | RHS- | C] () -- C:\WINDOWS\System32\appconf32.exe
:Files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema
C:\WINDOWS\system32\gema.exe
C:\WINDOWS\system32\0.8768173204689121h7i.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.


falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die + E Taste.

• Öffne dein Systemlaufwerk ( meistens C: )
• Suche nun
  folgenden Ordner: _OTL und öffne diesen.
• Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
• 
  Dies wird eine Movedfiles.zip Datei in _OTL erstellen
• Lade diese bitte in unseren Uploadchannel
  hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

irgendwie klappt es nicht.
ich muss den fix manuel eintragen, er fragt mich nach einem neustart...
ich klicke: "ja" und nun tut sich nichts. wenn ich ihn dann manuell neustarte, ist danach die otl.txt logfile unverändert.

dann die cd raus nehmen und über reset knopf neustarten.