Mal wieder: WinXP SP3 Weißer Bildschirm "Warten bis Verbdg. z. I-net hergestellt wird"

Pappa Bear · 21.03.2013, 15:32

Hallo,

ich bin neu hier und muss mich wohl erst noch ein wenig mit den Gepflogenheiten vertraut machen. Trotzdem: Hab Schwiegerpapas Rechner hier stehen - mit dem Kommentar "Der tut nix mehr..."

Stellte sich heraus, dass immer der angesprochene Bildschirm beim Hochfahren erscheint. Jetzt hab ich hier schon ein wenig nachgelesen und bin mit dem Thread von Dr. Pain vom 20.02.2012 m.E. am weitesten gekommen. (Leider hab ich noch nicht rausbekommen, wie ich hier querverlinken kann...)

Ok, nun hab ich den defogger und den OTL.PE schon mal drüberflitzen lassen und folgende Logs erhalten:

*******************************************************************
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:31 on 21/03/2013 (%username%)

Checking for autostart values...
HKCU\~\Run values retrieved.
Unable to open HKLM\~\Run key (2)
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

*******************************************************************
OTL logfile created on: 3/21/2013 1:49:14 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

511.00 Mb Total Physical Memory | 287.00 Mb Available Physical Memory | 56.00% Memory free
459.00 Mb Paging File | 337.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.52 Gb Total Space | 59.47 Gb Free Space | 79.80% Space Free | Partition Type: NTFS
Drive D: | 65.73 Gb Total Space | 63.49 Gb Free Space | 96.60% Space Free | Partition Type: NTFS
Drive E: | 8.78 Gb Total Space | 5.54 Gb Free Space | 63.10% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2009/08/05 16:13:45 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 10:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/04 14:47:26 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/06/15 10:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/10/10 04:58:14 | 001,617,920 | ---- | M] (Kerio Technologies) [Auto] -- C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe -- (KPF4)
SRV - [2003/06/20 03:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2002/03/15 16:37:46 | 000,081,920 | R--- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2001/11/12 08:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/07/08 01:55:36 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/07 16:55:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 04:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 04:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/09/26 06:05:06 | 000,286,720 | ---- | M] (Kerio Technologies) [Kernel | System] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv)
DRV - [2005/09/26 06:05:06 | 000,081,920 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\khips.sys -- (khips)
DRV - [2005/07/24 22:04:08 | 000,048,640 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2004/06/10 12:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Sacm2K.sys -- (USBCM)
DRV - [2003/04/10 13:44:00 | 000,636,502 | R--- | M] (Intersil Americas Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PRISMUSB.sys -- (PRISM_USB)
DRV - [2003/01/19 12:58:28 | 000,546,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/11/04 10:32:00 | 000,027,520 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune)
DRV - [2002/11/04 10:29:42 | 000,422,976 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) MEDION (7134)
DRV - [2002/10/31 06:58:42 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2002/10/28 02:38:06 | 000,947,884 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002/08/29 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002/08/29 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/07/10 11:39:34 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/01 10:10:40 | 000,638,366 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctxs51.sys -- (Intels51)
DRV - [2002/04/19 05:15:46 | 000,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/04/17 15:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (asapiW2k)
DRV - [2002/03/20 12:38:20 | 000,019,140 | ---- | M] (America Online) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atwpkt.sys -- (ATWPKT)
DRV - [2001/11/14 13:07:42 | 000,010,761 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\x10uif.sys -- (X10UIF)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\USER2_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKU\USER2_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home
IE - HKU\USER2_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\USER1_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKU\USER1_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\USER1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\USER1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\USER1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.0.1:80

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5053 [2011/12/08 11:55:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/03/20 10:50:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/11/26 09:44:45 | 000,000,000 | ---D | M]

[2011/11/26 09:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008/08/26 19:13:36 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/18 16:33:22 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010/04/15 16:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2012/03/20 10:50:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2007/12/19 08:57:38 | 000,310,272 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2012/02/15 07:24:41 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/15 07:24:41 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/02/15 07:24:41 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/15 07:24:40 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/15 07:24:40 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/15 07:24:40 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010/07/26 15:43:15 | 000,416,029 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 14366 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Adobe PDF Reader Link Helper) - {EFF39A40-C163-4d5d-B073-52FBB55C646A} - File not found
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\USER2_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\USER1_ON_C\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\USER1_ON_C\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [BX6kRBeYBXtpN21] C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\.DEFAULT..\Run: [malacuxatx.exe] File not found
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] File not found
O4 - HKU\Administrator_ON_C..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\aolshare\AolMIcon.exe (AOL Deutschland)
O4 - HKU\Administrator_ON_C..\Run: [BX6kRBeYBXtpN21] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O4 - HKU\USER2_ON_C..\Run: [BX6kRBeYBXtpN21] C:\Dokumente und Einstellungen\USER2\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O4 - HKU\USER2_ON_C..\Run: [WBhXTAWuFpmNyON] File not found
O4 - HKU\USER1_ON_C..\Run: [{19D5D5EE-84DB-6884-89B5-097046DDAC2D}] File not found
O4 - HKU\USER1_ON_C..\Run: [BX6kRBeYBXtpN21] C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O4 - HKU\USER1_ON_C..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\USER1_ON_C..\Run: [FEuLFLOIGw] File not found
O4 - HKU\USER1_ON_C..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\USER1_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11f_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\USER2_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\USER2_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\USER2_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\USER2_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\USER1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\USER1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\USER1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\USER1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37657.0299189815 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.225 83.169.184.161
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKU\Administrator_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKU\USER2_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\USER2\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\USER2\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKU\USER2_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\USER2\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\USER2\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKU\USER1_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKU\USER1_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\MEDION 1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\MEDION 1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/02/05 03:31:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2337076a-dd0c-43a6-8d85-54070578a42f} - KB912812
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {2757B1D6-0367-4663-877C-93ECC5C01BF6} - Q324929
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {429D8DD3-05E0-4F56-B6D6-AC0730567C02} - Euro Update Tool
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {588A559B-BBC9-4148-A2C0-96A33D1DBC26} - Microsoft .NET Framework 1.0 Hotfix (KB928367)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61r1K7Zg-HMWm-14l4-knLL-DFbthPjzcAFc} -
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {65289DE3-4C1A-11D6-B6E1-00B0D049139F} - Microsoft .NET Framework 1.0 Service Pack 2 (KB867461)
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {99FD08B4-CB68-4F2A-A53F-2870883A4B09} - WEB.DE IE7 Browser Update
ActiveX: {9BFBE94F-2FAF-11D6-8712-0002B3281F8B} - Microsoft .NET Framework 1.0 Service Pack 1 (KB867461)
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Flash Player 8
ActiveX: {D82A39FB-1784-4608-BFE8-1ACBFF3079C1} - Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: {F279058C-50B2-4BE4-60C9-369CACF06821} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{855CADBB-5FB0-46C0-BEC4-F8A67DF7944B} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/03/21 07:05:44 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2013/03/21 07:05:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2013/03/21 07:05:31 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2012/12/19 14:29:38 | 000,233,472 | ---- | C] (vGHFK) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\y6drxuj c7ti.exe
[2012/04/01 18:12:00 | 000,233,472 | ---- | C] (vGHFK) -- C:\Dokumente und Einstellungen\USER2\Anwendungsdaten\y6drxuj c7ti.exe
[2012/03/29 13:09:25 | 000,233,472 | ---- | C] (vGHFK) -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\y6drxuj c7ti.exe
[2009/02/23 18:29:18 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2K.sys
[2003/03/27 15:42:07 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\DAO350.DLL
[2003/02/05 03:30:04 | 000,557,128 | ---- | C] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\dao360.dll
[1999/03/11 13:22:04 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\IRAABOUT.DLL
[1998/12/08 22:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\IRAREG.DLL
[1998/12/08 22:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\IRAMDMTR.DLL
[1998/12/08 22:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\IRALPTTR.DLL
[1998/12/08 22:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\IRAWEBTR.DLL
[1998/12/08 22:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\IRASRIAL.DLL
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/21 07:23:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/21 07:22:30 | 536,403,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/21 07:04:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/21 07:04:11 | 536,403,968 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/06 11:34:11 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/02/23 18:29:19 | 000,135,168 | R--- | C] () -- C:\WINDOWS\UNDPX2K.exe
[2009/02/23 18:29:19 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2K.sys
[2008/10/04 13:05:29 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/05/21 12:29:42 | 000,000,016 | ---- | C] () -- C:\Dokumente und Einstellungen\USER2\mxfilerelatedcache.mxc2
[2008/05/16 05:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2007/09/20 05:34:46 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\dm.ini
[2007/08/20 05:11:40 | 000,000,115 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/29 17:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007/03/02 05:27:16 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/01 14:15:46 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/04/23 05:57:32 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/12/02 07:12:19 | 000,000,016 | ---- | C] () -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\mxfilerelatedcache.mxc2
[2005/12/02 06:58:52 | 000,000,016 | ---- | C] () -- C:\Dokumente und Einstellungen\USER1\mxfilerelatedcache.mxc2
[2005/10/15 07:32:09 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2005/09/29 08:24:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/09/29 08:09:27 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005/09/29 08:09:27 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2005/09/29 08:09:27 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2005/09/29 08:09:00 | 000,030,605 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2005/09/29 08:09:00 | 000,027,030 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2005/09/29 08:09:00 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/09/29 08:08:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX3600FGD.ini
[2005/09/26 06:05:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\khips.sys
[2005/04/15 15:40:30 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
[2005/04/15 15:40:30 | 001,261,568 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
[2005/04/15 15:40:30 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
[2005/04/15 15:40:30 | 001,105,920 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
[2005/04/15 15:40:29 | 001,052,672 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
[2005/04/15 15:40:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2005/04/15 15:39:58 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2005/04/15 15:39:58 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2005/04/15 15:39:58 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2005/04/15 15:39:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
[2005/04/15 15:39:58 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2005/04/15 15:39:57 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2005/01/26 07:18:43 | 000,114,746 | ---- | C] () -- C:\WINDOWS\System32\MMedia20.dll
[2005/01/26 07:18:42 | 000,196,688 | ---- | C] () -- C:\WINDOWS\System32\LxImport40.dll
[2005/01/26 07:18:42 | 000,102,458 | ---- | C] () -- C:\WINDOWS\System32\LXDasi20.dll
[2005/01/26 07:18:40 | 000,278,583 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll
[2005/01/26 07:18:40 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll
[2005/01/26 07:18:40 | 000,073,785 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll
[2005/01/11 14:15:53 | 000,000,503 | ---- | C] () -- C:\WINDOWS\Verknüpfung mit explorer.exe.lnk
[2004/05/11 13:00:50 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/05/11 13:00:44 | 000,105,168 | ---- | C] () -- C:\WINDOWS\MozillaUninstall.exe
[2004/05/11 13:00:35 | 000,105,168 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2004/05/11 13:00:33 | 000,010,214 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/01/21 09:12:34 | 000,000,019 | ---- | C] () -- C:\WINDOWS\LxRegi.INI
[2004/01/19 07:23:13 | 000,237,623 | ---- | C] () -- C:\WINDOWS\System32\dnt26.dll
[2004/01/19 07:23:13 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc26.dll
[2004/01/19 07:23:13 | 000,073,785 | ---- | C] () -- C:\WINDOWS\System32\dntvm26.dll
[2004/01/19 07:23:12 | 000,114,746 | ---- | C] () -- C:\WINDOWS\System32\MMedia10.dll
[2004/01/19 07:23:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PXTTool.dll
[2004/01/19 07:23:11 | 000,192,592 | ---- | C] () -- C:\WINDOWS\System32\LxImport30.dll
[2004/01/19 07:23:11 | 000,094,266 | ---- | C] () -- C:\WINDOWS\System32\LXDasi10.dll
[2003/11/16 14:57:29 | 000,003,323 | ---- | C] () -- C:\WINDOWS\tm.ini
[2003/11/16 06:28:42 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2003/11/16 06:28:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2003/05/27 16:05:15 | 000,149,504 | ---- | C] () -- C:\WINDOWS\Unwise32.exe
[2003/05/27 16:05:15 | 000,006,067 | ---- | C] () -- C:\WINDOWS\Unwise32.ini
[2003/05/15 15:01:16 | 000,000,034 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/04/01 05:52:24 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\USER2\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2003/03/27 16:02:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FKStampPainter.dll
[2003/03/27 16:02:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\SBSPAINT.DLL
[2003/03/27 16:01:58 | 000,233,527 | ---- | C] () -- C:\WINDOWS\System32\dnt25.dll
[2003/03/27 16:01:58 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc25.dll
[2003/03/27 16:01:58 | 000,069,689 | ---- | C] () -- C:\WINDOWS\System32\dntvm25.dll
[2003/03/27 15:51:23 | 000,015,627 | ---- | C] () -- C:\WINDOWS\System32\Wbrollrs.dll
[2003/03/27 15:51:19 | 000,155,709 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2003/03/27 15:51:16 | 000,221,239 | ---- | C] () -- C:\WINDOWS\System32\dnt24.dll
[2003/03/27 15:51:16 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc24.dll
[2003/03/27 15:51:16 | 000,069,689 | ---- | C] () -- C:\WINDOWS\System32\dntvm24.dll
[2003/03/27 15:49:34 | 000,000,435 | ---- | C] () -- C:\WINDOWS\mdscp.ini
[2003/03/27 15:46:05 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll
[2003/03/27 15:46:05 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll
[2003/03/27 15:45:56 | 000,000,031 | ---- | C] () -- C:\WINDOWS\LxTrans.INI
[2003/03/27 15:44:44 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\W32MKDE.EXE
[2003/03/27 15:42:06 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2003/03/27 15:42:03 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\LxUtl10.dll
[2003/03/27 15:42:02 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\LxCI11.dll
[2003/03/27 15:42:00 | 000,300,032 | ---- | C] () -- C:\WINDOWS\System32\LE50as.dll
[2003/03/27 15:40:52 | 000,000,023 | ---- | C] () -- C:\WINDOWS\eps32.INI
[2003/03/27 15:40:52 | 000,000,023 | ---- | C] () -- C:\WINDOWS\eps_stab.ini
[2003/03/27 15:40:26 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll
[2003/03/27 15:40:26 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll
[2003/03/27 15:40:26 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll
[2003/03/27 15:29:13 | 000,000,164 | ---- | C] () -- C:\WINDOWS\loge.dat
[2003/03/27 15:29:02 | 000,073,184 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\DAO2535.TLB
[2003/03/27 15:29:01 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\KSCB532.DLL
[2003/03/27 15:28:56 | 000,000,282 | ---- | C] () -- C:\WINDOWS\plzdir20.INI
[2003/03/27 15:22:12 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin0407.exe
[2003/03/27 07:08:28 | 000,024,576 | ---- | C] () -- C:\Dokumente und Einstellungen\USER1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/03/26 17:59:44 | 000,000,014 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2003/03/26 17:52:09 | 000,552,960 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/03/26 13:45:23 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\USER1\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2003/02/09 18:44:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/02/09 18:20:48 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/02/09 17:31:53 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2003/02/09 17:29:19 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/02/05 11:23:47 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/02/05 11:23:39 | 000,365,756 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/02/05 11:23:39 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003/02/05 11:23:39 | 000,053,176 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/02/05 11:23:39 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003/02/05 11:23:24 | 000,358,790 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/02/05 11:23:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/02/05 11:23:24 | 000,043,848 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/02/05 11:23:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/02/05 11:23:23 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/02/05 11:23:23 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/02/05 11:23:21 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/02/05 11:23:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/02/05 11:23:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/02/05 11:23:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/02/05 11:23:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/02/05 05:22:22 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/02/05 04:39:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/02/05 04:23:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\Dit.exe
[2003/02/05 04:23:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\DitExp.exe
[2003/02/05 04:23:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\Dit.DLL
[2003/02/05 04:23:14 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2003/02/05 04:05:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2003/02/05 03:56:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\htpatch.exe
[2003/02/05 03:56:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\winio.sys
[2003/02/05 03:34:32 | 000,000,904 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/02/05 03:33:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/02/05 03:29:53 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/02/05 03:27:21 | 000,004,359 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/02/05 03:26:45 | 000,353,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/28 06:15:41 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/01/08 10:55:50 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\VOBRegCheck.exe
[2002/07/19 06:46:58 | 000,285,696 | ---- | C] () -- C:\WINDOWS\System32\CNCS232.DLL
[2002/03/26 15:18:27 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2001/08/30 11:34:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\WSUtil.exe
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2003/02/09 17:58:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander
[2003/02/05 04:15:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterTrust
[2003/02/05 04:15:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER2\Anwendungsdaten\InterTrust
[2003/04/01 05:52:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER2\Anwendungsdaten\Ordner HP Share-to-Web
[2007/11/19 07:26:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER2\Anwendungsdaten\PC Suite
[2005/06/20 11:14:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\Acqu
[2012/02/21 14:27:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\Ewxa
[2005/02/04 15:07:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\ICQ
[2007/01/03 07:38:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\ICQ Toolbar
[2003/02/05 04:15:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\InterTrust
[2004/05/11 04:19:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\KeySafe
[2005/12/01 05:16:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\MAGIX
[2007/07/17 11:06:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\Nokia
[2007/07/17 11:13:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\Nokia Multimedia Player
[2003/03/26 17:57:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\Ordner HP Share-to-Web
[2007/07/17 11:15:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\PC Suite
[2011/02/23 22:03:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\Setu
[2008/01/20 15:46:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\Smart Panel
[2004/05/11 14:34:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\T-DSL SpeedManager
[2003/05/13 07:39:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\T-Online
[2012/02/16 10:53:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER1\Anwendungsdaten\Vocypu
[2006/06/01 15:00:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\X10 Commander
[2007/07/17 10:51:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2007/07/17 10:31:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2003/11/16 06:31:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT
[2004/05/11 14:42:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2004/05/10 16:26:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2003/05/14 05:09:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online_ZusatzSoftware
[2005/09/29 08:11:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2008/01/08 13:49:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VManager
[2008/10/04 12:30:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de Firefox

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2008/10/04 13:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2003/11/13 14:56:18 | 000,000,000 | R--D | M] -- C:\HyperDat
[2005/06/11 07:30:45 | 000,000,000 | ---D | M] -- C:\install
[2005/01/04 07:59:15 | 000,000,000 | ---D | M] -- C:\Kopien von R2
[2003/03/27 15:49:33 | 000,000,000 | ---D | M] -- C:\LEXWARE
[2003/04/24 11:02:11 | 000,000,000 | ---D | M] -- C:\modem
[2011/09/04 11:59:38 | 000,000,000 | R--D | M] -- C:\Programme
[2008/10/04 13:08:55 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011/09/04 15:44:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2004/05/10 17:33:59 | 000,000,000 | ---D | M] -- C:\T-Online
[2011/09/04 11:40:10 | 000,000,000 | ---D | M] -- C:\Treiber download
[2013/03/21 07:22:58 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\ *.exe >

Invalid Environment Variable: %LOCALAPPDATA%\ *.exe

< %systemroot%\ *./mp /s >

< MD5 for: AGP440.SYS >
[2006/06/01 14:21:53 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/04 16:57:54 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006/06/01 14:21:53 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/10/04 16:57:54 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 08:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2006/06/01 14:21:53 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/04 16:57:54 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 08:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2006/06/01 14:21:53 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/10/04 16:57:54 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 08:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004/08/04 03:57:53 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 09:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 09:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 03:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USER32.DLL >
[2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
[2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007/03/08 11:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 14:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004/08/04 03:57:36 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007/03/08 11:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
[1999/05/05 17:22:00 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=B24A0AAA435674392405C770F2F45268 -- C:\Kopien von R2\Programm MGI\MGI PhotoSuite III SE\System\USER32.DLL
[2002/11/22 07:28:16 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=DB15B2FE24ECCE331EA3A954F6F90448 -- C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll
[2002/08/29 08:00:00 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtUninstallQ328310$\user32.dll

< MD5 for: USERINIT.EXE >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/08/04 03:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2003/02/05 04:26:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2003/02/05 04:26:10 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003/02/05 04:26:10 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:46:10 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2010/03/11 08:31:29 | 006,067,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2010/03/11 08:31:30 | 000,268,288 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/04/13 22:22:23 | 000,023,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\psapi.dll
[2008/06/17 15:00:59 | 008,502,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

Invalid Environment Variable: %USERPROFILE%\*.*

Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe

Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll

Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Dokumente und Einstellungen\USER1\Desktop\avira_antivir_personal_de.exe:SummaryInformation
< End of report >
********************************************************************

An und für sich wollte ich auch den GMER schon mal laufen lassen, hab dabei aber Fehlermeldungen erhalten, die lauteten:

X:\i386\system32\config\system: the System cannot find the file specified. [OK]

und wenn ich dann OK geklickt hab, zeigt er mir im Startbildschirm (vorm Scan) zum Type:Name:Value folgendes:

Thread: System[4:140]: F8051178
Thread: System[4:144]: F7F85096.

Wenn ich dann trotzdem scanne, bekomme ich nach einiger Zeit wieder die erstgenannte Fehlermeldung, im Hintergrund kann ich aber in der Tabelle über den zwei bereits genannten Types noch folgende zwei lesen:

.text: X:\i386\explorer.exe[2004] SHELL32.dll!StrStrW: 7C9D7C2C 1 Byte [70]
.text: X:\i386\explorer.exe[2004] SHELL32.dll!StrStrW: 7C9D7C2C 3 Bytes [70, 00, 65]

Wenn ich nun wiederum OK klicke, schließt sich das Programm.

So, und nun? Kann euch somit diesbezüglich keine weiteren Infos liefern. Vermutlich ist der Rechner einfach schon zu alt, aber ich darf ihn nicht entsorgen. "Er enthält zu viele "wichtige" Daten..." Stattdessen darf ich meine und eure kostbare Zeit mit Rekonstruktion aufopfern. Dafür bin ich euch im Vorfeld schon mal sehr dankbar.

Wenn ihr noch mehr benötigt, um mir adequat helfen zu können, schreibt es mir einfach.

Vielen Dank!

Der Pappa.

Mal wieder: WinXP SP3 Weißer Bildschirm "Warten bis Verbdg. z. I-net hergestellt wird"

Plagegeister aller Art und deren Bekämpfung: Mal wieder: WinXP SP3 Weißer Bildschirm "Warten bis Verbdg. z. I-net hergestellt wird"

Mal wieder: WinXP SP3 Weißer Bildschirm "Warten bis Verbdg. z. I-net hergestellt wird"

Ähnliche Themen: Mal wieder: WinXP SP3 Weißer Bildschirm "Warten bis Verbdg. z. I-net hergestellt wird"