Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.05.2013, 00:27   #1
hansdoll
 
Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner - Standard

Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner



Hallo,

auch ich habe mir den GVU-Trojaner eingefangen.
Nachdem ich die Internetverbindung gekappt habe, ist der Bildschirm nur noch weiss.
Betriebssystem: Windows XP SP3, Vers. 5.1.2600
Ich habe im abgesicherten Modus FRST.EXE laufen lassen. Die beiden logs im folgenden.
Kann mir jemand helfen ?! Im voraus vielen Dank !

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-05-2013
Ran by Administrator (administrator) on 15-05-2013 00:52:51
Running from F:\
Microsoft Windows XP Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 6
Boot Mode: Safe Mode (minimal)
==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Farbar) f:\FRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [8466432 2007-09-04] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-09-04] (NVIDIA Corporation)
HKLM\...\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2007-07-23] (AMD)
HKLM\...\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe [318488 2008-04-07] (PDF Complete Inc)
HKLM\...\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe [525824 2003-11-20] (Hewlett-Packard Company)
HKLM\...\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe [1138688 2006-05-12] ()
HKLM\...\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe [761856 2006-03-31] ()
HKLM\...\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe [872448 2006-07-10] ()
HKLM\...\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe [955976 2008-10-29] (G DATA Software AG)
HKLM\...\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305) [53248 2005-02-28] (Vimicro)
HKLM\...\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup [229376 2006-06-15] (Nokia)
HKLM\...\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe [283136 2007-02-02] (AVM Berlin)
HKLM\...\Run: [APSDaemon] "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [innoplus_update] C:\Programme\innoPlus\innoplus_bad\bin\dataupdate.exe -b [2983088 2012-07-25] (INNOVA-engineering GmbH Dresden)
HKLM\...\Run: [CDAServer] C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] ()
HKLM\...\Run: [] [x]
HKLM\...\Run: [ApnUpdater] "C:\Programme\Ask.com\Updater\Updater.exe" [1644680 2013-02-08] (Ask)
HKLM\...\Run: [Device Detector] DevDetect.exe -autorun [x]
HKLM\...\Run: [NPSStartup] [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\RunOnce: [(4) HWRestore] "C:\Sage\KHK\Handwerk\HWRESTORE.EXE" -Server: COMPUTERHANS -Benutzer: sa -Backup: "C:\Sage\KHK\Handwerk\Daten\Vorlagen\HW_LEER.KHK" -Daten: "C:\Sage\KHK\Handwerk\Daten\HANDWERK.MDF" -Log: "C:\Sage\KHK\Handwerk\Daten\HANDWERK.LDF" -Datenbank: HW_Database -Auto [1048576 2013-05-12] ()
HKLM Groop Policy restriction on software: %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* <====== ATTENTION
HKLM\...\Winlogon: [System]
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [1449984 2006-06-27] (Time Information Services Ltd.)
HKCU\...\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe [x]
HKCU\...\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat <==== ATTENTION
MountPoints2: {1ba73a2b-60fb-11df-bb73-002264278107} - F:\pushinst.exe
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: (No Name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No File
SearchScopes: HKLM - DefaultScope value is missing.
HKCU SearchScopes: DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=51D33A1B-5494-4753-BB99-A16A296559A6&apn_sauid=EAABA731-5486-4EA9-BE11-A5DC56130D49
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=51D33A1B-5494-4753-BB99-A16A296559A6&apn_sauid=EAABA731-5486-4EA9-BE11-A5DC56130D49
BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
PDF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
PDF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 04 C:\Programme\FRITZ!DSL\\sarah.dll [247296] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Programme\Bonjour\mdnsNSP.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Programme\FRITZ!DSL\\sarah.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Programme\FRITZ!DSL\\sarah.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Programme\FRITZ!DSL\\sarah.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Programme\FRITZ!DSL\\sarah.dll [92672] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default
FF SearchEngine: Yahoo
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: wtxpcom - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default\Extensions\wtxpcom@mybrowserbar.com
FF Extension: youtubedownloader - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default\Extensions\youtubedownloader@mybrowserbar.com

========================== Services (Whitelisted) =================

S2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008 2012-12-21] (Apple Inc.)
S2 AVKProxy; C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [1089608 2008-10-29] (G DATA Software AG)
S2 AVKService; C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe [386120 2008-08-19] (G DATA Software AG)
S2 AVKWCtl; C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe [1185496 2008-09-08] (G DATA Software AG)
S2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [390504 2011-08-31] (Apple Inc.)
S2 CCALib8; C:\Programme\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2011-04-24] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2011-04-24] (Google Inc.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation)
S2 IGDCTRL; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
S3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [553288 2013-02-20] (Apple Inc.)
S2 LiveUpdateInstaller; C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe [516096 2003-07-02] (Sage KHK Software)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [115608 2013-04-13] (Mozilla Foundation)
S2 MSSQLSERVER; C:\Programme\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [364544 2006-06-13] (SoftThinks)
S2 pdfcDispatcher; C:\Programme\PDF Complete\pdfsvc.exe [576024 2008-04-07] (PDF Complete Inc)
S2 Samsung Network Fax Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe [175104 2011-06-20] (Samsung Electronics Co., Ltd.)
S3 ServiceLayer; C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.)
S3 SQLSERVERAGENT; C:\Programme\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
S2 UleadBurningHelper; C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-02-26] (Ulead Systems, Inc.)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
S2 SENS; C:\DOKUME~1\ALLUSE~1\ANWEND~1\wi3232exe.dat [x]

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
S1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [43520 2006-07-01] (Advanced Micro Devices)
R3 AmdLLD; C:\Windows\System32\DRIVERS\AmdLLD.sys [34304 2007-06-29] (AMD, Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S1 FSLX; C:\WINDOWS\system32\drivers\fslx.sys [191872 2008-07-11] (Altiris, Inc.)
S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S3 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [48712 2009-05-21] (G DATA Software AG)
S2 GDTdiInterceptor; C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [51016 2009-05-21] (G DATA Software AG)
S1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [68424 2009-05-27] (G DATA Software)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
S3 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [32328 2009-05-21] (G DATA Software AG)
S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-04] (Intel(R) Corporation)
S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-04] (Intel(R) Corporation)
S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-04] (Intel(R) Corporation)
S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-04] (Intel(R) Corporation)
S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-04] (Intel(R) Corporation)
S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-04] (Intel(R) Corporation)
S3 iAimFP5; C:\Windows\System32\DRIVERS\wADV07nt.sys [11807 2004-08-04] (Intel(R) Corporation)
S3 iAimFP6; C:\Windows\System32\DRIVERS\wADV08nt.sys [11295 2004-08-04] (Intel(R) Corporation)
S3 iAimFP7; C:\Windows\System32\DRIVERS\wADV09nt.sys [11871 2004-08-04] (Intel(R) Corporation)
S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-04] (Intel(R) Corporation)
S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-04] (Intel(R) Corporation)
S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-04] (Intel(R) Corporation)
S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-04] (Intel(R) Corporation)
S3 iAimTV5; C:\Windows\System32\DRIVERS\wATV10nt.sys [25471 2004-08-04] (Intel(R) Corporation)
S3 iAimTV6; C:\Windows\System32\DRIVERS\wATV06nt.sys [22271 2004-08-04] (Intel(R) Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 Nokia USB Generic; C:\Windows\System32\drivers\nmwcdc.sys [8704 2006-05-29] (Nokia)
S3 Nokia USB Modem; C:\Windows\System32\drivers\nmwcdcm.sys [13312 2006-05-29] (Nokia)
S3 Nokia USB Phone Parent; C:\Windows\System32\drivers\nmwcd.sys [127488 2006-05-29] (Nokia)
S3 Nokia USB Port; C:\Windows\System32\drivers\nmwcdcj.sys [13312 2006-05-29] (Nokia)
S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54400 2007-07-30] (NVIDIA Corporation)
S3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2007-07-30] (NVIDIA Corporation)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [46848 2008-04-14] (Microsoft Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [215040 2007-05-04] (Realtek Semiconductor Corporation )
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2011-04-05] (Samsung Electronics)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S4 Symmpi; C:\Windows\system32\DRIVERS\symmpi.sys [28416 2002-04-04] (LSI Logic)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [91263 2004-08-17] (VM)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 Aha154x; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
S3 cpuz132; \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys [x]
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S3 SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [x]
S4 Sparrow; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S3 WDICA; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-15 00:52 - 2013-05-15 00:52 - 00000000 ____D C:\FRST
2013-05-14 01:23 - 2013-05-14 01:27 - 00000000 ____D C:\Wiederhergestellte Dateien 13-05-13
2013-05-12 21:53 - 2013-05-12 21:53 - 00000000 ____D C:\Windows\CSC

==================== One Month Modified Files and Folders ========

2013-05-15 00:52 - 2013-05-15 00:52 - 00000000 ____D C:\FRST
2013-05-15 00:48 - 2009-05-20 14:19 - 00001158 ____A C:\Windows\System32\wpa.dbl
2013-05-15 00:38 - 2013-02-20 23:33 - 00000242 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job
2013-05-15 00:38 - 2009-05-20 14:19 - 00000275 ____A C:\Windows\wiadebug.log
2013-05-15 00:38 - 2009-05-20 14:19 - 00000050 ____A C:\Windows\wiaservc.log
2013-05-15 00:38 - 2009-05-20 14:18 - 00032532 ____A C:\Windows\SchedLgU.Txt
2013-05-15 00:38 - 2006-05-16 16:27 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-15 00:38 - 2006-05-05 06:14 - 01995707 ____A C:\Windows\WindowsUpdate.log
2013-05-15 00:29 - 2006-05-05 06:14 - 00983975 ____A C:\Windows\setupapi.log
2013-05-15 00:28 - 2011-04-24 23:13 - 00001100 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-15 00:28 - 2009-05-20 17:56 - 00000000 ____D C:\Windows\SMINST
2013-05-15 00:28 - 2009-05-20 14:26 - 00000000 ____D C:\Windows\Registration
2013-05-14 01:27 - 2013-05-14 01:23 - 00000000 ____D C:\Wiederhergestellte Dateien 13-05-13
2013-05-14 00:43 - 2011-04-24 23:13 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-13 00:54 - 2010-10-04 15:06 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-05-12 21:53 - 2013-05-12 21:53 - 00000000 ____D C:\Windows\CSC
2013-05-12 18:03 - 2012-10-15 21:34 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-12 01:06 - 2009-05-21 22:39 - 00013030 ____A C:\PDOXUSRS.NET
2013-05-12 01:06 - 2009-05-21 20:49 - 00000000 ____A C:\Windows\System32\Kein Protokoll
2013-05-12 00:06 - 2009-05-21 17:14 - 00000000 ____D C:\Firma Doll
2013-05-07 10:36 - 2009-05-20 14:26 - 00000000 ___RD C:\Programme
2013-05-04 20:17 - 2009-09-01 20:59 - 00000276 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2013-04-28 16:50 - 2011-03-09 23:35 - 00000000 ____D C:\Private Dokumente Hans
2013-04-25 23:24 - 2006-05-05 05:53 - 01103492 ____A C:\Windows\System32\PerfStringBackup.INI

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-08-04 09:57] - [2008-04-14 04:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e

C:\Windows\System32\winlogon.exe
[2004-08-04 09:58] - [2008-04-14 04:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a

C:\Windows\System32\svchost.exe
[2004-08-04 09:58] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366

C:\Windows\System32\services.exe
[2004-08-04 09:58] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc

C:\Windows\System32\User32.dll
[2004-08-04 09:57] - [2008-04-14 04:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd

C:\Windows\System32\userinit.exe
[2004-08-04 09:58] - [2008-04-14 04:23] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-04 09:44] - [2008-04-14 03:52] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d


==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-05-2013
Ran by Administrator at 2013-05-15 00:53:20 Run:
Running from F:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Installed Programs =======================

ACDSee Foto-Manager 12 (Version: 12.0.344)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader XI (11.0.02) - Deutsch (Version: 11.0.02)
Altiris Software Virtualization Agent (Version: 2.1.2096)
AMD Processor Driver (Version: 1.3.2.0053)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.15.15.0)
Ask Toolbar Updater (Version: 1.2.4.36191)
AVM FRITZ!DSL (Version: 2.04.02)
AVM FRITZ!fax für FRITZ!Box
Bonjour (Version: 3.0.0.10)
Canon Camera Access Library (Version: 8.4.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera WIA Driver (Version: 5.7)
Canon EOS 5D WIA-Treiber (Version: 5.7)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.5.0.3)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.1.6)
Canon RAW Image Task for ZoomBrowser EX (Version: 3.3.0.5)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Digital Photo Professional 3.4 (Version: 3.4.0.0)
Canon Utilities EOS Utility (Version: 2.4.0.1)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities Original Data Security Tools (Version: 1.4.0.1)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities Picture Style Editor (Version: 1.3.0.0)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities WFT-E1/E2/E3 Utility (Version: 3.2.1.1)
Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
Common Desktop Agent (Version: 1.53.0)
Dual-Core Optimizer (Version: 1.1.3.0161)
ElsterFormular (Version: 14.1.20130301)
ElsterFormular 2008/2009 (Version: 10.2.1.0)
G DATA AntiVirus (Version: 19.0.0.4)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
HandBrake 0.9.5 (Version: 0.9.5)
Handwerk
High Definition Audio - KB888111 (Version: 20040219.000000)
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB2443685) (Version: 1)
Hotfix für Windows XP (KB2570791) (Version: 1)
Hotfix für Windows XP (KB2633952) (Version: 1)
Hotfix für Windows XP (KB2756822) (Version: 1)
Hotfix für Windows XP (KB2779562) (Version: 1)
Hotfix für Windows XP (KB952117-v2) (Version: 2)
Hotfix für Windows XP (KB952287) (Version: 1)
Hotfix für Windows XP (KB961118) (Version: 1)
Hotfix für Windows XP (KB970653-v3) (Version: 3)
Hotfix für Windows XP (KB976098-v2) (Version: 2)
Hotfix für Windows XP (KB979306) (Version: 1)
Hotfix für Windows XP (KB981793) (Version: 1)
HP Backup and Recovery Manager (Version: 2.5C)
HP Help and Support (Version: 4.2.0010)
innoPlus bad (Version: 13.00.0100)
iTunes (Version: 11.0.2.26)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 2.0 Language Pack - DEU (Version: 1.1.50727.42)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft SQL Server Desktop Engine (Version: 8.00.760)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 20.0.1 (x86 de) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
Mozilla Thunderbird 17.0.5 (x86 de) (Version: 17.0.5)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Nero Suite
Nokia Connectivity Cable Driver (Version: 6.81.1.2)
Nokia Lifeblog 2.1 (Version: 2.1.131)
Nokia MTP driver (Version: 1.0.0)
Nokia N73 highlights (Version: 1.0.6)
Nokia Nseries Skin for Microsoft Windows Media Player (Version: 1.0.4)
Nokia PC Connectivity Solution (Version: 6.23.9.0)
Nokia PC Suite (Version: 6.81.13.0)
Nokia themes for your device (Version: 1.0.5)
NVIDIA Drivers
OpenOffice.org 3.4.1 (Version: 3.41.9593)
PDF Complete (Version: 3.5.22)
QLink
Ravensburger tiptoi
Realtek High Definition Audio Driver (Version: 5.10.0.5508)
Samsung Easy Printer Manager (Version: 1.01.16.02)
Samsung Network PC Fax (Version: 1.05.23.04)
Samsung New PC Studio (Version: 1.00.0000)
Samsung Printer Live Update
Samsung Scan Assistant (Version: 1.04.26.00)
Samsung SCX-472x Series
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0)
Sicherheitsupdate für Microsoft Windows (KB2564958)
Sicherheitsupdate für Windows Media Encoder (KB2447961)
Sicherheitsupdate für Windows Media Player (KB2378111)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player (KB975558)
Sicherheitsupdate für Windows Media Player (KB978695)
Sicherheitsupdate für Windows Media Player (KB979402)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows XP (KB2079403) (Version: 1)
Sicherheitsupdate für Windows XP (KB2115168) (Version: 1)
Sicherheitsupdate für Windows XP (KB2121546) (Version: 1)
Sicherheitsupdate für Windows XP (KB2229593) (Version: 1)
Sicherheitsupdate für Windows XP (KB2259922) (Version: 1)
Sicherheitsupdate für Windows XP (KB2296011) (Version: 1)
Sicherheitsupdate für Windows XP (KB2347290) (Version: 1)
Sicherheitsupdate für Windows XP (KB2360937) (Version: 1)
Sicherheitsupdate für Windows XP (KB2387149) (Version: 1)
Sicherheitsupdate für Windows XP (KB2393802) (Version: 1)
Sicherheitsupdate für Windows XP (KB2412687) (Version: 1)
Sicherheitsupdate für Windows XP (KB2419632) (Version: 1)
Sicherheitsupdate für Windows XP (KB2423089) (Version: 1)
Sicherheitsupdate für Windows XP (KB2440591) (Version: 1)
Sicherheitsupdate für Windows XP (KB2443105) (Version: 1)
Sicherheitsupdate für Windows XP (KB2476490) (Version: 1)
Sicherheitsupdate für Windows XP (KB2476687) (Version: 1)
Sicherheitsupdate für Windows XP (KB2478960) (Version: 1)
Sicherheitsupdate für Windows XP (KB2478971) (Version: 1)
Sicherheitsupdate für Windows XP (KB2479628) (Version: 1)
Sicherheitsupdate für Windows XP (KB2479943) (Version: 1)
Sicherheitsupdate für Windows XP (KB2481109) (Version: 1)
Sicherheitsupdate für Windows XP (KB2482017) (Version: 1)
Sicherheitsupdate für Windows XP (KB2483185) (Version: 1)
Sicherheitsupdate für Windows XP (KB2485376) (Version: 1)
Sicherheitsupdate für Windows XP (KB2485663) (Version: 1)
Sicherheitsupdate für Windows XP (KB2497640) (Version: 1)
Sicherheitsupdate für Windows XP (KB2503658) (Version: 1)
Sicherheitsupdate für Windows XP (KB2503665) (Version: 1)
Sicherheitsupdate für Windows XP (KB2506212) (Version: 1)
Sicherheitsupdate für Windows XP (KB2506223) (Version: 1)
Sicherheitsupdate für Windows XP (KB2507618) (Version: 1)
Sicherheitsupdate für Windows XP (KB2507938) (Version: 1)
Sicherheitsupdate für Windows XP (KB2508272) (Version: 1)
Sicherheitsupdate für Windows XP (KB2508429) (Version: 1)
Sicherheitsupdate für Windows XP (KB2509553) (Version: 1)
Sicherheitsupdate für Windows XP (KB2510581) (Version: 1)
Sicherheitsupdate für Windows XP (KB2511455) (Version: 1)
Sicherheitsupdate für Windows XP (KB2524375) (Version: 1)
Sicherheitsupdate für Windows XP (KB2530548) (Version: 1)
Sicherheitsupdate für Windows XP (KB2535512) (Version: 1)
Sicherheitsupdate für Windows XP (KB2536276) (Version: 1)
Sicherheitsupdate für Windows XP (KB2536276-v2) (Version: 2)
Sicherheitsupdate für Windows XP (KB2544521) (Version: 1)
Sicherheitsupdate für Windows XP (KB2544893) (Version: 1)
Sicherheitsupdate für Windows XP (KB2544893-v2) (Version: 2)
Sicherheitsupdate für Windows XP (KB2555917) (Version: 1)
Sicherheitsupdate für Windows XP (KB2559049) (Version: 1)
Sicherheitsupdate für Windows XP (KB2562937) (Version: 1)
Sicherheitsupdate für Windows XP (KB2566454) (Version: 1)
Sicherheitsupdate für Windows XP (KB2567053) (Version: 1)
Sicherheitsupdate für Windows XP (KB2567680) (Version: 1)
Sicherheitsupdate für Windows XP (KB2570222) (Version: 1)
Sicherheitsupdate für Windows XP (KB2570947) (Version: 1)
Sicherheitsupdate für Windows XP (KB2584146) (Version: 1)
Sicherheitsupdate für Windows XP (KB2585542) (Version: 1)
Sicherheitsupdate für Windows XP (KB2586448) (Version: 1)
Sicherheitsupdate für Windows XP (KB2592799) (Version: 1)
Sicherheitsupdate für Windows XP (KB2598479) (Version: 1)
Sicherheitsupdate für Windows XP (KB2603381) (Version: 1)
Sicherheitsupdate für Windows XP (KB2618444) (Version: 1)
Sicherheitsupdate für Windows XP (KB2618451) (Version: 1)
Sicherheitsupdate für Windows XP (KB2619339) (Version: 1)
Sicherheitsupdate für Windows XP (KB2620712) (Version: 1)
Sicherheitsupdate für Windows XP (KB2621440) (Version: 1)
Sicherheitsupdate für Windows XP (KB2624667) (Version: 1)
Sicherheitsupdate für Windows XP (KB2631813) (Version: 1)
Sicherheitsupdate für Windows XP (KB2633171) (Version: 1)
Sicherheitsupdate für Windows XP (KB2639417) (Version: 1)
Sicherheitsupdate für Windows XP (KB2641653) (Version: 1)
Sicherheitsupdate für Windows XP (KB2646524) (Version: 1)
Sicherheitsupdate für Windows XP (KB2647516) (Version: 1)
Sicherheitsupdate für Windows XP (KB2647518) (Version: 1)
Sicherheitsupdate für Windows XP (KB2653956) (Version: 1)
Sicherheitsupdate für Windows XP (KB2655992) (Version: 1)
Sicherheitsupdate für Windows XP (KB2659262) (Version: 1)
Sicherheitsupdate für Windows XP (KB2660465) (Version: 1)
Sicherheitsupdate für Windows XP (KB2661637) (Version: 1)
Sicherheitsupdate für Windows XP (KB2675157) (Version: 1)
Sicherheitsupdate für Windows XP (KB2676562) (Version: 1)
Sicherheitsupdate für Windows XP (KB2685939) (Version: 1)
Sicherheitsupdate für Windows XP (KB2686509) (Version: 1)
Sicherheitsupdate für Windows XP (KB2691442) (Version: 1)
Sicherheitsupdate für Windows XP (KB2695962) (Version: 1)
Sicherheitsupdate für Windows XP (KB2698365) (Version: 1)
Sicherheitsupdate für Windows XP (KB2699988) (Version: 1)
Sicherheitsupdate für Windows XP (KB2705219) (Version: 1)
Sicherheitsupdate für Windows XP (KB2707511) (Version: 1)
Sicherheitsupdate für Windows XP (KB2709162) (Version: 1)
Sicherheitsupdate für Windows XP (KB2712808) (Version: 1)
Sicherheitsupdate für Windows XP (KB2718523) (Version: 1)
Sicherheitsupdate für Windows XP (KB2719985) (Version: 1)
Sicherheitsupdate für Windows XP (KB2722913) (Version: 1)
Sicherheitsupdate für Windows XP (KB2723135) (Version: 1)
Sicherheitsupdate für Windows XP (KB2724197) (Version: 1)
Sicherheitsupdate für Windows XP (KB2727528) (Version: 1)
Sicherheitsupdate für Windows XP (KB2731847) (Version: 1)
Sicherheitsupdate für Windows XP (KB2744842) (Version: 1)
Sicherheitsupdate für Windows XP (KB2753842) (Version: 1)
Sicherheitsupdate für Windows XP (KB2753842-v2) (Version: 2)
Sicherheitsupdate für Windows XP (KB2757638) (Version: 1)
Sicherheitsupdate für Windows XP (KB2758857) (Version: 1)
Sicherheitsupdate für Windows XP (KB2761226) (Version: 1)
Sicherheitsupdate für Windows XP (KB2761465) (Version: 1)
Sicherheitsupdate für Windows XP (KB2770660) (Version: 1)
Sicherheitsupdate für Windows XP (KB2778344) (Version: 1)
Sicherheitsupdate für Windows XP (KB2779030) (Version: 1)
Sicherheitsupdate für Windows XP (KB2780091) (Version: 1)
Sicherheitsupdate für Windows XP (KB2792100) (Version: 1)
Sicherheitsupdate für Windows XP (KB2797052) (Version: 1)
Sicherheitsupdate für Windows XP (KB2799329) (Version: 1)
Sicherheitsupdate für Windows XP (KB2799494) (Version: 1)
Sicherheitsupdate für Windows XP (KB2802968) (Version: 1)
Sicherheitsupdate für Windows XP (KB2807986) (Version: 1)
Sicherheitsupdate für Windows XP (KB2808735) (Version: 1)
Sicherheitsupdate für Windows XP (KB2809289) (Version: 1)
Sicherheitsupdate für Windows XP (KB2813170) (Version: 1)
Sicherheitsupdate für Windows XP (KB2813345) (Version: 1)
Sicherheitsupdate für Windows XP (KB2817183) (Version: 1)
Sicherheitsupdate für Windows XP (KB2820917) (Version: 1)
Sicherheitsupdate für Windows XP (KB923561) (Version: 1)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB938464-v2) (Version: 2)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648) (Version: 1)
Sicherheitsupdate für Windows XP (KB950760) (Version: 1)
Sicherheitsupdate für Windows XP (KB950762) (Version: 1)
Sicherheitsupdate für Windows XP (KB950974) (Version: 1)
Sicherheitsupdate für Windows XP (KB951066) (Version: 1)
Sicherheitsupdate für Windows XP (KB951376-v2) (Version: 2)
Sicherheitsupdate für Windows XP (KB951748) (Version: 1)
Sicherheitsupdate für Windows XP (KB952004) (Version: 1)
Sicherheitsupdate für Windows XP (KB952954) (Version: 1)
Sicherheitsupdate für Windows XP (KB954600) (Version: 1)
Sicherheitsupdate für Windows XP (KB955069) (Version: 1)
Sicherheitsupdate für Windows XP (KB956572) (Version: 1)
Sicherheitsupdate für Windows XP (KB956744) (Version: 1)
Sicherheitsupdate für Windows XP (KB956802) (Version: 1)
Sicherheitsupdate für Windows XP (KB956803) (Version: 1)
Sicherheitsupdate für Windows XP (KB956844) (Version: 1)
Sicherheitsupdate für Windows XP (KB957097) (Version: 1)
Sicherheitsupdate für Windows XP (KB958644) (Version: 1)
Sicherheitsupdate für Windows XP (KB958687) (Version: 1)
Sicherheitsupdate für Windows XP (KB958690) (Version: 1)
Sicherheitsupdate für Windows XP (KB958869) (Version: 1)
Sicherheitsupdate für Windows XP (KB959426) (Version: 1)
Sicherheitsupdate für Windows XP (KB960225) (Version: 1)
Sicherheitsupdate für Windows XP (KB960715) (Version: 1)
Sicherheitsupdate für Windows XP (KB960803) (Version: 1)
Sicherheitsupdate für Windows XP (KB960859) (Version: 1)
Sicherheitsupdate für Windows XP (KB961371) (Version: 1)
Sicherheitsupdate für Windows XP (KB961373) (Version: 1)
Sicherheitsupdate für Windows XP (KB961501) (Version: 1)
Sicherheitsupdate für Windows XP (KB963027) (Version: 1)
Sicherheitsupdate für Windows XP (KB968537) (Version: 1)
Sicherheitsupdate für Windows XP (KB969059) (Version: 1)
Sicherheitsupdate für Windows XP (KB969897) (Version: 1)
Sicherheitsupdate für Windows XP (KB969898) (Version: 1)
Sicherheitsupdate für Windows XP (KB969947) (Version: 1)
Sicherheitsupdate für Windows XP (KB970238) (Version: 1)
Sicherheitsupdate für Windows XP (KB970430) (Version: 1)
Sicherheitsupdate für Windows XP (KB971468) (Version: 1)
Sicherheitsupdate für Windows XP (KB971486) (Version: 1)
Sicherheitsupdate für Windows XP (KB971557) (Version: 1)
Sicherheitsupdate für Windows XP (KB971633) (Version: 1)
Sicherheitsupdate für Windows XP (KB971657) (Version: 1)
Sicherheitsupdate für Windows XP (KB971961) (Version: 1)
Sicherheitsupdate für Windows XP (KB972260) (Version: 1)
Sicherheitsupdate für Windows XP (KB972270) (Version: 1)
Sicherheitsupdate für Windows XP (KB973346) (Version: 1)
Sicherheitsupdate für Windows XP (KB973354) (Version: 1)
Sicherheitsupdate für Windows XP (KB973507) (Version: 1)
Sicherheitsupdate für Windows XP (KB973525) (Version: 1)
Sicherheitsupdate für Windows XP (KB973869) (Version: 1)
Sicherheitsupdate für Windows XP (KB973904) (Version: 1)
Sicherheitsupdate für Windows XP (KB974112) (Version: 1)
Sicherheitsupdate für Windows XP (KB974318) (Version: 1)
Sicherheitsupdate für Windows XP (KB974392) (Version: 1)
Sicherheitsupdate für Windows XP (KB974455) (Version: 1)
Sicherheitsupdate für Windows XP (KB974571) (Version: 1)
Sicherheitsupdate für Windows XP (KB975025) (Version: 1)
Sicherheitsupdate für Windows XP (KB975467) (Version: 1)
Sicherheitsupdate für Windows XP (KB975560) (Version: 1)
Sicherheitsupdate für Windows XP (KB975561) (Version: 1)
Sicherheitsupdate für Windows XP (KB975562) (Version: 1)
Sicherheitsupdate für Windows XP (KB975713) (Version: 1)
Sicherheitsupdate für Windows XP (KB976325) (Version: 1)
Sicherheitsupdate für Windows XP (KB977165) (Version: 1)
Sicherheitsupdate für Windows XP (KB977816) (Version: 1)
Sicherheitsupdate für Windows XP (KB977914) (Version: 1)
Sicherheitsupdate für Windows XP (KB978037) (Version: 1)
Sicherheitsupdate für Windows XP (KB978251) (Version: 1)
Sicherheitsupdate für Windows XP (KB978262) (Version: 1)
Sicherheitsupdate für Windows XP (KB978338) (Version: 1)
Sicherheitsupdate für Windows XP (KB978542) (Version: 1)
Sicherheitsupdate für Windows XP (KB978601) (Version: 1)
Sicherheitsupdate für Windows XP (KB978706) (Version: 1)
Sicherheitsupdate für Windows XP (KB979309) (Version: 1)
Sicherheitsupdate für Windows XP (KB979482) (Version: 1)
Sicherheitsupdate für Windows XP (KB979559) (Version: 1)
Sicherheitsupdate für Windows XP (KB979683) (Version: 1)
Sicherheitsupdate für Windows XP (KB979687) (Version: 1)
Sicherheitsupdate für Windows XP (KB980195) (Version: 1)
Sicherheitsupdate für Windows XP (KB980218) (Version: 1)
Sicherheitsupdate für Windows XP (KB980232) (Version: 1)
Sicherheitsupdate für Windows XP (KB980436) (Version: 1)
Sicherheitsupdate für Windows XP (KB981322) (Version: 1)
Sicherheitsupdate für Windows XP (KB981349) (Version: 1)
Sicherheitsupdate für Windows XP (KB981997) (Version: 1)
Sicherheitsupdate für Windows XP (KB982132) (Version: 1)
Sicherheitsupdate für Windows XP (KB982214) (Version: 1)
Sicherheitsupdate für Windows XP (KB982381) (Version: 1)
Sicherheitsupdate für Windows XP (KB982665) (Version: 1)
Skype™ 4.0 (Version: 4.0.226)
SmartSound Quicktracks Plugin (Version: 3.0.0.26)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
sv.net (Version: 12.1)
Ulead VideoStudio 8.0 (Version: 8.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update für Windows XP (KB2141007) (Version: 1)
Update für Windows XP (KB2345886) (Version: 1)
Update für Windows XP (KB2541763) (Version: 1)
Update für Windows XP (KB2607712) (Version: 1)
Update für Windows XP (KB2616676) (Version: 1)
Update für Windows XP (KB2641690) (Version: 1)
Update für Windows XP (KB2661254-v2) (Version: 2)
Update für Windows XP (KB2718704) (Version: 1)
Update für Windows XP (KB2736233) (Version: 1)
Update für Windows XP (KB2749655) (Version: 1)
Update für Windows XP (KB951978) (Version: 1)
Update für Windows XP (KB955759) (Version: 1)
Update für Windows XP (KB955839) (Version: 1)
Update für Windows XP (KB967715) (Version: 1)
Update für Windows XP (KB968389) (Version: 1)
Update für Windows XP (KB971029) (Version: 1)
Update für Windows XP (KB971737) (Version: 1)
Update für Windows XP (KB973687) (Version: 1)
Update für Windows XP (KB973815) (Version: 1)
Update für Windows XP (KB976749) (Version: 1)
Update für Windows XP (KB978207) (Version: 1)
Update für Windows XP (KB980182) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Win-CASA 6
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) (Version: 06/12/2006 6.81.0.21)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031514)
YouTube Downloader 3.5

==================== Restore Points =========================

12-02-2013 09:16:08 Systemprüfpunkt
13-02-2013 17:00:46 Systemprüfpunkt
13-02-2013 23:32:11 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
13-02-2013 23:36:42 OpenOffice.org 3.1 wird entfernt
13-02-2013 23:39:23 OpenOffice.org 3.4.1 wird installiert
14-02-2013 00:28:34 Software Distribution Service 3.0
15-02-2013 07:36:23 Java 7 Update 9 wird entfernt
15-02-2013 07:37:00 Java 7 Update 13 wird installiert
17-02-2013 09:50:15 Systemprüfpunkt
18-02-2013 16:48:15 Systemprüfpunkt
20-02-2013 09:22:40 Systemprüfpunkt
20-02-2013 21:13:22 Java 7 Update 13 wird entfernt
20-02-2013 21:13:53 Java 7 Update 15 wird installiert
22-02-2013 09:05:00 Systemprüfpunkt
23-02-2013 19:54:48 Systemprüfpunkt
25-02-2013 16:04:57 Systemprüfpunkt
25-02-2013 23:29:13 Installiert Samsung New PC Studio
27-02-2013 09:40:41 Systemprüfpunkt
28-02-2013 09:55:26 Systemprüfpunkt
02-03-2013 07:42:04 Systemprüfpunkt
03-03-2013 08:37:46 Systemprüfpunkt
04-03-2013 09:35:40 Systemprüfpunkt
05-03-2013 10:33:32 Systemprüfpunkt
05-03-2013 22:19:21 Java 7 Update 15 wird entfernt
05-03-2013 22:19:53 Java 7 Update 17 wird installiert
07-03-2013 14:15:58 Systemprüfpunkt
07-03-2013 22:34:21 Java 7 Update 17 wird entfernt
07-03-2013 22:35:10 Java 7 Update 17 wird installiert
07-03-2013 22:45:36 JavaFX 2.1.1 wird entfernt
11-03-2013 14:17:14 Systemprüfpunkt
11-03-2013 22:26:05 Java 7 Update 17 wird entfernt
11-03-2013 22:36:21 Java(TM) 7 wird installiert
11-03-2013 22:39:53 Java(TM) 7 wird entfernt
13-03-2013 06:31:54 Systemprüfpunkt
13-03-2013 23:59:11 Software Distribution Service 3.0
14-03-2013 17:12:33 Software Distribution Service 3.0
14-03-2013 22:50:06 Java 7 Update 17 wird installiert
17-03-2013 16:35:15 Systemprüfpunkt
19-03-2013 09:01:36 Systemprüfpunkt
20-03-2013 09:40:26 Systemprüfpunkt
21-03-2013 16:09:37 Systemprüfpunkt
24-03-2013 07:45:05 Systemprüfpunkt
25-03-2013 14:38:59 Systemprüfpunkt
26-03-2013 16:12:27 Systemprüfpunkt
01-04-2013 11:05:13 Systemprüfpunkt
02-04-2013 15:21:55 Systemprüfpunkt
03-04-2013 23:07:03 Systemprüfpunkt
05-04-2013 06:58:38 Systemprüfpunkt
07-04-2013 15:54:49 Systemprüfpunkt
09-04-2013 06:51:43 Systemprüfpunkt
10-04-2013 08:52:52 Systemprüfpunkt
10-04-2013 22:29:50 Software Distribution Service 3.0
12-04-2013 15:55:09 Systemprüfpunkt
14-04-2013 08:05:34 Systemprüfpunkt
15-04-2013 21:53:24 Systemprüfpunkt
17-04-2013 08:16:12 Systemprüfpunkt
18-04-2013 12:43:23 Systemprüfpunkt
19-04-2013 15:53:41 Systemprüfpunkt
21-04-2013 08:26:07 Systemprüfpunkt
22-04-2013 12:15:21 Systemprüfpunkt
24-04-2013 08:33:53 Systemprüfpunkt
25-04-2013 17:57:35 Systemprüfpunkt
27-04-2013 15:12:38 Systemprüfpunkt
28-04-2013 16:51:07 Systemprüfpunkt
29-04-2013 17:07:16 Systemprüfpunkt
01-05-2013 09:06:21 Systemprüfpunkt
02-05-2013 16:10:24 Systemprüfpunkt
04-05-2013 16:06:12 Systemprüfpunkt
05-05-2013 17:24:29 Systemprüfpunkt
07-05-2013 09:12:05 Systemprüfpunkt
09-05-2013 09:54:40 Systemprüfpunkt
10-05-2013 18:33:50 Systemprüfpunkt
11-05-2013 22:52:47 Systemprüfpunkt

==================== Faulty Device Manager Devices =============

Name: Standardtastatur (101/102 Tasten) oder Microsoft Natural Keyboard (PS/2)
Description: Standardtastatur (101/102 Tasten) oder Microsoft Natural Keyboard (PS/2)
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2013 00:29:00 AM) (Source: MSSQLSERVER) (User: )
Description: 19012 :
SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433.

Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32812

Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32812

Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/15/2013 00:17:13 AM) (Source: MSSQLSERVER) (User: )
Description: 19012 :
SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433.

Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37578

Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37578

Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/15/2013 00:11:28 AM) (Source: MSSQLSERVER) (User: )
Description: 19012 :
SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433.

Error: (05/15/2013 00:06:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31891


System errors:
=============
Error: (05/15/2013 00:51:06 AM) (Source: DCOM) (User: COMPUTERHANS)
Description: Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD
AmdK8
Fips
i8042prt
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
WS2IFSL

Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31

Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31

Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31

Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31

Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31

Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31

Error: (05/15/2013 00:49:11 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/15/2013 00:38:15 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Systemereignisbenachrichtigung" wurde mit folgendem Fehler beendet:
%%126


Microsoft Office Sessions:
=========================
Error: (05/15/2013 00:29:00 AM) (Source: MSSQLSERVER)(User: )
Description: 19012SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433.

Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32812

Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32812

Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/15/2013 00:17:13 AM) (Source: MSSQLSERVER)(User: )
Description: 19012SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433.

Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37578

Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37578

Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/15/2013 00:11:28 AM) (Source: MSSQLSERVER)(User: )
Description: 19012SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433.

Error: (05/15/2013 00:06:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31891


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 1918.42 MB
Available physical RAM: 1667.48 MB
Total Pagefile: 3815.59 MB
Available Pagefile: 3753.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:137.04 GB) (Free:1.92 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12 GB) (Free:1.64 GB) NTFS
Drive f: () (Removable) (Total:3.71 GB) (Free:3.71 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 2DAF2DAF)
Partition 1: (Active) - (Size=137 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 6606B857)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

Alt 15.05.2013, 00:29   #2
markusg
/// Malware-holic
 
Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner - Standard

Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner



hi,
im abges. Modus noch folgenes:

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 15.05.2013, 01:31   #3
hansdoll
 
Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner - Standard

Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner



Hallo markusg,

hier die otl.txt und extra.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.05.2013 02:17:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = f:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 84,65% Memory free
3,73 Gb Paging File | 3,64 Gb Available in Paging File | 97,82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 4,51 Gb Free Space | 3,29% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
Drive F: | 3,71 Gb Total Space | 3,71 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
 
Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.15 01:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- f:\OTL.exe
PRC - [2008.04.14 04:22:38 | 000,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\wi3232exe.dat -- (SENS)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013.04.13 10:20:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.15 00:50:23 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.03.13 10:03:30 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.06.20 09:19:11 | 000,175,104 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.10.29 09:03:16 | 001,089,608 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2008.09.08 09:46:56 | 001,185,496 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2008.08.19 16:20:50 | 000,386,120 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2008.04.07 07:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Programme\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006.06.05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.07.02 09:36:54 | 000,516,096 | ---- | M] (Sage KHK Software) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe -- (LiveUpdateInstaller)
SRV - [2002.12.17 16:55:12 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2002.12.17 16:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2011.04.05 13:31:50 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.05.27 07:29:56 | 000,068,424 | ---- | M] (G DATA Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2009.05.21 20:36:48 | 000,051,016 | ---- | M] (G DATA Software AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2009.05.21 12:43:53 | 000,048,712 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2009.05.21 12:43:47 | 000,032,328 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2008.07.11 14:44:00 | 000,191,872 | ---- | M] (Altiris, Inc.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
DRV - [2007.11.06 19:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.07.30 14:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.07.30 14:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.05.04 14:40:22 | 000,215,040 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.05.29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006.05.29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2004.08.17 05:44:22 | 000,091,263 | R--- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004.08.04 01:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004.08.04 01:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004.08.04 01:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004.08.04 01:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004.08.04 01:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004.08.04 01:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004.08.04 01:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004.08.04 01:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004.08.04 01:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004.08.04 01:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004.08.04 01:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004.08.04 01:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004.08.04 01:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004.08.04 01:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004.08.04 01:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002.04.04 07:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=51D33A1B-5494-4753-BB99-A16A296559A6&apn_sauid=EAABA731-5486-4EA9-BE11-A5DC56130D49
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.13 10:20:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.16 08:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.04.03 11:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.21 23:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default\extensions
[2013.04.26 07:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions
[2013.04.26 07:06:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\support@lastpass.com
[2013.02.20 23:33:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\toolbar@ask.com
[2012.02.17 22:21:04 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.04.13 10:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.13 10:20:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.04.13 10:20:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.17 09:55:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 20:16:49 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.17 09:55:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 09:55:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 09:55:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 09:55:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.28 09:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (Vimicro)
O4 - HKLM..\Run: [CDAServer] C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe ()
O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe (G DATA Software AG)
O4 - HKLM..\Run: [innoplus_update] C:\Programme\innoPlus\innoplus_bad\bin\dataupdate.exe (INNOVA-engineering GmbH Dresden)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKLM..\RunOnce: [(4) HWRestore] C:\Sage\KHK\Handwerk\HWRESTORE.EXE (Sage KHK Software GmbH&Co.KG)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\WINDOWS\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\QLINK.lnk = C:\program files\Lexmark Applications\QLink\QLINK.EXE (Lexmark)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\\sarah.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EFD5704-5D07-4B54-8B2A-420BB016F3DE}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ NTFS ]
O32 - AutoRun File - [2004.04.30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{1ba73a2b-60fb-11df-bb73-002264278107}\Shell - "" = AutoRun
O33 - MountPoints2\{1ba73a2b-60fb-11df-bb73-002264278107}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1ba73a2b-60fb-11df-bb73-002264278107}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SENS - C:\DOKUME~1\ALLUSE~1\ANWEND~1\wi3232exe.dat File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.15 00:52:43 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.14 01:23:25 | 000,000,000 | ---D | C] -- C:\Wiederhergestellte Dateien 13-05-13
[2013.05.12 21:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013.05.04 20:32:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2013.05.04 20:31:25 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.04.16 08:46:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsiw.exe
[2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsia.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.15 02:05:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.15 02:05:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.15 02:01:23 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.ini
[2013.05.15 01:58:59 | 000,002,165 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk
[2013.05.15 01:58:56 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.15 00:38:01 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013.05.14 00:43:14 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.13 00:54:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.05.12 18:03:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.12 01:06:24 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2013.05.12 01:06:24 | 000,008,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB
[2013.05.12 01:06:24 | 000,006,144 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB
[2013.05.12 01:06:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Kein Protokoll
[2013.05.04 20:32:03 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.05.04 20:17:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.04.25 23:24:42 | 000,471,880 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.25 23:24:42 | 000,451,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.25 23:24:42 | 000,090,282 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.25 23:24:42 | 000,075,142 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.16 08:46:19 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.12 01:01:40 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.ini
[2013.05.12 00:08:10 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB
[2013.05.12 00:07:51 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB
[2013.05.04 20:32:03 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.04.16 08:46:19 | 000,002,347 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk
[2013.04.16 08:46:19 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[2013.02.26 01:31:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2013.02.26 01:31:44 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2013.02.26 01:31:35 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc
[2012.10.15 21:25:03 | 000,124,792 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2012.10.15 21:24:54 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2012.10.15 21:24:54 | 000,145,408 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2012.10.15 21:23:25 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\ssa3mlm.dll
[2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- C:\Programme\readme.html
[2012.07.27 22:24:16 | 000,006,854 | RHS- | C] () -- C:\WINDOWS\innova3.ini
[2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Programme\basis-link
[2012.02.14 21:02:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.20 01:07:43 | 000,028,624 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.12.19 10:53:34 | 076,004,920 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\exe2323iw.dat
[2011.10.13 00:51:40 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.12.31 15:27:24 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
[2009.05.20 22:57:46 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak
[2009.05.20 22:57:46 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak
[2009.05.20 22:57:46 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak
[2009.05.20 14:19:12 | 000,110,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat
[2009.05.20 05:36:08 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.04.27 12:04:28 | 000,451,928 | ---- | C] () -- C:\Programme\setup.exe
[2009.04.27 12:04:04 | 140,387,075 | ---- | C] () -- C:\Programme\openofficeorg1.cab
[2009.04.27 12:03:46 | 009,818,624 | ---- | C] () -- C:\Programme\openofficeorg31.msi
[2009.04.27 06:43:50 | 000,000,336 | ---- | C] () -- C:\Programme\setup.ini
 
========== ZeroAccess Check ==========
 
[2009.05.20 05:35:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013.02.21 21:06:28 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.05.21 18:23:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\1&1
[2011.02.12 21:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ACD Systems
[2010.05.01 23:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon
[2009.08.08 13:25:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Datalayer
[2013.03.11 01:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\elsterformular
[2010.09.15 23:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ!
[2010.09.15 22:59:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ!fax für FRITZ!Box
[2011.12.18 02:22:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HandBrake
[2012.07.27 22:23:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\innoplus
[2009.08.23 11:28:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech
[2009.08.02 19:38:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia
[2009.08.02 20:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia Multimedia Player
[2009.05.21 18:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2012.06.14 00:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle
[2009.08.02 19:02:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite
[2012.04.07 15:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RavensburgerTipToi
[2009.05.21 03:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView
[2013.02.26 01:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Samsung
[2012.08.21 09:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer
[2010.10.16 13:01:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird
[2011.05.08 21:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ulead Systems
[2012.03.16 12:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\YouTube Downloader
[2013.05.04 20:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011.02.12 21:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2012.11.21 23:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2009.08.02 18:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2010.11.10 23:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Mender
[2013.03.11 01:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2010.01.20 14:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2012.07.27 22:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\innoplus
[2010.09.15 22:59:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch
[2009.08.02 19:02:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012.02.25 11:42:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2013.02.26 01:31:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2011.05.08 20:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2011.05.08 21:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2012.03.05 17:29:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader
[2011.12.18 01:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.01 21:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.05.21 20:43:40 | 000,000,000 | ---D | M] -- C:\70SP4
[2012.05.11 03:01:16 | 000,000,000 | ---D | M] -- C:\9f7803ddae81aabb78e04f476cd8feaa
[2009.07.12 11:35:58 | 000,000,000 | ---D | M] -- C:\Banking
[2009.05.20 05:44:07 | 000,000,000 | ---D | M] -- C:\Compaq
[2013.05.04 20:32:50 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.05.20 14:26:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.04.08 21:16:51 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.08.14 23:19:30 | 000,000,000 | ---D | M] -- C:\e322ecf43298eabf7fb898a4
[2011.01.11 00:05:18 | 000,000,000 | ---D | M] -- C:\Endisch Dokumente
[2012.01.22 19:48:42 | 000,000,000 | ---D | M] -- C:\FBBM
[2013.05.12 00:06:46 | 000,000,000 | ---D | M] -- C:\Firma Doll
[2009.05.21 19:58:28 | 000,000,000 | ---D | M] -- C:\Fotos
[2013.05.15 00:52:43 | 000,000,000 | ---D | M] -- C:\FRST
[2009.05.20 05:44:14 | 000,000,000 | -H-D | M] -- C:\fslrdr
[2009.05.20 05:44:42 | 000,000,000 | -H-D | M] -- C:\hp
[2011.11.04 20:36:41 | 000,000,000 | ---D | M] -- C:\Häuser
[2009.05.20 14:26:48 | 000,000,000 | ---D | M] -- C:\i386
[2010.11.10 23:38:43 | 000,000,000 | ---D | M] -- C:\lexmark
[2013.04.28 16:50:21 | 000,000,000 | ---D | M] -- C:\Private Dokumente Hans
[2010.11.10 23:39:53 | 000,000,000 | ---D | M] -- C:\program files
[2013.05.07 10:36:34 | 000,000,000 | R--D | M] -- C:\Programme
[2012.06.27 21:55:42 | 000,000,000 | ---D | M] -- C:\QLINK
[2011.10.13 00:51:39 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin
[2009.05.21 19:52:42 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2009.05.21 20:24:36 | 000,000,000 | ---D | M] -- C:\Sage
[2012.02.06 00:56:05 | 000,000,000 | ---D | M] -- C:\spoolerlogs
[2009.05.20 17:53:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.05.20 17:53:18 | 000,000,000 | -H-D | M] -- C:\system.sav
[2012.01.05 02:05:57 | 000,000,000 | ---D | M] -- C:\temp
[2013.05.14 01:27:40 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 13-05-13
[2009.05.21 19:57:33 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 21-05-09
[2013.05.15 00:53:20 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2002.03.11 10:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsia.exe
[2002.03.11 11:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsiw.exe
[2009.04.27 12:04:28 | 000,451,928 | ---- | M] () -- C:\Programme\setup.exe
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2008.04.14 04:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp
[2008.04.14 04:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2008.04.14 04:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp
[2008.04.14 04:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2008.04.14 04:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2008.04.14 04:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008.04.14 04:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2006.05.16 16:27:22 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2006.05.16 16:27:22 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2009.09.01 20:59:29 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2011.04.24 23:13:05 | 000,001,100 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2011.04.24 23:13:05 | 000,001,104 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012.10.15 21:34:52 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.02.20 23:33:49 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
< MD5 for: AGP440.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: AHCIX86.SYS  >
[2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\ahcix86.sys
[2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\WINDOWS\DRIVERS\STORAGE\ahcix86.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 09:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 09:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 09:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVGTS.SYS  >
[2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\nvgts.sys
[2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\WINDOWS\DRIVERS\STORAGE\nvgts.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 09:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 09:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 09:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 09:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.17 22:56:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.05.05 07:27:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.05.05 07:27:28 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.05.05 07:27:28 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2013.05.15 02:02:05 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2013.05.15 02:15:34 | 000,196,608 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG
[2013.05.15 01:57:53 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.03.02 03:57:39 | 001,867,392 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.05.2013 02:17:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = f:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 84,65% Memory free
3,73 Gb Paging File | 3,64 Gb Available in Paging File | 97,82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 4,51 Gb Free Space | 3,29% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
Drive F: | 3,71 Gb Total Space | 3,71 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
 
Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Programme\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler  -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen -- (Microsoft Corporation)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
"C:\Programme\FRITZ!\igd_finder.exe" = C:\Programme\FRITZ!\igd_finder.exe:LocalSubNet:Enabled:AVM FRITZ!fax for FRITZ!Box - igd_finder.exe -- ()
"C:\Programme\FRITZ!\FriFax32.exe" = C:\Programme\FRITZ!\FriFax32.exe:*:Enabled:FRITZ!fax -- (AVM Berlin)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe" = C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe:*:Enabled:Samsung Scanner Discovery Module V2 -- ()
"C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe" = C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe:*:Enabled:CDA Server -- ()
"C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe" = C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe:*:Enabled:Easy Printer Manager -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe" = C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe:*:Enabled:EPM Order Supplies -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe" = C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe:*:Enabled:EPM Alert -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe" = C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe:*:Enabled:CDA Scan2PC -- ()
"C:\Programme\Scan Assistant\USDAgent.exe" = C:\Programme\Scan Assistant\USDAgent.exe:*:Enabled:Samsung Scan Assistant - USDAgent.exe -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe:LocalSubNet:Enabled:Samsung Network PC Fax Monitor -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1EA84402-CD4F-4F19-AFED-C5C228259873}" = G DATA AntiVirus
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D0C290B-B527-11D3-8B9B-006097833640}" = Handwerk
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{880A0DCF-E8C2-11D9-AAFD-0050BA1ACA6F}" = QLink
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F018BFDC-1ED3-4399-9009-4E1604BF2510}" = innoPlus bad
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem  (06/12/2006 6.81.0.21)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.4
"ElsterFormular" = ElsterFormular
"EOS Utility" = Canon Utilities EOS Utility
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"HandBrake" = HandBrake 0.9.5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA-Treiber
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PDF Complete" = PDF Complete
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Ravensburger tiptoi" = Ravensburger tiptoi
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung Network PC Fax" = Samsung Network PC Fax
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Scan Assistant" = Samsung Scan Assistant
"Samsung SCX-472x Series" = Samsung SCX-472x Series
"sv.net" = sv.net
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WIC" = Windows Imaging Component
"Win-CASA 6" = Win-CASA 6
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.05.2013 18:12:29 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 37578
 
Error - 14.05.2013 18:17:13 | Computer Name = COMPUTERHANS | Source = MSSQLSERVER | ID = 17055
Description = 19012 :  SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
 1433.  
 
Error - 14.05.2013 18:18:20 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.05.2013 18:18:20 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32812
 
Error - 14.05.2013 18:18:20 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32812
 
Error - 14.05.2013 18:29:00 | Computer Name = COMPUTERHANS | Source = MSSQLSERVER | ID = 17055
Description = 19012 :  SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
 1433.  
 
Error - 14.05.2013 19:59:05 | Computer Name = COMPUTERHANS | Source = MSSQLSERVER | ID = 17055
Description = 19012 :  SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
 1433.  
 
Error - 14.05.2013 20:00:04 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.05.2013 20:00:04 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15797
 
Error - 14.05.2013 20:00:04 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15797
 
[ System Events ]
Error - 14.05.2013 20:01:25 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemereignisbenachrichtigung" wurde mit folgendem Fehler
 beendet:   %%126
 
Error - 14.05.2013 20:05:51 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  AmdK8  Fips  i8042prt  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  Tcpip  WS2IFSL
 
Error - 14.05.2013 20:15:27 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
 
< End of report >
         
--- --- ---
__________________

Alt 15.05.2013, 13:52   #4
markusg
/// Malware-holic
 
Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner - Standard

Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat
()
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

Frage, ist das n Firem PC?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.05.2013, 22:00   #5
hansdoll
 
Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner - Standard

Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner



`n Abend Markus,

hier die Datei aus dem OTL-Fix:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 444357518 bytes
->Temporary Internet Files folder emptied: 206361694 bytes
->Java cache emptied: 8004841 bytes
->FireFox cache emptied: 420304006 bytes
->Flash cache emptied: 175846 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 353254 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 144068 bytes
%systemroot%\System32 .tmp files removed: 5537543 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 144534677 bytes
RecycleBin emptied: 136506422 bytes

Total Files Cleaned = 1.303,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05152013_224746

Viele Grüsse

Hans

Hi Markus,

der upload hat geklappt.

Mein PC ist ein privater, auf dem ich als selbstständiger Handwerker auch einige
Firmendaten habe.

Hans


Alt 15.05.2013, 22:48   #6
markusg
/// Malware-holic
 
Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner - Standard

Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner



ok, da ich was von ihk gesehen hab als Programm.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner

Alt 16.05.2013, 22:54   #7
hansdoll
 
Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner - Standard

Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner



Hallo Markusg,

sorry, dass ich gestern weg war.
Der Trojaner war verschwunden, meine Internetverbindung leider auch.
Jetzt bin ich wieder online.
Ich poste Dir noch die Killer-Datei. Ich nehme an, das ist um zu schauen, ob der Rechner sauber ist ?
Auf jeden Fall bin ich unendlich dankbar für die Hilfe.
Wie kann ich mich erkenntlich zeigen? Flasche Rotwein an Dich, Spende an das Board oder beides ?

00:03:36.0296 1628 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:03:36.0328 1628 ============================================================
00:03:36.0328 1628 Current date / time: 2013/05/16 00:03:36.0328
00:03:36.0328 1628 SystemInfo:
00:03:36.0328 1628
00:03:36.0328 1628 OS Version: 5.1.2600 ServicePack: 3.0
00:03:36.0328 1628 Product type: Workstation
00:03:36.0328 1628 ComputerName: COMPUTERHANS
00:03:36.0328 1628 UserName: Administrator
00:03:36.0328 1628 Windows directory: C:\WINDOWS
00:03:36.0328 1628 System windows directory: C:\WINDOWS
00:03:36.0328 1628 Processor architecture: Intel x86
00:03:36.0328 1628 Number of processors: 2
00:03:36.0328 1628 Page size: 0x1000
00:03:36.0328 1628 Boot type: Safe boot
00:03:36.0328 1628 ============================================================
00:03:38.0703 1628 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:03:38.0703 1628 Drive \Device\Harddisk1\DR3 - Size: 0xEE200000 (3.72 Gb), SectorSize: 0x200, Cylinders: 0x1E5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:03:38.0703 1628 ============================================================
00:03:38.0703 1628 \Device\Harddisk0\DR0:
00:03:38.0703 1628 MBR partitions:
00:03:38.0703 1628 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11212C62
00:03:38.0703 1628 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11212CA1, BlocksNum 0x1801F5F
00:03:38.0703 1628 \Device\Harddisk1\DR3:
00:03:38.0718 1628 MBR partitions:
00:03:38.0718 1628 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xB, StartLBA 0x368, BlocksNum 0x770C98
00:03:38.0718 1628 ============================================================
00:03:38.0781 1628 C: <-> \Device\Harddisk0\DR0\Partition1
00:03:38.0828 1628 D: <-> \Device\Harddisk0\DR0\Partition2
00:03:38.0859 1628 ============================================================
00:03:38.0859 1628 Initialize success
00:03:38.0859 1628 ============================================================
00:04:32.0375 1652 ============================================================
00:04:32.0375 1652 Scan started
00:04:32.0375 1652 Mode: Manual; SigCheck; TDLFS;
00:04:32.0375 1652 ============================================================
00:04:33.0328 1652 ================ Scan system memory ========================
00:04:33.0328 1652 System memory - ok
00:04:33.0328 1652 ================ Scan services =============================
00:04:33.0640 1652 Abiosdsk - ok
00:04:33.0640 1652 abp480n5 - ok
00:04:33.0687 1652 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
00:04:35.0906 1652 ac97intc - ok
00:04:35.0984 1652 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:04:36.0109 1652 ACPI - ok
00:04:36.0156 1652 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
00:04:36.0250 1652 ACPIEC - ok
00:04:36.0390 1652 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:04:36.0437 1652 AdobeFlashPlayerUpdateSvc - ok
00:04:36.0453 1652 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:04:36.0562 1652 adpu160m - ok
00:04:36.0578 1652 [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
00:04:36.0609 1652 adpu320 ( UnsignedFile.Multi.Generic ) - warning
00:04:36.0609 1652 adpu320 - detected UnsignedFile.Multi.Generic (1)
00:04:36.0625 1652 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
00:04:36.0750 1652 aec - ok
00:04:36.0812 1652 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:04:36.0875 1652 AFD - ok
00:04:36.0890 1652 Aha154x - ok
00:04:36.0921 1652 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:04:37.0046 1652 aic78u2 - ok
00:04:37.0062 1652 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:04:37.0156 1652 aic78xx - ok
00:04:37.0203 1652 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
00:04:37.0328 1652 Alerter - ok
00:04:37.0343 1652 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
00:04:37.0437 1652 ALG - ok
00:04:37.0437 1652 AliIde - ok
00:04:37.0531 1652 [ 58BE3C2F1AA041EA56F7305A6463035C ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
00:04:37.0578 1652 AmdK8 - ok
00:04:37.0625 1652 [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
00:04:37.0656 1652 AmdLLD - ok
00:04:37.0656 1652 amsint - ok
00:04:37.0859 1652 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:04:37.0875 1652 Apple Mobile Device - ok
00:04:37.0937 1652 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
00:04:38.0062 1652 AppMgmt - ok
00:04:38.0125 1652 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:04:38.0218 1652 Arp1394 - ok
00:04:38.0218 1652 asc - ok
00:04:38.0234 1652 asc3350p - ok
00:04:38.0234 1652 asc3550 - ok
00:04:38.0406 1652 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:04:38.0421 1652 aspnet_state - ok
00:04:38.0437 1652 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:04:38.0500 1652 AsyncMac - ok
00:04:38.0546 1652 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:04:38.0640 1652 atapi - ok
00:04:38.0640 1652 Atdisk - ok
00:04:38.0687 1652 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:04:38.0796 1652 Atmarpc - ok
00:04:38.0843 1652 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:04:38.0937 1652 AudioSrv - ok
00:04:39.0000 1652 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:04:39.0093 1652 audstub - ok
00:04:39.0328 1652 [ 4ED37A7F41891769AEB88C2408B3016F ] AVKProxy C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
00:04:39.0562 1652 AVKProxy - ok
00:04:39.0734 1652 [ 909270C00354439BCC649A92C25D8B3F ] AVKService C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe
00:04:39.0812 1652 AVKService - ok
00:04:39.0984 1652 [ 690468933B8D00B66EF5DB73150F96EA ] AVKWCtl C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe
00:04:40.0640 1652 AVKWCtl - ok
00:04:40.0703 1652 [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject C:\WINDOWS\system32\drivers\avmeject.sys
00:04:40.0734 1652 avmeject ( UnsignedFile.Multi.Generic ) - warning
00:04:40.0734 1652 avmeject - detected UnsignedFile.Multi.Generic (1)
00:04:40.0796 1652 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:04:40.0906 1652 Beep - ok
00:04:40.0953 1652 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
00:04:41.0109 1652 BITS - ok
00:04:41.0234 1652 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
00:04:41.0312 1652 Bonjour Service - ok
00:04:41.0359 1652 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
00:04:41.0390 1652 Browser - ok
00:04:41.0421 1652 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:04:41.0546 1652 cbidf2k - ok
00:04:41.0656 1652 [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8 C:\Programme\Canon\CAL\CALMAIN.exe
00:04:41.0671 1652 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
00:04:41.0671 1652 CCALib8 - detected UnsignedFile.Multi.Generic (1)
00:04:41.0703 1652 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:04:41.0796 1652 CCDECODE - ok
00:04:41.0796 1652 cd20xrnt - ok
00:04:41.0843 1652 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:04:41.0953 1652 Cdaudio - ok
00:04:41.0968 1652 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:04:42.0062 1652 Cdfs - ok
00:04:42.0125 1652 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:04:42.0218 1652 Cdrom - ok
00:04:42.0218 1652 Changer - ok
00:04:42.0265 1652 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
00:04:42.0343 1652 CiSvc - ok
00:04:42.0375 1652 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
00:04:42.0484 1652 ClipSrv - ok
00:04:42.0515 1652 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:04:42.0531 1652 clr_optimization_v2.0.50727_32 - ok
00:04:42.0531 1652 CmdIde - ok
00:04:42.0546 1652 COMSysApp - ok
00:04:42.0562 1652 Cpqarray - ok
00:04:42.0734 1652 cpuz132 - ok
00:04:42.0765 1652 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:04:42.0859 1652 CryptSvc - ok
00:04:42.0859 1652 dac2w2k - ok
00:04:42.0875 1652 dac960nt - ok
00:04:42.0953 1652 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:04:43.0109 1652 DcomLaunch - ok
00:04:43.0171 1652 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:04:43.0265 1652 Dhcp - ok
00:04:43.0296 1652 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:04:43.0375 1652 Disk - ok
00:04:43.0375 1652 dmadmin - ok
00:04:43.0515 1652 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:04:43.0781 1652 dmboot - ok
00:04:43.0796 1652 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
00:04:43.0921 1652 dmio - ok
00:04:43.0953 1652 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:04:44.0078 1652 dmload - ok
00:04:44.0125 1652 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
00:04:44.0203 1652 dmserver - ok
00:04:44.0218 1652 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:04:44.0312 1652 DMusic - ok
00:04:44.0375 1652 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:04:44.0468 1652 Dnscache - ok
00:04:44.0546 1652 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
00:04:44.0640 1652 Dot3svc - ok
00:04:44.0656 1652 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:04:44.0781 1652 dpti2o - ok
00:04:44.0843 1652 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:04:44.0906 1652 drmkaud - ok
00:04:44.0968 1652 [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:04:45.0109 1652 E100B - ok
00:04:45.0156 1652 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
00:04:45.0250 1652 EapHost - ok
00:04:45.0281 1652 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
00:04:45.0359 1652 ERSvc - ok
00:04:45.0437 1652 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
00:04:45.0484 1652 Eventlog - ok
00:04:45.0562 1652 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
00:04:45.0625 1652 EventSystem - ok
00:04:45.0656 1652 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:04:45.0796 1652 Fastfat - ok
00:04:45.0843 1652 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:04:45.0906 1652 FastUserSwitchingCompatibility - ok
00:04:45.0921 1652 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
00:04:46.0000 1652 Fdc - ok
00:04:46.0046 1652 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:04:46.0125 1652 Fips - ok
00:04:46.0171 1652 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:04:46.0265 1652 Flpydisk - ok
00:04:46.0343 1652 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
00:04:46.0437 1652 FltMgr - ok
00:04:46.0500 1652 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:04:46.0515 1652 FontCache3.0.0.0 - ok
00:04:46.0593 1652 [ 037B3AB349BE884BB8CB9C5356E34717 ] FSLX C:\WINDOWS\system32\drivers\fslx.sys
00:04:46.0625 1652 FSLX ( UnsignedFile.Multi.Generic ) - warning
00:04:46.0625 1652 FSLX - detected UnsignedFile.Multi.Generic (1)
00:04:46.0703 1652 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
00:04:46.0718 1652 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
00:04:46.0718 1652 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
00:04:46.0812 1652 [ 96633419F4A1E37ACB89B45EBCCFE001 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
00:04:46.0843 1652 FsUsbExService - ok
00:04:46.0890 1652 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:04:46.0968 1652 Fs_Rec - ok
00:04:47.0000 1652 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:04:47.0109 1652 Ftdisk - ok
00:04:47.0171 1652 [ FF12FA487265DA2AC7DE4BE53F72FF1A ] FWLANUSB C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
00:04:47.0265 1652 FWLANUSB - ok
00:04:47.0328 1652 [ 9A58148406E1BB4A2265B84320DEDC2B ] GDMnIcpt C:\WINDOWS\system32\drivers\MiniIcpt.sys
00:04:47.0375 1652 GDMnIcpt - ok
00:04:47.0453 1652 [ E6D8269EE03119FA4C54B7B59D9699BF ] GDTdiInterceptor C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
00:04:47.0484 1652 GDTdiInterceptor - ok
00:04:47.0531 1652 [ 185ADA973B5020655CEE342059A86CBB ] GearAspiWDM C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
00:04:47.0531 1652 GearAspiWDM - ok
00:04:47.0578 1652 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:04:47.0687 1652 Gpc - ok
00:04:47.0765 1652 [ AAEA50A15F0E0B0E92848DBFDC072ECE ] GRD C:\WINDOWS\system32\drivers\GRD.sys
00:04:47.0796 1652 GRD - ok
00:04:47.0937 1652 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
00:04:47.0968 1652 gupdate - ok
00:04:47.0984 1652 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
00:04:48.0000 1652 gupdatem - ok
00:04:48.0046 1652 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:04:48.0140 1652 HDAudBus - ok
00:04:48.0234 1652 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:04:48.0328 1652 helpsvc - ok
00:04:48.0328 1652 HidServ - ok
00:04:48.0375 1652 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:04:48.0468 1652 HidUsb - ok
00:04:48.0531 1652 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
00:04:48.0609 1652 hkmsvc - ok
00:04:48.0640 1652 [ 33EF584AA0B583D2F106D62FD3A5A053 ] HookCentre C:\WINDOWS\system32\drivers\HookCentre.sys
00:04:48.0671 1652 HookCentre - ok
00:04:48.0671 1652 hpn - ok
00:04:48.0750 1652 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:04:48.0859 1652 HTTP - ok
00:04:48.0937 1652 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
00:04:49.0031 1652 HTTPFilter - ok
00:04:49.0031 1652 i2omgmt - ok
00:04:49.0046 1652 i2omp - ok
00:04:49.0078 1652 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:04:49.0171 1652 i8042prt - ok
00:04:49.0218 1652 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
00:04:49.0328 1652 i81x - ok
00:04:49.0359 1652 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
00:04:49.0453 1652 iAimFP0 - ok
00:04:49.0484 1652 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
00:04:49.0546 1652 iAimFP1 - ok
00:04:49.0562 1652 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
00:04:49.0640 1652 iAimFP2 - ok
00:04:49.0671 1652 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
00:04:49.0750 1652 iAimFP3 - ok
00:04:49.0765 1652 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
00:04:49.0828 1652 iAimFP4 - ok
00:04:49.0828 1652 [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5 C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
00:04:49.0890 1652 iAimFP5 - ok
00:04:49.0921 1652 [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6 C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
00:04:50.0000 1652 iAimFP6 - ok
00:04:50.0000 1652 [ 7BB3AA595E4507A788DE1CDC63F4C8C4 ] iAimFP7 C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
00:04:50.0093 1652 iAimFP7 - ok
00:04:50.0125 1652 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
00:04:50.0218 1652 iAimTV0 - ok
00:04:50.0218 1652 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
00:04:50.0296 1652 iAimTV1 - ok
00:04:50.0328 1652 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
00:04:50.0390 1652 iAimTV3 - ok
00:04:50.0406 1652 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
00:04:50.0468 1652 iAimTV4 - ok
00:04:50.0484 1652 [ 791CC45DE6E50445BE72E8AD6401FF45 ] iAimTV5 C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
00:04:50.0578 1652 iAimTV5 - ok
00:04:50.0578 1652 [ 352FA0E98BC461CE1CE5D41F64DB558D ] iAimTV6 C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
00:04:50.0656 1652 iAimTV6 - ok
00:04:50.0750 1652 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
00:04:50.0796 1652 IDriverT ( UnsignedFile.Multi.Generic ) - warning
00:04:50.0796 1652 IDriverT - detected UnsignedFile.Multi.Generic (1)
00:04:50.0953 1652 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:04:51.0156 1652 idsvc - ok
00:04:51.0265 1652 [ E28602C9E17B0DDCE9F5DEB3B3E2A635 ] IGDCTRL C:\Programme\FRITZ!DSL\IGDCTRL.EXE
00:04:51.0281 1652 IGDCTRL - ok
00:04:51.0296 1652 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
00:04:51.0390 1652 Imapi - ok
00:04:51.0453 1652 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
00:04:51.0562 1652 ImapiService - ok
00:04:51.0562 1652 ini910u - ok
00:04:52.0218 1652 [ E5C925B50154D102734AB446ADE781F4 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:04:53.0359 1652 IntcAzAudAddService - ok
00:04:53.0390 1652 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
00:04:53.0484 1652 IntelIde - ok
00:04:53.0531 1652 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
00:04:53.0640 1652 Ip6Fw - ok
00:04:53.0687 1652 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:04:53.0812 1652 IpFilterDriver - ok
00:04:53.0828 1652 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:04:53.0937 1652 IpInIp - ok
00:04:53.0984 1652 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:04:54.0109 1652 IpNat - ok
00:04:54.0234 1652 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Programme\iPod\bin\iPodService.exe
00:04:54.0343 1652 iPod Service - ok
00:04:54.0375 1652 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:04:54.0468 1652 IPSec - ok
00:04:54.0515 1652 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:04:54.0609 1652 IRENUM - ok
00:04:54.0640 1652 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:04:54.0718 1652 isapnp - ok
00:04:54.0859 1652 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
00:04:54.0890 1652 JavaQuickStarterService - ok
00:04:54.0937 1652 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:04:55.0015 1652 Kbdclass - ok
00:04:55.0031 1652 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:04:55.0093 1652 kbdhid - ok
00:04:55.0156 1652 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:04:55.0250 1652 kmixer - ok
00:04:55.0312 1652 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:04:55.0390 1652 KSecDD - ok
00:04:55.0437 1652 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
00:04:55.0468 1652 lanmanserver - ok
00:04:55.0546 1652 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:04:55.0593 1652 lanmanworkstation - ok
00:04:55.0609 1652 lbrtfdc - ok
00:04:55.0796 1652 [ 6BEEBED6ADF0FFE4CADF78AB5FCD017C ] LiveUpdateInstaller C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe
00:04:55.0921 1652 LiveUpdateInstaller ( UnsignedFile.Multi.Generic ) - warning
00:04:55.0921 1652 LiveUpdateInstaller - detected UnsignedFile.Multi.Generic (1)
00:04:55.0984 1652 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:04:56.0062 1652 LmHosts - ok
00:04:56.0109 1652 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:04:56.0187 1652 Messenger - ok
00:04:56.0218 1652 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:04:56.0328 1652 mnmdd - ok
00:04:56.0375 1652 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
00:04:56.0437 1652 mnmsrvc - ok
00:04:56.0468 1652 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:04:56.0578 1652 Modem - ok
00:04:56.0593 1652 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:04:56.0671 1652 Mouclass - ok
00:04:56.0718 1652 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:04:56.0812 1652 mouhid - ok
00:04:56.0859 1652 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:04:56.0937 1652 MountMgr - ok
00:04:57.0015 1652 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
00:04:57.0046 1652 MozillaMaintenance - ok
00:04:57.0046 1652 mraid35x - ok
00:04:57.0078 1652 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:04:57.0171 1652 MRxDAV - ok
00:04:57.0265 1652 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:04:57.0390 1652 MRxSmb - ok
00:04:57.0437 1652 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
00:04:57.0546 1652 MSDTC - ok
00:04:57.0578 1652 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:04:57.0656 1652 Msfs - ok
00:04:57.0656 1652 MSIServer - ok
00:04:57.0687 1652 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:04:57.0781 1652 MSKSSRV - ok
00:04:57.0812 1652 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:04:57.0921 1652 MSPCLOCK - ok
00:04:57.0953 1652 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:04:58.0015 1652 MSPQM - ok
00:04:58.0062 1652 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:04:58.0140 1652 mssmbios - ok
00:04:58.0203 1652 MSSQLSERVER - ok
00:04:58.0250 1652 [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
00:04:58.0281 1652 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning
00:04:58.0281 1652 MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1)
00:04:58.0328 1652 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
00:04:58.0406 1652 MSTEE - ok
00:04:58.0453 1652 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:04:58.0531 1652 Mup - ok
00:04:58.0562 1652 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:04:58.0671 1652 NABTSFEC - ok
00:04:58.0750 1652 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
00:04:58.0859 1652 napagent - ok
00:04:58.0937 1652 [ B5B1080D35974C0E718D64280761BCD5 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:04:59.0000 1652 NDIS - ok
00:04:59.0046 1652 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:04:59.0156 1652 NdisIP - ok
00:04:59.0218 1652 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:04:59.0234 1652 NdisTapi - ok
00:04:59.0281 1652 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:04:59.0375 1652 Ndisuio - ok
00:04:59.0390 1652 [ B053A8411045FD0664B389A090CB2BBC ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:04:59.0421 1652 NdisWan - ok
00:04:59.0484 1652 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:04:59.0546 1652 NDProxy - ok
00:04:59.0562 1652 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:04:59.0656 1652 NetBIOS - ok
00:04:59.0734 1652 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:04:59.0828 1652 NetBT - ok
00:04:59.0906 1652 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
00:05:00.0015 1652 NetDDE - ok
00:05:00.0031 1652 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:05:00.0093 1652 NetDDEdsdm - ok
00:05:00.0140 1652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
00:05:00.0234 1652 Netlogon - ok
00:05:00.0312 1652 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
00:05:00.0406 1652 Netman - ok
00:05:00.0468 1652 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:05:00.0484 1652 NetTcpPortSharing - ok
00:05:00.0515 1652 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:05:00.0609 1652 NIC1394 - ok
00:05:00.0687 1652 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
00:05:00.0781 1652 Nla - ok
00:05:00.0859 1652 [ 5ABB6B2461C4EB0AFDF1BF7F03963D59 ] Nokia USB Generic C:\WINDOWS\system32\drivers\nmwcdc.sys
00:05:00.0984 1652 Nokia USB Generic - ok
00:05:01.0062 1652 [ 353C16D21EEC1F11306270040B3713C1 ] Nokia USB Modem C:\WINDOWS\system32\drivers\nmwcdcm.sys
00:05:01.0093 1652 Nokia USB Modem - ok
00:05:01.0156 1652 [ F5B1200C75B160C81E7E48CC0489AA5E ] Nokia USB Phone Parent C:\WINDOWS\system32\drivers\nmwcd.sys
00:05:01.0203 1652 Nokia USB Phone Parent - ok
00:05:01.0250 1652 [ 353C16D21EEC1F11306270040B3713C1 ] Nokia USB Port C:\WINDOWS\system32\drivers\nmwcdcj.sys
00:05:01.0265 1652 Nokia USB Port - ok
00:05:01.0296 1652 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:05:01.0375 1652 Npfs - ok
00:05:01.0484 1652 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:05:01.0703 1652 Ntfs - ok
00:05:01.0718 1652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
00:05:01.0796 1652 NtLmSsp - ok
00:05:01.0890 1652 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:05:02.0062 1652 NtmsSvc - ok
00:05:02.0109 1652 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
00:05:02.0218 1652 Null - ok
00:05:03.0078 1652 [ CCE4877E45F5300FFFBB4A6BC5E7FDA7 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:05:04.0671 1652 nv - ok
00:05:04.0703 1652 [ 1492C7738F68625805F5F53C8BAD24C6 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
00:05:04.0765 1652 NVENETFD - ok
00:05:04.0812 1652 [ AE73E61F07DDC84255BECE6B02F18390 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
00:05:04.0859 1652 nvnetbus - ok
00:05:04.0906 1652 [ 4E281506A2ECD3B341D06598DBA97005 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
00:05:04.0937 1652 NVSvc - ok
00:05:04.0968 1652 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:05:05.0078 1652 NwlnkFlt - ok
00:05:05.0093 1652 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:05:05.0187 1652 NwlnkFwd - ok
00:05:05.0250 1652 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:05:05.0343 1652 ohci1394 - ok
00:05:05.0359 1652 [ A7AF0C0860F1C43FC6581BA8A99EABEF ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
00:05:05.0453 1652 P3 - ok
00:05:05.0484 1652 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
00:05:05.0593 1652 Parport - ok
00:05:05.0656 1652 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:05:05.0750 1652 PartMgr - ok
00:05:05.0781 1652 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:05:05.0906 1652 ParVdm - ok
00:05:06.0000 1652 [ 2A42DDAEAAE7743C55A3FA68A7AD9538 ] PCA C:\WINDOWS\SMINST\PCAngel.exe
00:05:06.0062 1652 PCA ( UnsignedFile.Multi.Generic ) - warning
00:05:06.0062 1652 PCA - detected UnsignedFile.Multi.Generic (1)
00:05:06.0109 1652 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:05:06.0203 1652 PCI - ok
00:05:06.0203 1652 PCIDump - ok
00:05:06.0218 1652 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
00:05:06.0312 1652 PCIIde - ok
00:05:06.0359 1652 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
00:05:06.0437 1652 Pcmcia - ok
00:05:06.0437 1652 PDCOMP - ok
00:05:06.0484 1652 pdfcDispatcher - ok
00:05:06.0484 1652 PDFRAME - ok
00:05:06.0484 1652 PDRELI - ok
00:05:06.0500 1652 PDRFRAME - ok
00:05:06.0500 1652 perc2 - ok
00:05:06.0515 1652 perc2hib - ok
00:05:06.0546 1652 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
00:05:06.0578 1652 PlugPlay - ok
00:05:06.0593 1652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
00:05:06.0671 1652 PolicyAgent - ok
00:05:06.0734 1652 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:05:06.0859 1652 PptpMiniport - ok
00:05:06.0875 1652 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
00:05:06.0968 1652 Processor - ok
00:05:06.0968 1652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:05:07.0046 1652 ProtectedStorage - ok
00:05:07.0062 1652 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:05:07.0140 1652 PSched - ok
00:05:07.0203 1652 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:05:07.0312 1652 Ptilink - ok
00:05:07.0359 1652 [ B572ED0C3E6165643FA116AF20425A54 ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
00:05:07.0375 1652 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
00:05:07.0375 1652 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
00:05:07.0375 1652 ql1080 - ok
00:05:07.0390 1652 Ql10wnt - ok
00:05:07.0390 1652 ql12160 - ok
00:05:07.0406 1652 ql1240 - ok
00:05:07.0406 1652 ql1280 - ok
00:05:07.0421 1652 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:05:07.0515 1652 RasAcd - ok
00:05:07.0578 1652 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:05:07.0656 1652 RasAuto - ok
00:05:07.0687 1652 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:05:07.0781 1652 Rasl2tp - ok
00:05:07.0828 1652 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:05:07.0937 1652 RasMan - ok
00:05:07.0953 1652 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:05:08.0031 1652 RasPppoe - ok
00:05:08.0046 1652 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:05:08.0140 1652 Raspti - ok
00:05:08.0171 1652 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:05:08.0265 1652 Rdbss - ok
00:05:08.0265 1652 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:05:08.0375 1652 RDPCDD - ok
00:05:08.0406 1652 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:05:08.0515 1652 rdpdr - ok
00:05:08.0562 1652 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:05:08.0625 1652 RDPWD - ok
00:05:08.0687 1652 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:05:08.0812 1652 RDSessMgr - ok
00:05:08.0859 1652 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
00:05:08.0937 1652 redbook - ok
00:05:08.0984 1652 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:05:09.0078 1652 RemoteAccess - ok
00:05:09.0140 1652 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
00:05:09.0234 1652 RemoteRegistry - ok
00:05:09.0281 1652 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
00:05:09.0375 1652 RpcLocator - ok
00:05:09.0437 1652 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
00:05:09.0500 1652 RpcSs - ok
00:05:09.0531 1652 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
00:05:09.0671 1652 RSVP - ok
00:05:09.0734 1652 [ 180A0296BF259C1AEEB8DC100CC87A31 ] RTL8187B C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
00:05:09.0796 1652 RTL8187B ( UnsignedFile.Multi.Generic ) - warning
00:05:09.0796 1652 RTL8187B - detected UnsignedFile.Multi.Generic (1)
00:05:09.0812 1652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
00:05:09.0875 1652 SamSs - ok
00:05:10.0031 1652 [ 66EB70B8F5F53C11C98B14637B2F6E84 ] Samsung Network Fax Server C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe
00:05:10.0062 1652 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - warning
00:05:10.0062 1652 Samsung Network Fax Server - detected UnsignedFile.Multi.Generic (1)
00:05:10.0109 1652 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:05:10.0187 1652 SCardSvr - ok
00:05:10.0265 1652 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:05:10.0359 1652 Schedule - ok
00:05:10.0406 1652 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:05:10.0484 1652 Secdrv - ok
00:05:10.0515 1652 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
00:05:10.0609 1652 seclogon - ok
00:05:10.0640 1652 SENS - ok
00:05:10.0671 1652 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
00:05:10.0781 1652 serenum - ok
00:05:10.0812 1652 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
00:05:10.0937 1652 Serial - ok
00:05:11.0031 1652 [ 4C0A4FEFD62519552C0E5171F418C4BC ] ServiceLayer C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
00:05:11.0062 1652 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
00:05:11.0062 1652 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
00:05:11.0109 1652 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
00:05:11.0203 1652 Sfloppy - ok
00:05:11.0296 1652 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
00:05:11.0437 1652 SharedAccess - ok
00:05:11.0468 1652 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:05:11.0500 1652 ShellHWDetection - ok
00:05:11.0500 1652 Simbad - ok
00:05:11.0515 1652 SjyPkt - ok
00:05:11.0546 1652 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:05:11.0640 1652 SLIP - ok
00:05:11.0656 1652 Sparrow - ok
00:05:11.0671 1652 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:05:11.0750 1652 splitter - ok
00:05:11.0812 1652 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
00:05:11.0890 1652 Spooler - ok
00:05:11.0890 1652 SQLSERVERAGENT - ok
00:05:11.0968 1652 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:05:12.0062 1652 sr - ok
00:05:12.0140 1652 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
00:05:12.0234 1652 srservice - ok
00:05:12.0296 1652 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:05:12.0468 1652 Srv - ok
00:05:12.0515 1652 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:05:12.0593 1652 SSDPSRV - ok
00:05:12.0687 1652 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\WINDOWS\system32\Drivers\SSPORT.sys
00:05:12.0703 1652 SSPORT ( UnsignedFile.Multi.Generic ) - warning
00:05:12.0703 1652 SSPORT - detected UnsignedFile.Multi.Generic (1)
00:05:12.0796 1652 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
00:05:12.0968 1652 stisvc - ok
00:05:12.0984 1652 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:05:13.0062 1652 streamip - ok
00:05:13.0109 1652 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:05:13.0187 1652 swenum - ok
00:05:13.0218 1652 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:05:13.0296 1652 swmidi - ok
00:05:13.0312 1652 SwPrv - ok
00:05:13.0359 1652 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
00:05:13.0453 1652 symc810 - ok
00:05:13.0468 1652 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:05:13.0593 1652 symc8xx - ok
00:05:13.0640 1652 [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
00:05:13.0640 1652 Symmpi ( UnsignedFile.Multi.Generic ) - warning
00:05:13.0640 1652 Symmpi - detected UnsignedFile.Multi.Generic (1)
00:05:13.0656 1652 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:05:13.0781 1652 sym_hi - ok
00:05:13.0796 1652 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:05:13.0890 1652 sym_u3 - ok
00:05:13.0921 1652 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:05:14.0000 1652 sysaudio - ok
00:05:14.0046 1652 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:05:14.0156 1652 SysmonLog - ok
00:05:14.0218 1652 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:05:14.0328 1652 TapiSrv - ok
00:05:14.0406 1652 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:05:14.0500 1652 Tcpip - ok
00:05:14.0531 1652 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:05:14.0593 1652 TDPIPE - ok
00:05:14.0625 1652 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:05:14.0718 1652 TDTCP - ok
00:05:14.0734 1652 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:05:14.0890 1652 TermDD - ok
00:05:14.0984 1652 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
00:05:15.0093 1652 TermService - ok
00:05:15.0125 1652 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
00:05:15.0140 1652 Themes - ok
00:05:15.0187 1652 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
00:05:15.0296 1652 TlntSvr - ok
00:05:15.0312 1652 TosIde - ok
00:05:15.0375 1652 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
00:05:15.0468 1652 TrkWks - ok
00:05:15.0500 1652 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:05:15.0609 1652 Udfs - ok
00:05:15.0671 1652 [ CA90D2C55EB3BB90687677BEA3DB0B59 ] UleadBurningHelper C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
00:05:15.0687 1652 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
00:05:15.0687 1652 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
00:05:15.0687 1652 ultra - ok
00:05:15.0796 1652 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
00:05:15.0906 1652 upnphost - ok
00:05:15.0953 1652 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
00:05:16.0062 1652 UPS - ok
00:05:16.0109 1652 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
00:05:16.0156 1652 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
00:05:16.0156 1652 USBAAPL - detected UnsignedFile.Multi.Generic (1)
00:05:16.0218 1652 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:05:16.0296 1652 usbccgp - ok
00:05:16.0343 1652 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:05:16.0421 1652 usbehci - ok
00:05:16.0468 1652 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:05:16.0546 1652 usbhub - ok
00:05:16.0578 1652 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:05:16.0656 1652 usbohci - ok
00:05:16.0703 1652 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:05:16.0812 1652 usbprint - ok
00:05:16.0828 1652 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:05:16.0921 1652 usbscan - ok
00:05:16.0953 1652 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:05:17.0046 1652 USBSTOR - ok
00:05:17.0078 1652 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:05:17.0156 1652 usbuhci - ok
00:05:17.0203 1652 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:05:17.0281 1652 VgaSave - ok
00:05:17.0296 1652 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
00:05:17.0390 1652 ViaIde - ok
00:05:17.0406 1652 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:05:17.0484 1652 VolSnap - ok
00:05:17.0562 1652 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
00:05:17.0687 1652 VSS - ok
00:05:17.0750 1652 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
00:05:17.0859 1652 W32Time - ok
00:05:17.0921 1652 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:05:18.0000 1652 Wanarp - ok
00:05:18.0000 1652 WDICA - ok
00:05:18.0031 1652 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:05:18.0125 1652 wdmaud - ok
00:05:18.0187 1652 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
00:05:18.0265 1652 WebClient - ok
00:05:18.0390 1652 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:05:18.0484 1652 winmgmt - ok
00:05:18.0531 1652 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
00:05:18.0593 1652 WmdmPmSN - ok
00:05:18.0703 1652 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
00:05:18.0921 1652 Wmi - ok
00:05:18.0937 1652 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:05:19.0046 1652 WmiApSrv - ok
00:05:19.0234 1652 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
00:05:19.0453 1652 WMPNetworkSvc - ok
00:05:19.0500 1652 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
00:05:19.0531 1652 WpdUsb - ok
00:05:19.0593 1652 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:05:19.0687 1652 WS2IFSL - ok
00:05:19.0765 1652 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
00:05:19.0859 1652 wscsvc - ok
00:05:19.0906 1652 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:05:19.0984 1652 WSTCODEC - ok
00:05:20.0031 1652 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
00:05:20.0109 1652 wuauserv - ok
00:05:20.0171 1652 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:05:20.0234 1652 WudfPf - ok
00:05:20.0250 1652 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:05:20.0265 1652 WudfRd - ok
00:05:20.0312 1652 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
00:05:20.0343 1652 WudfSvc - ok
00:05:20.0453 1652 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:05:20.0593 1652 WZCSVC - ok
00:05:20.0671 1652 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:05:20.0796 1652 xmlprov - ok
00:05:20.0859 1652 [ 58C938BDD89281DC1A64B1DCE675FCE4 ] ZSMC301b C:\WINDOWS\system32\Drivers\usbVM31b.sys
00:05:20.0890 1652 ZSMC301b - ok
00:05:20.0937 1652 ================ Scan global ===============================
00:05:21.0000 1652 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
00:05:21.0093 1652 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
00:05:21.0156 1652 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
00:05:21.0171 1652 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
00:05:21.0171 1652 [Global] - ok
00:05:21.0171 1652 ================ Scan MBR ==================================
00:05:21.0203 1652 [ 4F02A8D4048A138C450ED7F867EB0144 ] \Device\Harddisk0\DR0
00:05:21.0500 1652 \Device\Harddisk0\DR0 - ok
00:05:21.0515 1652 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR3
00:05:21.0656 1652 \Device\Harddisk1\DR3 - ok
00:05:21.0656 1652 ================ Scan VBR ==================================
00:05:21.0656 1652 [ E297A6E7B851D3099B4B27FFED13283D ] \Device\Harddisk0\DR0\Partition1
00:05:21.0656 1652 \Device\Harddisk0\DR0\Partition1 - ok
00:05:21.0671 1652 [ EB745B4E738B10DDD9F51CC02EC4A524 ] \Device\Harddisk0\DR0\Partition2
00:05:21.0671 1652 \Device\Harddisk0\DR0\Partition2 - ok
00:05:21.0671 1652 [ A907C4F5960CF608FC6D56B878BF190E ] \Device\Harddisk1\DR3\Partition1
00:05:21.0671 1652 \Device\Harddisk1\DR3\Partition1 - ok
00:05:21.0671 1652 ============================================================
00:05:21.0671 1652 Scan finished
00:05:21.0671 1652 ============================================================
00:05:21.0781 1644 Detected object count: 17
00:05:21.0781 1644 Actual detected object count: 17
00:09:40.0906 1644 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0906 1644 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0906 1644 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0906 1644 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0906 1644 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0906 1644 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0906 1644 FSLX ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0906 1644 FSLX ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0921 1644 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0921 1644 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0921 1644 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0921 1644 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0921 1644 LiveUpdateInstaller ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0921 1644 LiveUpdateInstaller ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0921 1644 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0921 1644 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0921 1644 PCA ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0921 1644 PCA ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0937 1644 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0937 1644 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0937 1644 RTL8187B ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0937 1644 RTL8187B ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0937 1644 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0937 1644 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0937 1644 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0937 1644 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0937 1644 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0937 1644 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0937 1644 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0937 1644 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0953 1644 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0953 1644 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0953 1644 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0953 1644 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 16.05.2013, 23:40   #8
markusg
/// Malware-holic
 
Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner - Standard

Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner



Hi
spenden kannst du gerne, wenn wir fertig sind, wir führen noch einige Scans aus und sichern den pc ab

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.05.2013, 01:05   #9
hansdoll
 
Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner - Standard

Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner



Hi,

hab mich zu früh gefreut.
Konnte den Rechner zehn Minuten benutzen, dann hatte ich den GVU-Bildschirm wieder.
Ich habe dann die Killer.exe nochmal ausgeführt.
Combofix habe ich runtergeladen.
Das Problem ist, dass mein PC nur im abgesicherten Modus MIT Eingabeaufforderung läuft.
Normaler abgesicherter Modus stürzt ab.
Ich kann also den Virenscanner (G Data) nicht ausschalten.
Combofix beschwert sich genau darüber.
Nun will Combofix ins Internet, um sich die Microsoft-Wiederherstellungskonsole zu laden.
Aber in diesem DOS-Bildschirm krieg ich ja keine Internet-Verbindung hin.

Was tun ?

Alt 17.05.2013, 11:44   #10
markusg
/// Malware-holic
 
Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner - Standard

Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner



Auf jeden fall mal finger weg von illegalen streamings wie kinox.to, nur bei uns bzw auf von mir genannten pages surfen.
neues otl log erstellen und posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.05.2013, 20:56   #11
hansdoll
 
Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner - Standard

Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner



Hallo,

hier zum zweiten mal die otl und extras logs :OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.05.2013 21:47:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 82,49% Memory free
3,73 Gb Paging File | 3,65 Gb Available in Paging File | 97,84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 6,29 Gb Free Space | 4,59% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,67% Space Free | Partition Type: NTFS
Drive F: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,75% Space Free | Partition Type: FAT32
 
Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.15 01:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013.05.17 01:03:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.13 10:20:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.15 00:50:23 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.12.21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.06.20 09:19:11 | 000,175,104 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.10.29 09:03:16 | 001,089,608 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2008.09.08 09:46:56 | 001,185,496 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2008.08.19 16:20:50 | 000,386,120 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2008.04.07 07:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Programme\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006.06.05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.07.02 09:36:54 | 000,516,096 | ---- | M] (Sage KHK Software) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe -- (LiveUpdateInstaller)
SRV - [2002.12.17 16:55:12 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2002.12.17 16:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2011.04.05 13:31:50 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.05.27 07:29:56 | 000,068,424 | ---- | M] (G DATA Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2009.05.21 20:36:48 | 000,051,016 | ---- | M] (G DATA Software AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2009.05.21 12:43:53 | 000,048,712 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2009.05.21 12:43:47 | 000,032,328 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2008.07.11 14:44:00 | 000,191,872 | ---- | M] (Altiris, Inc.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
DRV - [2007.11.06 19:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.07.30 14:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.07.30 14:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.05.04 14:40:22 | 000,215,040 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.05.29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006.05.29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2004.08.17 05:44:22 | 000,091,263 | R--- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004.08.04 01:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004.08.04 01:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004.08.04 01:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004.08.04 01:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004.08.04 01:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004.08.04 01:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004.08.04 01:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004.08.04 01:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004.08.04 01:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004.08.04 01:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004.08.04 01:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004.08.04 01:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004.08.04 01:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004.08.04 01:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004.08.04 01:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002.04.04 07:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=51D33A1B-5494-4753-BB99-A16A296559A6&apn_sauid=EAABA731-5486-4EA9-BE11-A5DC56130D49
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.13 10:20:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.16 08:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.04.03 11:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.21 23:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default\extensions
[2013.04.26 07:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions
[2013.04.26 07:06:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\support@lastpass.com
[2013.02.20 23:33:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\toolbar@ask.com
[2012.02.17 22:21:04 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.04.13 10:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.13 10:20:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.04.13 10:20:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.17 09:55:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 20:16:49 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.17 09:55:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 09:55:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 09:55:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 09:55:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.17 02:15:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (Vimicro)
O4 - HKLM..\Run: [CDAServer] C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe ()
O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe (G DATA Software AG)
O4 - HKLM..\Run: [innoplus_update] C:\Programme\innoPlus\innoplus_bad\bin\dataupdate.exe (INNOVA-engineering GmbH Dresden)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKLM..\RunOnce: [(4) HWRestore] C:\Sage\KHK\Handwerk\HWRESTORE.EXE (Sage KHK Software GmbH&Co.KG)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk =  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\QLINK.lnk = C:\program files\Lexmark Applications\QLink\QLINK.EXE (Lexmark)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\\sarah.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EFD5704-5D07-4B54-8B2A-420BB016F3DE}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.17 02:16:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013.05.17 01:56:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.05.17 01:56:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.05.17 01:56:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.05.17 01:56:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.05.17 01:53:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.17 01:53:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.05.15 00:52:43 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.14 01:23:25 | 000,000,000 | ---D | C] -- C:\Wiederhergestellte Dateien 13-05-13
[2013.05.12 21:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013.05.04 20:32:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2013.05.04 20:31:25 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsiw.exe
[2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsia.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.17 02:15:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.05.17 01:53:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.17 01:52:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.17 01:48:23 | 000,002,165 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk
[2013.05.17 01:48:19 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.17 01:33:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013.05.17 01:17:30 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2013.05.17 01:03:39 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.17 00:41:21 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.16 01:12:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Kein Protokoll
[2013.05.13 00:54:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.05.12 01:06:24 | 000,008,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB
[2013.05.12 01:06:24 | 000,006,144 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB
[2013.05.04 20:32:03 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.05.04 20:17:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.04.25 23:24:42 | 000,471,880 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.25 23:24:42 | 000,451,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.25 23:24:42 | 000,090,282 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.25 23:24:42 | 000,075,142 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.05.17 01:56:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.05.17 01:56:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.05.17 01:56:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.05.17 01:56:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.05.17 01:56:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.05.12 00:08:10 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB
[2013.05.12 00:07:51 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB
[2013.05.04 20:32:03 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.02.26 01:31:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2013.02.26 01:31:44 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2013.02.26 01:31:35 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc
[2012.10.15 21:25:03 | 000,124,792 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2012.10.15 21:24:54 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2012.10.15 21:24:54 | 000,145,408 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2012.10.15 21:23:25 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\ssa3mlm.dll
[2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- C:\Programme\readme.html
[2012.07.27 22:24:16 | 000,006,854 | RHS- | C] () -- C:\WINDOWS\innova3.ini
[2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Programme\basis-link
[2012.02.14 21:02:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.20 01:07:43 | 000,028,624 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.12.19 10:53:34 | 076,004,920 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\exe2323iw.dat
[2011.10.13 00:51:40 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.05.20 22:57:46 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak
[2009.05.20 22:57:46 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak
[2009.05.20 22:57:46 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak
[2009.05.20 05:36:08 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.04.27 12:04:04 | 140,387,075 | ---- | C] () -- C:\Programme\openofficeorg1.cab
[2009.04.27 12:03:46 | 009,818,624 | ---- | C] () -- C:\Programme\openofficeorg31.msi
[2009.04.27 06:43:50 | 000,000,336 | ---- | C] () -- C:\Programme\setup.ini
 
========== ZeroAccess Check ==========
 
[2009.05.20 05:35:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013.02.21 21:06:28 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.02.12 21:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ACD Systems
[2010.05.01 23:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon
[2009.08.08 13:25:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Datalayer
[2013.03.11 01:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\elsterformular
[2010.09.15 23:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ!
[2010.09.15 22:59:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ!fax für FRITZ!Box
[2011.12.18 02:22:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HandBrake
[2012.07.27 22:23:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\innoplus
[2009.08.23 11:28:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech
[2009.08.02 19:38:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia
[2009.08.02 20:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia Multimedia Player
[2009.05.21 18:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2012.06.14 00:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle
[2009.08.02 19:02:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite
[2012.04.07 15:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RavensburgerTipToi
[2009.05.21 03:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView
[2013.02.26 01:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Samsung
[2012.08.21 09:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer
[2010.10.16 13:01:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird
[2011.05.08 21:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ulead Systems
[2012.03.16 12:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\YouTube Downloader
[2013.05.04 20:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011.02.12 21:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2012.11.21 23:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2009.08.02 18:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2010.11.10 23:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Mender
[2013.03.11 01:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2010.01.20 14:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2012.07.27 22:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\innoplus
[2010.09.15 22:59:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch
[2009.08.02 19:02:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012.02.25 11:42:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2013.02.26 01:31:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2011.05.08 20:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2011.05.08 21:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2012.03.05 17:29:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader
[2011.12.18 01:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.01 21:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.05.21 20:43:40 | 000,000,000 | ---D | M] -- C:\70SP4
[2012.05.11 03:01:16 | 000,000,000 | ---D | M] -- C:\9f7803ddae81aabb78e04f476cd8feaa
[2009.07.12 11:35:58 | 000,000,000 | ---D | M] -- C:\Banking
[2009.05.20 05:44:07 | 000,000,000 | ---D | M] -- C:\Compaq
[2013.05.04 20:32:50 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009.05.20 14:26:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.04.08 21:16:51 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.08.14 23:19:30 | 000,000,000 | ---D | M] -- C:\e322ecf43298eabf7fb898a4
[2011.01.11 00:05:18 | 000,000,000 | ---D | M] -- C:\Endisch Dokumente
[2012.01.22 19:48:42 | 000,000,000 | ---D | M] -- C:\FBBM
[2013.05.12 00:06:46 | 000,000,000 | ---D | M] -- C:\Firma Doll
[2009.05.21 19:58:28 | 000,000,000 | ---D | M] -- C:\Fotos
[2013.05.15 00:52:43 | 000,000,000 | ---D | M] -- C:\FRST
[2009.05.20 05:44:14 | 000,000,000 | ---D | M] -- C:\fslrdr
[2009.05.20 05:44:42 | 000,000,000 | ---D | M] -- C:\hp
[2011.11.04 20:36:41 | 000,000,000 | ---D | M] -- C:\Häuser
[2009.05.20 14:26:48 | 000,000,000 | ---D | M] -- C:\i386
[2010.11.10 23:38:43 | 000,000,000 | ---D | M] -- C:\lexmark
[2013.04.28 16:50:21 | 000,000,000 | ---D | M] -- C:\Private Dokumente Hans
[2010.11.10 23:39:53 | 000,000,000 | ---D | M] -- C:\program files
[2013.05.17 02:15:04 | 000,000,000 | R--D | M] -- C:\Programme
[2012.06.27 21:55:42 | 000,000,000 | ---D | M] -- C:\QLINK
[2013.05.17 02:16:59 | 000,000,000 | ---D | M] -- C:\Qoobox
[2009.05.21 20:24:36 | 000,000,000 | ---D | M] -- C:\Sage
[2012.02.06 00:56:05 | 000,000,000 | ---D | M] -- C:\spoolerlogs
[2009.05.20 17:53:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.05.20 17:53:18 | 000,000,000 | ---D | M] -- C:\system.sav
[2012.01.05 02:05:57 | 000,000,000 | ---D | M] -- C:\temp
[2013.05.14 01:27:40 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 13-05-13
[2009.05.21 19:57:33 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 21-05-09
[2013.05.17 02:16:59 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2002.03.11 10:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsia.exe
[2002.03.11 11:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsiw.exe
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2008.04.14 04:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp
[2008.04.14 04:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2008.04.14 04:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp
[2008.04.14 04:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2008.04.14 04:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2008.04.14 04:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008.04.14 04:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.05.16 16:27:22 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2006.05.16 16:27:22 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2009.09.01 20:59:29 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2011.04.24 23:13:05 | 000,001,100 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2011.04.24 23:13:05 | 000,001,104 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012.10.15 21:34:52 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.02.20 23:33:49 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
< MD5 for: AGP440.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: AHCIX86.SYS  >
[2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\ahcix86.sys
[2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\WINDOWS\DRIVERS\STORAGE\ahcix86.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 09:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 09:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 09:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVGTS.SYS  >
[2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\nvgts.sys
[2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\WINDOWS\DRIVERS\STORAGE\nvgts.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 09:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 09:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\erdnt\cache\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 09:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 09:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.17 22:56:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.05.05 07:27:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.05.05 07:27:28 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.05.05 07:27:28 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.05.17 01:51:51 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2013.05.17 21:46:58 | 001,028,096 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG
[2013.05.17 01:51:51 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.03.02 03:57:39 | 001,867,392 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.05.2013 21:47:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 82,49% Memory free
3,73 Gb Paging File | 3,65 Gb Available in Paging File | 97,84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 6,29 Gb Free Space | 4,59% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,67% Space Free | Partition Type: NTFS
Drive F: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,75% Space Free | Partition Type: FAT32
 
Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Programme\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler  -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\FRITZ!\igd_finder.exe" = C:\Programme\FRITZ!\igd_finder.exe:LocalSubNet:Enabled:AVM FRITZ!fax for FRITZ!Box - igd_finder.exe -- ()
"C:\Programme\FRITZ!\FriFax32.exe" = C:\Programme\FRITZ!\FriFax32.exe:*:Enabled:FRITZ!fax -- (AVM Berlin)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe" = C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe:*:Enabled:Samsung Scanner Discovery Module V2 -- ()
"C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe" = C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe:*:Enabled:CDA Server -- ()
"C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe" = C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe:*:Enabled:Easy Printer Manager -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe" = C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe:*:Enabled:EPM Order Supplies -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe" = C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe:*:Enabled:EPM Alert -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe" = C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe:*:Enabled:CDA Scan2PC -- ()
"C:\Programme\Scan Assistant\USDAgent.exe" = C:\Programme\Scan Assistant\USDAgent.exe:*:Enabled:Samsung Scan Assistant - USDAgent.exe -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe:LocalSubNet:Enabled:Samsung Network PC Fax Monitor -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1EA84402-CD4F-4F19-AFED-C5C228259873}" = G DATA AntiVirus
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D0C290B-B527-11D3-8B9B-006097833640}" = Handwerk
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{880A0DCF-E8C2-11D9-AAFD-0050BA1ACA6F}" = QLink
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F018BFDC-1ED3-4399-9009-4E1604BF2510}" = innoPlus bad
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem  (06/12/2006 6.81.0.21)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.4
"ElsterFormular" = ElsterFormular
"EOS Utility" = Canon Utilities EOS Utility
"HandBrake" = HandBrake 0.9.5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA-Treiber
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PDF Complete" = PDF Complete
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Ravensburger tiptoi" = Ravensburger tiptoi
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung Network PC Fax" = Samsung Network PC Fax
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Scan Assistant" = Samsung Scan Assistant
"Samsung SCX-472x Series" = Samsung SCX-472x Series
"sv.net" = sv.net
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WIC" = Windows Imaging Component
"Win-CASA 6" = Win-CASA 6
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 16.05.2013 19:44:48 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 16.05.2013 19:44:48 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 16.05.2013 19:48:29 | Computer Name = COMPUTERHANS | Source = MSSQLSERVER | ID = 17055
Description = 19012 :  SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
 1433.  
 
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32031
 
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32031
 
[ System Events ]
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  AmdK8  Fips  i8042prt  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  Tcpip  WS2IFSL
 
Error - 17.05.2013 15:39:35 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error - 17.05.2013 15:42:40 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 17.05.2013 15:50:55 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
 
< End of report >
         
--- --- ---

Alt 17.05.2013, 21:02   #12
markusg
/// Malware-holic
 
Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner - Standard

Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner



bitte aus dem abgesicherten Modus im betroffenen account
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.05.2013, 21:06   #13
hansdoll
 
Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner - Standard

Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner



Hab ich das richtig verstanden:
Abgesicherten Modus verlassen und im abges. Modus mit Eingabeaufforderung weitermachen ?

Alt 17.05.2013, 21:16   #14
markusg
/// Malware-holic
 
Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner - Standard

Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner



laut dem log ist keine Malware aktiv, deswegen im abgesicherten modus den infizierten nutzer wählen und erneut scannen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.05.2013, 21:41   #15
hansdoll
 
Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner - Standard

Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner



Im abgesicherten Modus kann ich beim Anmelden keinen Nutzer wählen,
wie beim normalen Windows-Start. Es gibt allerdings sowieso nur den Administrator.
logs, die dritte:

Code:
ATTFilter
OTL logfile created on: 17.05.2013 22:30:36 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 86,73% Memory free
3,73 Gb Paging File | 3,67 Gb Available in Paging File | 98,40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 6,30 Gb Free Space | 4,60% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,67% Space Free | Partition Type: NTFS
Drive F: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,75% Space Free | Partition Type: FAT32
 
Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.15 01:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013.05.17 01:03:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.13 10:20:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.15 00:50:23 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.12.21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.06.20 09:19:11 | 000,175,104 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.10.29 09:03:16 | 001,089,608 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2008.09.08 09:46:56 | 001,185,496 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2008.08.19 16:20:50 | 000,386,120 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2008.04.07 07:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Programme\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006.06.05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.07.02 09:36:54 | 000,516,096 | ---- | M] (Sage KHK Software) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe -- (LiveUpdateInstaller)
SRV - [2002.12.17 16:55:12 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2002.12.17 16:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2011.04.05 13:31:50 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.05.27 07:29:56 | 000,068,424 | ---- | M] (G DATA Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2009.05.21 20:36:48 | 000,051,016 | ---- | M] (G DATA Software AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2009.05.21 12:43:53 | 000,048,712 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2009.05.21 12:43:47 | 000,032,328 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2008.07.11 14:44:00 | 000,191,872 | ---- | M] (Altiris, Inc.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
DRV - [2007.11.06 19:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.07.30 14:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.07.30 14:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.05.04 14:40:22 | 000,215,040 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.05.29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006.05.29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2004.08.17 05:44:22 | 000,091,263 | R--- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004.08.04 01:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004.08.04 01:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004.08.04 01:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004.08.04 01:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004.08.04 01:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004.08.04 01:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004.08.04 01:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004.08.04 01:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004.08.04 01:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004.08.04 01:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004.08.04 01:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004.08.04 01:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004.08.04 01:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004.08.04 01:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004.08.04 01:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002.04.04 07:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=51D33A1B-5494-4753-BB99-A16A296559A6&apn_sauid=EAABA731-5486-4EA9-BE11-A5DC56130D49
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.13 10:20:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.16 08:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.04.03 11:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.21 23:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default\extensions
[2013.04.26 07:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions
[2013.04.26 07:06:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\support@lastpass.com
[2013.02.20 23:33:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\toolbar@ask.com
[2012.02.17 22:21:04 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.04.13 10:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.13 10:20:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.04.13 10:20:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.17 09:55:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 20:16:49 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.17 09:55:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 09:55:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 09:55:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 09:55:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.17 02:15:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (Vimicro)
O4 - HKLM..\Run: [CDAServer] C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe ()
O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe (G DATA Software AG)
O4 - HKLM..\Run: [innoplus_update] C:\Programme\innoPlus\innoplus_bad\bin\dataupdate.exe (INNOVA-engineering GmbH Dresden)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKLM..\RunOnce: [(4) HWRestore] C:\Sage\KHK\Handwerk\HWRESTORE.EXE (Sage KHK Software GmbH&Co.KG)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk =  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\QLINK.lnk = C:\program files\Lexmark Applications\QLink\QLINK.EXE (Lexmark)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\\sarah.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EFD5704-5D07-4B54-8B2A-420BB016F3DE}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.17 02:16:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013.05.17 01:56:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.05.17 01:56:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.05.17 01:56:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.05.17 01:56:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.05.17 01:53:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.17 01:53:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.05.15 00:52:43 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.14 01:23:25 | 000,000,000 | ---D | C] -- C:\Wiederhergestellte Dateien 13-05-13
[2013.05.12 21:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013.05.04 20:32:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2013.05.04 20:31:25 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsiw.exe
[2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsia.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.17 22:22:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.17 22:22:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.17 02:15:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.05.17 01:48:23 | 000,002,165 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk
[2013.05.17 01:48:19 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.17 01:33:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013.05.17 01:17:30 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2013.05.17 01:03:39 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.17 00:41:21 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.16 01:12:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Kein Protokoll
[2013.05.13 00:54:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.05.12 01:06:24 | 000,008,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB
[2013.05.12 01:06:24 | 000,006,144 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB
[2013.05.04 20:32:03 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.05.04 20:17:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.04.25 23:24:42 | 000,471,880 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.25 23:24:42 | 000,451,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.25 23:24:42 | 000,090,282 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.25 23:24:42 | 000,075,142 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.05.17 01:56:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.05.17 01:56:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.05.17 01:56:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.05.17 01:56:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.05.17 01:56:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.05.12 00:08:10 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB
[2013.05.12 00:07:51 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB
[2013.05.04 20:32:03 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.02.26 01:31:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2013.02.26 01:31:44 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2013.02.26 01:31:35 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc
[2012.10.15 21:25:03 | 000,124,792 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2012.10.15 21:24:54 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2012.10.15 21:24:54 | 000,145,408 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2012.10.15 21:23:25 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\ssa3mlm.dll
[2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- C:\Programme\readme.html
[2012.07.27 22:24:16 | 000,006,854 | RHS- | C] () -- C:\WINDOWS\innova3.ini
[2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Programme\basis-link
[2012.02.14 21:02:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.20 01:07:43 | 000,028,624 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.12.19 10:53:34 | 076,004,920 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\exe2323iw.dat
[2011.10.13 00:51:40 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.05.20 22:57:46 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak
[2009.05.20 22:57:46 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak
[2009.05.20 22:57:46 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak
[2009.05.20 05:36:08 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.04.27 12:04:04 | 140,387,075 | ---- | C] () -- C:\Programme\openofficeorg1.cab
[2009.04.27 12:03:46 | 009,818,624 | ---- | C] () -- C:\Programme\openofficeorg31.msi
[2009.04.27 06:43:50 | 000,000,336 | ---- | C] () -- C:\Programme\setup.ini
 
========== ZeroAccess Check ==========
 
[2009.05.20 05:35:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013.02.21 21:06:28 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.02.12 21:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ACD Systems
[2010.05.01 23:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon
[2009.08.08 13:25:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Datalayer
[2013.03.11 01:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\elsterformular
[2010.09.15 23:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ!
[2010.09.15 22:59:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ!fax für FRITZ!Box
[2011.12.18 02:22:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HandBrake
[2012.07.27 22:23:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\innoplus
[2009.08.23 11:28:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech
[2009.08.02 19:38:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia
[2009.08.02 20:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia Multimedia Player
[2009.05.21 18:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2012.06.14 00:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle
[2009.08.02 19:02:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite
[2012.04.07 15:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RavensburgerTipToi
[2009.05.21 03:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView
[2013.02.26 01:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Samsung
[2012.08.21 09:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer
[2010.10.16 13:01:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird
[2011.05.08 21:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ulead Systems
[2012.03.16 12:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\YouTube Downloader
[2013.05.04 20:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011.02.12 21:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2012.11.21 23:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2009.08.02 18:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2010.11.10 23:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Mender
[2013.03.11 01:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2010.01.20 14:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2012.07.27 22:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\innoplus
[2010.09.15 22:59:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch
[2009.08.02 19:02:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012.02.25 11:42:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2013.02.26 01:31:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2011.05.08 20:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2011.05.08 21:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2012.03.05 17:29:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader
[2011.12.18 01:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.01 21:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.05.21 20:43:40 | 000,000,000 | ---D | M] -- C:\70SP4
[2012.05.11 03:01:16 | 000,000,000 | ---D | M] -- C:\9f7803ddae81aabb78e04f476cd8feaa
[2009.07.12 11:35:58 | 000,000,000 | ---D | M] -- C:\Banking
[2009.05.20 05:44:07 | 000,000,000 | ---D | M] -- C:\Compaq
[2013.05.04 20:32:50 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009.05.20 14:26:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.04.08 21:16:51 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.08.14 23:19:30 | 000,000,000 | ---D | M] -- C:\e322ecf43298eabf7fb898a4
[2011.01.11 00:05:18 | 000,000,000 | ---D | M] -- C:\Endisch Dokumente
[2012.01.22 19:48:42 | 000,000,000 | ---D | M] -- C:\FBBM
[2013.05.12 00:06:46 | 000,000,000 | ---D | M] -- C:\Firma Doll
[2009.05.21 19:58:28 | 000,000,000 | ---D | M] -- C:\Fotos
[2013.05.15 00:52:43 | 000,000,000 | ---D | M] -- C:\FRST
[2009.05.20 05:44:14 | 000,000,000 | ---D | M] -- C:\fslrdr
[2009.05.20 05:44:42 | 000,000,000 | ---D | M] -- C:\hp
[2011.11.04 20:36:41 | 000,000,000 | ---D | M] -- C:\Häuser
[2009.05.20 14:26:48 | 000,000,000 | ---D | M] -- C:\i386
[2010.11.10 23:38:43 | 000,000,000 | ---D | M] -- C:\lexmark
[2013.04.28 16:50:21 | 000,000,000 | ---D | M] -- C:\Private Dokumente Hans
[2010.11.10 23:39:53 | 000,000,000 | ---D | M] -- C:\program files
[2013.05.17 02:15:04 | 000,000,000 | R--D | M] -- C:\Programme
[2012.06.27 21:55:42 | 000,000,000 | ---D | M] -- C:\QLINK
[2013.05.17 02:16:59 | 000,000,000 | ---D | M] -- C:\Qoobox
[2009.05.21 20:24:36 | 000,000,000 | ---D | M] -- C:\Sage
[2012.02.06 00:56:05 | 000,000,000 | ---D | M] -- C:\spoolerlogs
[2009.05.20 17:53:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.05.20 17:53:18 | 000,000,000 | ---D | M] -- C:\system.sav
[2012.01.05 02:05:57 | 000,000,000 | ---D | M] -- C:\temp
[2013.05.14 01:27:40 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 13-05-13
[2009.05.21 19:57:33 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 21-05-09
[2013.05.17 02:16:59 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2002.03.11 10:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsia.exe
[2002.03.11 11:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsiw.exe
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2008.04.14 04:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp
[2008.04.14 04:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2008.04.14 04:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp
[2008.04.14 04:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2008.04.14 04:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2008.04.14 04:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008.04.14 04:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.05.16 16:27:22 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2006.05.16 16:27:22 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2009.09.01 20:59:29 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2011.04.24 23:13:05 | 000,001,100 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2011.04.24 23:13:05 | 000,001,104 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012.10.15 21:34:52 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.02.20 23:33:49 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
< MD5 for: AGP440.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: AHCIX86.SYS  >
[2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\ahcix86.sys
[2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\WINDOWS\DRIVERS\STORAGE\ahcix86.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 09:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 09:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 09:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVGTS.SYS  >
[2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\nvgts.sys
[2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\WINDOWS\DRIVERS\STORAGE\nvgts.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 09:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 09:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\erdnt\cache\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 09:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 09:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.17 22:56:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.05.05 07:27:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.05.05 07:27:28 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.05.05 07:27:28 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.05.17 22:21:08 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2013.05.17 22:24:52 | 000,180,224 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG
[2013.05.17 22:21:08 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.03.02 03:57:39 | 001,867,392 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 17.05.2013 21:47:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 82,49% Memory free
3,73 Gb Paging File | 3,65 Gb Available in Paging File | 97,84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 6,29 Gb Free Space | 4,59% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,67% Space Free | Partition Type: NTFS
Drive F: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,75% Space Free | Partition Type: FAT32
 
Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Programme\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler  -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\FRITZ!\igd_finder.exe" = C:\Programme\FRITZ!\igd_finder.exe:LocalSubNet:Enabled:AVM FRITZ!fax for FRITZ!Box - igd_finder.exe -- ()
"C:\Programme\FRITZ!\FriFax32.exe" = C:\Programme\FRITZ!\FriFax32.exe:*:Enabled:FRITZ!fax -- (AVM Berlin)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe" = C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe:*:Enabled:Samsung Scanner Discovery Module V2 -- ()
"C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe" = C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe:*:Enabled:CDA Server -- ()
"C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe" = C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe:*:Enabled:Easy Printer Manager -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe" = C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe:*:Enabled:EPM Order Supplies -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe" = C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe:*:Enabled:EPM Alert -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe" = C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe:*:Enabled:CDA Scan2PC -- ()
"C:\Programme\Scan Assistant\USDAgent.exe" = C:\Programme\Scan Assistant\USDAgent.exe:*:Enabled:Samsung Scan Assistant - USDAgent.exe -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe:LocalSubNet:Enabled:Samsung Network PC Fax Monitor -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1EA84402-CD4F-4F19-AFED-C5C228259873}" = G DATA AntiVirus
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D0C290B-B527-11D3-8B9B-006097833640}" = Handwerk
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{880A0DCF-E8C2-11D9-AAFD-0050BA1ACA6F}" = QLink
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F018BFDC-1ED3-4399-9009-4E1604BF2510}" = innoPlus bad
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem  (06/12/2006 6.81.0.21)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.4
"ElsterFormular" = ElsterFormular
"EOS Utility" = Canon Utilities EOS Utility
"HandBrake" = HandBrake 0.9.5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA-Treiber
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PDF Complete" = PDF Complete
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Ravensburger tiptoi" = Ravensburger tiptoi
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung Network PC Fax" = Samsung Network PC Fax
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Scan Assistant" = Samsung Scan Assistant
"Samsung SCX-472x Series" = Samsung SCX-472x Series
"sv.net" = sv.net
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WIC" = Windows Imaging Component
"Win-CASA 6" = Win-CASA 6
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 16.05.2013 19:44:48 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 16.05.2013 19:44:48 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 16.05.2013 19:48:29 | Computer Name = COMPUTERHANS | Source = MSSQLSERVER | ID = 17055
Description = 19012 :  SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
 1433.  
 
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32031
 
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32031
 
[ System Events ]
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  AmdK8  Fips  i8042prt  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  Tcpip  WS2IFSL
 
Error - 17.05.2013 15:39:35 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error - 17.05.2013 15:42:40 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 17.05.2013 15:50:55 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
 
< End of report >
         

Antwort

Themen zu Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner
administrator, adobe, antivirus, bildschirm, bonjour, desktop, dll, dsl, einstellungen, error, explorer, farbar, farbar recovery scan tool, fehler, flash player, frst.exe, fslx.sys, google earth, gvu-trojaner windowsxp, launch, mozilla, nvidia, realtek, recycle.bin, refresh, registry, rundll, security, software, stick, temp, usb, version=1.0, weisser bildschirm, windows, windows xp



Ähnliche Themen: Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner


  1. Windows 7 weisser Bildschirm nach der Anmeldung
    Log-Analyse und Auswertung - 29.03.2014 (3)
  2. Windows 7: Weißer Bildschirm nach Anmeldung
    Log-Analyse und Auswertung - 05.03.2014 (5)
  3. Windows 7: weisser Bildschirm nach Start!
    Log-Analyse und Auswertung - 11.01.2014 (20)
  4. weißer Bildschirm nach Anmeldung, im abges. Modus sofortiger Neustart nach Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 22.11.2013 (12)
  5. Windows 7 -weißer Bildschirm nach Anmeldung
    Log-Analyse und Auswertung - 26.10.2013 (9)
  6. Win7 nach Anmeldung weisser Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (11)
  7. Weißer Bildschirm nach Anmeldung (Windows 7)
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (11)
  8. weisser Bildschirm nach booten von Windows 7
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (16)
  9. weisser Bildschirm nach dem booten von windows 7
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (1)
  10. weisser Bildschirm nach Win7-Anmeldung
    Log-Analyse und Auswertung - 17.05.2013 (10)
  11. WIN7 64bit weisser bildschirm nach anmeldung
    Log-Analyse und Auswertung - 01.05.2013 (3)
  12. Weisser Bildschirm nach Anmeldung Win7
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (2)
  13. Weisser Bildschirm nach Windows- Start
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (14)
  14. Ich habe nur mehr einen weißen bildschirm nach der anmeldung von windows 7! Schätze es ist ein Trojaner. Bitte um Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 11.09.2012 (13)
  15. Weisser Bildschirm nach Anmeldung keine Eingabemöglichkeit mehr
    Log-Analyse und Auswertung - 11.09.2012 (1)
  16. Weisser Bildschirm nach Anmeldung - bitte um Fix
    Plagegeister aller Art und deren Bekämpfung - 16.05.2012 (7)
  17. nach der Anmeldung im Win7 Weisser Bildschirm geht nichts mehr!!!!!
    Plagegeister aller Art und deren Bekämpfung - 14.05.2012 (14)

Zum Thema Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner - Hallo, auch ich habe mir den GVU-Trojaner eingefangen. Nachdem ich die Internetverbindung gekappt habe, ist der Bildschirm nur noch weiss. Betriebssystem: Windows XP SP3, Vers. 5.1.2600 Ich habe im abgesicherten - Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner...
Archiv
Du betrachtest: Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.