Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt (https://www.trojaner-board.de/112906-s-m-a-r-t-hdd-schwarz-desktop-start-menue-leer-ordner-dateien-versteckt.html)

Willie.s 02.04.2012 01:47
S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt
 
Hallo,

während ich im Internet war, hat sich plötzlich der Browser geschlossen und mehrere (15-20 Stück) Windows-Fenster "System message - Write Fault Error" mit der Fehlermeldung

"A write command during the test has failed to complete. This may be due to a media or read/write error. The system generates an exeption error when using a reference to an invalid system memory adress"

sind aufgeploppt. Kurz darauf ist ein weiteres Fenster "SMART HDD" aufgeploppt, das vorgibt, ein S.M.A.R.T. Check würde ablaufen. Dieser Scan weist folgende Fehler auf:

Hard drive boot sector reading error

Systemblocks were not found

The DRM attribute value is too small before disk scan

Error 0x00000050-Page_FAULT_INNONPAGED_AREA

Zur Behebung der Fehler wird auf eine Website verwiesen, die eine Reperatur-Software für 84,5 $ anbietet.

Zudem traten weitere Probleme auf:

Das Startmenü ist komplett leer.

Erst waren alle Symbole auf dem Desktop nicht mehr sichtbar, jetzt ist der Desktop komplett schwarz.

Sämtliche Dateien und Ordner sind versteckt.


Ich habe versucht, wie in der Checklist angegeben, den defogger sowie die dds herunterzuladen. Das war aber erfolglos.

Kann mir jemand weiterhelfen?

Gruß
Willie

Hallo zusammen,

habe es geschafft, den defogger und die dds herunterzuladen. Beides habe ich wie beschrieben ausgeführt. Hier die dds.txt:

[CODE].DDS Logfile:
Code:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_29
Run by Christian at 12:59:20 on 2012-04-02
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.895.338 [GMT 2:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Gemeinsame Dateien\Common Toolkit Suite\AVEngine\AVScanningService.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Gemeinsame Dateien\Common Toolkit Suite\AVEngine\AVWatchService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\MySecurityCenter\Programs\service.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\Fighters\FighterSuiteService.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbsecsvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\PestPatrol\PPControl.exe
C:\Programme\PestPatrol\PPMemCheck.exe
C:\Programme\PestPatrol\CookiePatrol.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe
C:\Programme\PowerISO\PWRISOVM.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
C:\Programme\Ask.com\Updater\Updater.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XSROCGDdNlpYr.exe
C:\Programme\Fighters\SPYWAREfighter\SWPROTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\6tvo03dNzTweJL.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uWinlogon: Shell=c:\dokumente und einstellungen\christian\anwendungsdaten\control components\ccmain.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\programme\elf_1.13\prxtbElf0.dll
BHO: Search-Results Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programme\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\programme\yontoo layers\YontooIEClient.dll
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
TB: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\programme\elf_1.13\prxtbElf0.dll
TB: Search-Results Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programme\ask.com\GenericAskToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\programme\messenger\msmsgs.exe" /background
uRun: [SansaDispatch] c:\dokumente und einstellungen\christian\anwendungsdaten\sandisk\sansa updater\SansaDispatch.exe
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\programme\windows media player\WMPNSCFG.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] "c:\programme\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PestPatrol Control Center] c:\programme\pestpatrol\PPControl.exe
mRun: [PPMemCheck] c:\programme\pestpatrol\PPMemCheck.exe
mRun: [CookiePatrol] c:\programme\pestpatrol\CookiePatrol.exe
mRun: [setc] c:\programme\mysecuritycenter\programs\setc.exe
mRun: [regist] c:\programme\mysecuritycenter\programs\Info.exe
mRun: [HotKey] c:\windows\twain_32\flatbed\HotKey.exe
mRun: [TkBellExe] "c:\programme\gemeinsame dateien\real\update_ob\realsched.exe"  -osboot
mRun: [Nikon Transfer Monitor] c:\programme\gemeinsame dateien\nikon\monitor\NkMonitor.exe
mRun: [PWRISOVM.EXE] c:\programme\poweriso\PWRISOVM.EXE
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
mRun: [HP Software Update] c:\programme\hp\hp software update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "c:\programme\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ApnUpdater] "c:\programme\ask.com\updater\Updater.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRun: [XSROCGDdNlpYr.exe] c:\dokumente und einstellungen\all users\anwendungsdaten\XSROCGDdNlpYr.exe
mRun: [SWPROguard] c:\programme\fighters\spywarefighter\SWPROTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoDesktop = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\programme\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://uploadserver.info/premium/mirror2/uploader/ImageUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143122975250
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{9FED7716-22A4-4CBF-B5DE-2B3A4642708F} : DhcpNameServer = 192.168.178.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\programme\gemeinsame dateien\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\christian\anwendungsdaten\mozilla\firefox\profiles\v88husb2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\programme\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\programme\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: c:\programme\google\picasa3\npPicasa3.dll
FF - plugin: c:\programme\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\programme\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programme\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\programme\avira\antivir desktop\avgio.sys [2010-4-13 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\avira\antivir desktop\sched.exe [2010-4-13 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2010-4-13 269480]
R2 AV Engine Scanning Service;AV Engine Scanning Service;c:\programme\gemeinsame dateien\common toolkit suite\avengine\AVScanningService.exe [2010-12-24 797848]
R2 AV Watch Service;AV Watch Service;c:\programme\gemeinsame dateien\common toolkit suite\avengine\AVWatchService.exe [2010-12-24 93328]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-13 66616]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-12-25 233472]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MySecurityCenter License Service;MySecurityCenter License Service;c:\programme\mysecuritycenter\programs\service.exe [2007-5-21 78696]
R2 Suite Service;Suite Service;c:\programme\fighters\FighterSuiteService.exe [2010-12-24 1141896]
R2 wbsecsvc;wbsecsvc;c:\windows\system32\wbsecsvc.exe [2006-3-23 245760]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-12-25 36608]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2006-3-23 28672]
R3 W33ND;W89C33 mPCI 802.11 Wireless LAN Adapter Driver;c:\windows\system32\drivers\W33ND.SYS [2006-3-23 140064]
S1 wbsecdrv;wbsecdrv Protocol Driver;c:\windows\system32\drivers\wbsecdrv.sys --> c:\windows\system32\drivers\wbsecdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys [2010-12-24 10264]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-5-25 18120]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2008-3-19 12288]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2010-12-25 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2010-12-25 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2010-12-25 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [2010-12-25 100352]
S4 Usbridkwap;Usbridkwap; [x]
.
=============== Created Last 30 ================
.
2012-04-02 09:48:21    --------    d--h--w-    c:\programme\gemeinsame dateien\Common Toolkit Suite
2012-04-02 09:48:21    --------    d--h--w-    c:\programme\Fighters
2012-04-02 09:48:21    --------    d--h--w-    c:\dokumente und einstellungen\all users\anwendungsdaten\Common Toolkit Suite
2012-04-02 09:46:50    --------    d--h--w-    c:\dokumente und einstellungen\all users\anwendungsdaten\Fighters
2012-04-02 09:46:14    --------    dc-h--w-    c:\dokumente und einstellungen\all users\anwendungsdaten\{D81057B4-29EC-41EB-A123-4E4E49873404}
2012-04-02 09:44:15    --------    d--h--w-    c:\dokumente und einstellungen\christian\anwendungsdaten\Fighters
2012-04-01 22:39:06    --------    d--h--w-    c:\programme\gemeinsame dateien\Wise Installation Wizard
2012-04-01 22:16:23    --------    d--h--w-    c:\programme\gemeinsame dateien\SpeedyPC Software
2012-04-01 22:16:22    --------    d--h--w-    c:\programme\SpeedyPC Software
2012-04-01 22:16:22    --------    d--h--w-    c:\dokumente und einstellungen\all users\anwendungsdaten\SpeedyPC Software
2012-04-01 21:01:27    231936    ---ha-w-    c:\dokumente und einstellungen\all users\anwendungsdaten\6tvo03dNzTweJL.exe
2012-04-01 20:55:39    297984    ---ha-w-    c:\dokumente und einstellungen\all users\anwendungsdaten\XSROCGDdNlpYr.exe
2012-03-20 16:15:03    592824    ---ha-w-    c:\programme\mozilla firefox\gkmedias.dll
2012-03-20 16:15:03    44472    ---ha-w-    c:\programme\mozilla firefox\mozglue.dll
2012-03-18 16:57:25    --------    d--h--w-    c:\dokumente und einstellungen\christian\lokale einstellungen\anwendungsdaten\VSO
.
==================== Find3M  ====================
.
2012-02-03 09:57:08    1860224    ---ha-w-    c:\windows\system32\win32k.sys
2012-01-11 19:06:33    3072    ---h--w-    c:\windows\system32\iacenc.dll
2012-01-09 16:20:20    139784    ---ha-w-    c:\windows\system32\drivers\rdpwd.sys
2010-05-15 09:11:14    7771222    ---ha-w-    c:\programme\Qtpfsgui-windows-SETUP-v1.9.2.exe
2010-05-15 09:00:40    2732732    ---ha-w-    c:\programme\PhotomatixBasic121.exe
.
============= FINISH: 13:00:16,89 ===============
--- --- ---



Gmer habe ich auch runtergeladen. Vor dem Ausführen habe ich alle Netzwerke (1x WLAN) getrennt und das Virenprogramm deaktiviert (Antivir). Als ich Gmer dann gestartet habe, wurde direkt ein Neustart ausgeführt. Als ich mich wieder angemeldet habe, waren das Netzwerk und Virenprogramm wieder aktiv. Ein Scan durch Gmer wurde nicht gestartet. Ein 2. Versuch ergab gleiches Ergebnis.

Ich hoffe, die dds und die attach hilft schon weiter!

Gruß
Christian

markusg 02.04.2012 13:16
hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Willie.s 03.04.2012 02:05
Hallo Markus,

hier die OTL.txt:

Code:
OTL logfile created on: 03.04.2012 02:36:02 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Dokumente und Einstellungen\Christian\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
895,48 Mb Total Physical Memory | 382,61 Mb Available Physical Memory | 42,73% Memory free
2,12 Gb Paging File | 1,69 Gb Available in Paging File | 79,95% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 62,82 Gb Total Space | 4,66 Gb Free Space | 7,42% Space Free | Partition Type: NTFS
Drive D: | 11,73 Gb Total Space | 2,46 Gb Free Space | 21,01% Space Free | Partition Type: FAT32
 
Computer Name: EINSTEIN | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Search-Results)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\MySecurityCenter\Programs\service.exe ()
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\wbsecsvc.exe (Winbond)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Programme\PestPatrol\CookiePatrol.exe (Computer Associates International)
PRC - C:\Programme\PestPatrol\PPControl.exe (Computer Associates International)
PRC - C:\Programme\PestPatrol\PPMemCheck.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\twain_32\FlatBed\HotKey.Exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\MySecurityCenter\Programs\service.exe ()
MOD - C:\Programme\PestPatrol\PPMemCheck.exe ()
MOD - C:\Programme\PestPatrol\PPServer.dll ()
MOD - C:\Programme\PestPatrol\PPEngine.dll ()
MOD - C:\WINDOWS\twain_32\FlatBed\HotKey.Exe ()
MOD - C:\WINDOWS\twain_32\FlatBed\VICEO.DLL ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Usbridkwap) --  File not found
SRV - (Suite Service) -- C:\Programme\Fighters\FighterSuiteService.exe File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (wlidsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (MySecurityCenter License Service) -- C:\Programme\MySecurityCenter\Programs\service.exe ()
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (wbsecsvc) -- C:\WINDOWS\System32\wbsecsvc.exe (Winbond)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (wbsecdrv) -- system32\DRIVERS\wbsecdrv.sys File not found
DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (AVFSFilter) -- system32\DRIVERS\avfsfilter.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (sscemdm) -- C:\WINDOWS\system32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\WINDOWS\system32\drivers\ssceserd.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\WINDOWS\system32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\WINDOWS\system32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Spyder3) -- C:\WINDOWS\system32\drivers\Spyder3.sys ()
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (W33ND) -- C:\WINDOWS\system32\drivers\W33ND.SYS (Winbond Electronics Corp.)
DRV - (ULI5261XP) -- C:\WINDOWS\system32\drivers\ULILAN51.SYS (ULi Electronics Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {D13D3A62-0591-49D1-9DD1-A904D6736216}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{B61AF424-73CC-4188-B592-ED9AFC7FE45F}: "URL" = hxxp://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41648033&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=96&apn_dtid=YYYYYYYYDE&apn_uid=FEB2BFB4-EECC-4FD7-992D-6AE7804BB1F1&apn_sauid=C5EE04B2-48C7-4A02-90F0-40DCF20D50CB&
IE - HKCU\..\SearchScopes\{D13D3A62-0591-49D1-9DD1-A904D6736216}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{EC52DCEC-0FBA-4E3D-8310-DAE782AA7E8B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.08.14 10:58:18 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.20 18:15:04 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.10.07 11:38:19 | 000,000,000 | -H-D | M]
 
[2011.04.06 01:06:48 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Mozilla\Extensions
[2012.02.22 23:06:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Mozilla\Firefox\Profiles\v88husb2.default\extensions
[2009.01.29 21:13:13 | 000,002,386 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Mozilla\Firefox\Profiles\v88husb2.default\searchplugins\siteadvisor.xml
[2012.01.16 00:38:06 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.08.14 10:55:56 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.03.20 18:15:03 | 000,097,208 | -H-- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.22 22:58:29 | 000,001,392 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.22 22:58:29 | 000,002,252 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.22 22:58:29 | 000,001,153 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.22 22:58:29 | 000,006,805 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.22 22:58:29 | 000,001,178 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.22 22:58:29 | 000,001,105 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.13 Toolbar) - {B80F591E-FE9A-46CF-A13E-180377240586} - C:\Programme\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CookiePatrol] C:\Programme\PestPatrol\CookiePatrol.exe (Computer Associates International)
O4 - HKLM..\Run: [HotKey] C:\WINDOWS\twain_32\FlatBed\HotKey.Exe ()
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PestPatrol Control Center] C:\Programme\PestPatrol\PPControl.exe (Computer Associates International)
O4 - HKLM..\Run: [PPMemCheck] C:\Programme\PestPatrol\PPMemCheck.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [regist] C:\Programme\MySecurityCenter\Programs\info.exe (MySecurityCenter)
O4 - HKLM..\Run: [setc] C:\Programme\MySecurityCenter\Programs\setc.exe (MySecurityCenter)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SWPROguard] C:\Programme\Fighters\SPYWAREfighter\SWPROTray.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SansaDispatch] C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://uploadserver.info/premium/mirror2/uploader/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143122975250 (WUWebControl Class)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FED7716-22A4-4CBF-B5DE-2B3A4642708F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Control Components\ccmain.exe) -  File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.04.05 06:41:03 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Macromedia Shockwave Director 10.1.1
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {672CC40F-BBC5-43F1-AA47-1210A0B8E043} - Microsoft Windows Media Player
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: SSHNAS -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Spyder3Utility.lnk - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe - ()
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Ulead Kalendar Checker 4.0 SE.lnk - C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe - (Ulead Systems, Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: Skype - hkey= - key= -  File not found
MsConfig - StartUpReg: swg - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.03 02:33:36 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Christian\Desktop\OTL.exe
[2012.04.03 02:13:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.04.03 02:03:30 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Christian\Recent
[2012.04.02 14:00:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.04.02 14:00:33 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.04.02 14:00:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.04.02 13:48:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.04.02 13:48:19 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2012.04.02 12:54:19 | 000,607,260 | RH-- | C] (Swearware) -- C:\Dokumente und Einstellungen\Christian\Desktop\dds.com
[2012.04.02 11:48:21 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Toolkit Suite
[2012.04.02 11:46:50 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fighters
[2012.04.02 11:46:14 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~0
[2012.04.02 11:44:15 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Fighters
[2012.04.02 00:39:06 | 000,000,000 | -H-D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
[2012.04.02 00:16:22 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpeedyPC Software
[2012.04.02 00:07:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\CSC
[2012.04.01 23:01:41 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Christian\Startmenü\Programme\SMART HDD
[2012.03.18 18:57:25 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\VSO
[2012.03.18 18:56:46 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\VSO
[2010.05.15 11:09:17 | 007,771,222 | -H-- | C] (Qtpfsgui Dev Team                                          ) -- C:\Programme\Qtpfsgui-windows-SETUP-v1.9.2.exe
[2010.05.15 11:00:14 | 002,732,732 | -H-- | C] (HDRsoft Sarl                                                ) -- C:\Programme\PhotomatixBasic121.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.03 02:33:37 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Christian\Desktop\OTL.exe
[2012.04.03 02:32:03 | 000,001,090 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.03 02:26:50 | 000,001,086 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.03 02:26:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.03 02:26:18 | 939,048,960 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.03 02:08:12 | 000,000,230 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.04.02 20:40:00 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\tasks\At2.job
[2012.04.02 14:00:39 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.02 14:00:00 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\tasks\At4.job
[2012.04.02 13:49:15 | 000,004,283 | ---- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\attach.zip
[2012.04.02 12:58:04 | 000,302,592 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\ld6d3uxc.exe
[2012.04.02 12:56:22 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.02 12:54:22 | 000,607,260 | RH-- | M] (Swearware) -- C:\Dokumente und Einstellungen\Christian\Desktop\dds.com
[2012.04.02 12:35:03 | 000,050,477 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\Defogger.exe
[2012.04.01 23:18:40 | 000,460,706 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.04.01 23:18:40 | 000,442,894 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.01 23:18:40 | 000,085,580 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.04.01 23:18:40 | 000,072,160 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.01 23:01:42 | 000,000,184 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-6tvo03dNzTweJLr
[2012.04.01 23:01:42 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-6tvo03dNzTweJL
[2012.04.01 23:01:38 | 000,000,256 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\6tvo03dNzTweJL
[2012.03.25 17:46:02 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.22 23:57:18 | 007,334,565 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\TGM-Kanis-Turbinen-GmbH_G-Star_Outlet.pdf
[2012.03.20 12:32:05 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\tasks\At3.job
[2012.03.18 18:53:06 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLbx.DAT
[2012.03.16 00:03:40 | 001,529,184 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.15 22:48:08 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2012.03.10 11:10:00 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\tasks\At1.job
[2012.03.05 21:33:25 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLdu.DAT
[2012.03.04 23:55:54 | 135,164,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\Eigene Dateien\TempImage.nrg
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.02 14:00:39 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.02 13:49:15 | 000,004,283 | ---- | C] () -- C:\Dokumente und Einstellungen\Christian\Desktop\attach.zip
[2012.04.02 12:58:03 | 000,302,592 | -H-- | C] () -- C:\Dokumente und Einstellungen\Christian\Desktop\ld6d3uxc.exe
[2012.04.02 12:43:04 | 000,050,477 | -H-- | C] () -- C:\Dokumente und Einstellungen\Christian\Desktop\Defogger.exe
[2012.04.02 00:44:13 | 939,048,960 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.01 23:01:42 | 000,000,184 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-6tvo03dNzTweJLr
[2012.04.01 23:01:42 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-6tvo03dNzTweJL
[2012.04.01 23:01:34 | 000,000,256 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\6tvo03dNzTweJL
[2012.03.22 23:57:18 | 007,334,565 | -H-- | C] () -- C:\Dokumente und Einstellungen\Christian\Desktop\TGM-Kanis-Turbinen-GmbH_G-Star_Outlet.pdf
[2012.03.04 23:51:50 | 135,164,736 | -H-- | C] () -- C:\Dokumente und Einstellungen\Christian\Eigene Dateien\TempImage.nrg
[2012.02.17 00:17:59 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.28 01:46:01 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.12.26 00:15:25 | 001,791,728 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.12.25 23:10:57 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.12.25 23:10:57 | 000,036,608 | -H-- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.05.25 08:45:24 | 000,974,848 | -H-- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2010.05.25 08:45:24 | 000,081,920 | -H-- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2010.05.25 08:45:24 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2010.05.25 08:45:24 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010.05.15 12:49:31 | 000,782,336 | -H-- | C] () -- C:\WINDOWS\System32\IlmImf.dll
[2010.05.15 12:49:31 | 000,353,280 | -H-- | C] () -- C:\WINDOWS\System32\pmtf2.dll
[2010.05.15 12:49:31 | 000,270,848 | -H-- | C] () -- C:\WINDOWS\System32\PhotomatixLib.dll
[2010.05.15 12:49:31 | 000,229,376 | -H-- | C] () -- C:\WINDOWS\System32\PhotomatixLib2.dll
[2010.05.15 12:49:31 | 000,216,064 | -H-- | C] () -- C:\WINDOWS\System32\pmjp.dll
[2010.05.15 12:49:31 | 000,205,824 | -H-- | C] () -- C:\WINDOWS\System32\pmtf1.dll
[2010.05.15 12:49:31 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\PhotomatixLib3.dll
[2010.05.15 12:49:31 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\pmexr.dll
[2010.05.15 12:49:31 | 000,011,776 | -H-- | C] () -- C:\WINDOWS\System32\pmbm.dll
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.04.03 02:13:51 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2007.12.16 12:58:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen
[2006.04.05 07:18:09 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.12.25 23:01:22 | 000,000,000 | -H-D | M] -- C:\Program Files
[2012.04.03 02:16:13 | 000,000,000 | RH-D | M] -- C:\Programme
[2008.04.03 11:57:06 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012.04.03 02:38:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.23 18:40:47 | 000,000,000 | -H-D | M] -- C:\Temp
[2011.05.23 22:27:03 | 000,000,000 | -H-D | M] -- C:\THExcel
[2012.04.03 02:26:30 | 000,000,000 | -H-D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2010.05.15 11:00:40 | 002,732,732 | -H-- | M] (HDRsoft Sarl                                                ) -- C:\Programme\PhotomatixBasic121.exe
[2010.05.15 11:11:14 | 007,771,222 | -H-- | M] (Qtpfsgui Dev Team                                          ) -- C:\Programme\Qtpfsgui-windows-SETUP-v1.9.2.exe
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.01.12 22:53:28 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010.01.12 22:53:28 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.01.12 22:53:28 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010.01.12 22:53:28 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.10 14:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.10 14:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.10 14:00:00 | 001,035,264 | -H-- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:10:08 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 15:21:45 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2005.10.12 13:07:12 | 000,874,240 | -H-- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\OEMDRV\iastor.sys
[2005.06.17 08:33:40 | 000,872,064 | -H-- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\I386\IASTOR.SYS
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.10 14:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2005.02.12 02:11:02 | 000,089,856 | -H-- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\WINDOWS\OEMDRV\nvatabus.sys
[2005.01.20 09:45:30 | 000,088,960 | -H-- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\WINDOWS\I386\NVATABUS.SYS
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.10 14:00:00 | 000,186,880 | -H-- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | -H-- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.10 14:00:00 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | -H-- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.10 14:00:00 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2004.05.18 16:55:26 | 000,074,112 | -H-- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\I386\VIAMRAID.SYS
[2004.05.18 16:55:26 | 000,074,112 | -H-- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\OEMDRV\viamraid.sys
 
< MD5 for: WINLOGON.EXE  >
[2004.08.10 14:00:00 | 000,507,392 | -H-- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.10 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.03.23 15:54:24 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.03.23 15:54:24 | 000,663,552 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.03.23 15:54:24 | 000,421,888 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011.01.07 16:23:35 | 000,000,175 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\default.pls
[2012.04.03 02:05:37 | 008,126,464 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\NTUSER.DAT
[2012.04.03 02:37:54 | 000,253,952 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\ntuser.dat.LOG
[2012.04.03 02:05:37 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Christian\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.02.03 11:57:08 | 001,860,224 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<          >

< End of report >
Und die Extras.txt:

Code:
OTL Extras logfile created on: 03.04.2012 02:36:02 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Dokumente und Einstellungen\Christian\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
895,48 Mb Total Physical Memory | 382,61 Mb Available Physical Memory | 42,73% Memory free
2,12 Gb Paging File | 1,69 Gb Available in Paging File | 79,95% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 62,82 Gb Total Space | 4,66 Gb Free Space | 7,42% Space Free | Partition Type: NTFS
Drive D: | 11,73 Gb Total Space | 2,46 Gb Free Space | 21,01% Space Free | Partition Type: FAT32
 
Computer Name: EINSTEIN | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Programme\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [dm Fotowelt] -- "C:\Programme\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\AOL 9.0\AOL.exe" = C:\Programme\AOL 9.0\AOL.exe:*:enabled:AOL 9.0
"C:\Programme\AOL 9.0\WAOL.exe" = C:\Programme\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:enabled:Skype
"C:\Programme\CA\eTrust Antivirus\InocIT.exe" = C:\Programme\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner
"C:\Programme\CA\eTrust Antivirus\Realmon.exe" = C:\Programme\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor
"C:\Programme\CA\eTrust Antivirus\InoRpc.exe" = C:\Programme\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe" = C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome -- (Ahead Software AG)
"C:\Programme\InterVideo\DVD7\WinDVD.exe" = C:\Programme\InterVideo\DVD7\WinDVD.exe:*:enabled:InterVideo WinDVD 7 -- (InterVideo Inc.)
"C:\Programme\InterVideo\MediaOne Gallery\mediaone.exe" = C:\Programme\InterVideo\MediaOne Gallery\mediaone.exe:*:enabled:InterVideo MediaOne Gallery -- ()
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\CA\eTrust Antivirus\InocIT.exe" = C:\Programme\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner
"C:\Programme\CA\eTrust Antivirus\Realmon.exe" = C:\Programme\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor
"C:\Programme\CA\eTrust Antivirus\InoRpc.exe" = C:\Programme\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe" = C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome -- (Ahead Software AG)
"C:\Programme\InterVideo\DVD7\WinDVD.exe" = C:\Programme\InterVideo\DVD7\WinDVD.exe:*:enabled:InterVideo WinDVD 7 -- (InterVideo Inc.)
"C:\Programme\InterVideo\MediaOne Gallery\mediaone.exe" = C:\Programme\InterVideo\MediaOne Gallery\mediaone.exe:*:enabled:InterVideo MediaOne Gallery -- ()
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:enable -- (Microsoft Corporation)
"C:\Programme\AOL 9.0\WAOL.exe" = C:\Programme\AOL 9.0\WAOL.exe:*:Disabled:AOL 9.0
"C:\Programme\AOL 9.0\AOL.exe" = C:\Programme\AOL 9.0\AOL.exe:*:Disabled:AOL 9.0
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe:*:Disabled:AOL 9.0 (Connectivity Service Dialer)
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe:*:Disabled:AOL 9.0 (Connectivity Service)
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Disabled:MSN Messenger 7.5
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe" = C:\Programme\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Geräteeinrichtung -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe" = C:\Programme\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Netzwerkkommunikator -- (Hewlett-Packard Co.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{143BE018-D8F8-4014-8CB6-AF63F5799D21}" = ULi LAN Driver
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{261D0486-9127-4071-BA1D-FE784310752E}" = videon
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.72
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}" = Ulead FilmBrennerei 4.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CFFAEC0-1F2A-4D38-8D95-3995A936ADD9}" = NetWorkingWizard_ICM
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5A7D2B13-9522-48A9-A06F-A9C4AA33D8AD}" = SPYWAREfighter
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{622C377C-CF0D-492A-BC20-0480381A79E3}" = MySecurityCenter License Service
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80D847BF-3610-4BE4-9F05-970BADEADB9A}" = Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten
"{81CB77FF-9789-4337-A46E-185F7876AC40}" = Adobe Photoshop Lightroom 2.6
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CA7DA5E-B8BD-4E9F-A6F2-BAF53D503498}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}" = Ulead VideoStudio 9.0
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{96C267DA-0926-4C11-B4E7-4D3EF85130D0}" = Paint.NET v3.22
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4970F2B-17E4-486E-9D4A-05EB996812AE}" = Jalbum
"{A4C0464C-542F-497B-B36D-A631E9A6F6C6}" = Reflex4
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5924CA6-24A7-48F5-BC9C-8BFA94ED4564}" = LightScribe  1.4.67.1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB09F557-4821-46D0-BF86-8D1389AA6BC7}" = Tabellenbuch Metall digital
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD6A398A-42A7-485D-8F71-FD9D03FF41C2}" = PED Professional
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"{FAF88B432344413595BB2DED98385684}" = DivX User Guide
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Capture NX 2" = Capture NX 2
"Creatix 2.0 AC'97 Soft Modem" = Creatix 2.0 AC'97 Modem
"dm Fotowelt" = dm Fotowelt
"Elf_1.13 Toolbar" = Elf 1.13 Toolbar
"ElsterFormular 11.5.0.4546" = ElsterFormular
"Exif-Viewer" = Exif-Viewer 2.50
"FastStone Image Viewer" = FastStone Image Viewer 4.1
"HP Photo Creations" = HP Photo Creations
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"LetsTrade" = LetsTrade Komponenten
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PED Professional" = PED Professional
"Photomatix Basic_is1" = Photomatix Basic version 1.2.1
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"Qtpfsgui_is1" = Qtpfsgui 1.9.2
"RealPlayer 6.0" = RealPlayer
"RI-CAD_is1" = RI-CAD
"Spyder3Pro" = Spyder3Pro
"SPYWAREfighter" = SPYWAREfighter
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative Systeminformationen
"USB Scanner" = USB Scanner
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Winbond WLAN" = Winbond WLAN
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Media Center Edition Screen Saver Screen Saver" = Windows XP Media Center Edition Screen Saver Screen Saver
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZENcast Organizer" = ZENcast Organizer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.04.2012 05:52:28 | Computer Name = EINSTEIN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung 6tvo03dNzTweJL.exe, Version 9.63.24.24, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 02.04.2012 05:54:55 | Computer Name = EINSTEIN | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich -1383909612.
 
Error - 02.04.2012 06:05:56 | Computer Name = EINSTEIN | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 02.04.2012 06:08:18 | Computer Name = EINSTEIN | Source = Media Center Scheduler | ID = 0
Description =
 
Error - 02.04.2012 07:08:06 | Computer Name = EINSTEIN | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 02.04.2012 07:09:06 | Computer Name = EINSTEIN | Source = Media Center Scheduler | ID = 0
Description =
 
Error - 02.04.2012 07:16:35 | Computer Name = EINSTEIN | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 02.04.2012 20:08:11 | Computer Name = EINSTEIN | Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
 Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
 wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
 die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
 in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041d: InitEventCollector
 fail
 
Error - 02.04.2012 20:21:52 | Computer Name = EINSTEIN | Source = Media Center Scheduler | ID = 0
Description =
 
Error - 02.04.2012 20:26:43 | Computer Name = EINSTEIN | Source = Media Center Scheduler | ID = 0
Description =
 
[ System Events ]
Error - 02.04.2012 20:18:50 | Computer Name = EINSTEIN | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 02.04.2012 20:20:01 | Computer Name = EINSTEIN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:  %%2
 
Error - 02.04.2012 20:20:01 | Computer Name = EINSTEIN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Suite Service" wurde aufgrund folgenden Fehlers nicht
gestartet:  %%3
 
Error - 02.04.2012 20:20:01 | Computer Name = EINSTEIN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  wbsecdrv
 
Error - 02.04.2012 20:22:06 | Computer Name = EINSTEIN | Source = System Error | ID = 1003
Description = Fehlercode 00000019, 1. Parameter 00000020, 2. Parameter 84dba000,
 3. Parameter 84dba828, 4. Parameter 1b050000.
 
Error - 02.04.2012 20:26:40 | Computer Name = EINSTEIN | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 02.04.2012 20:27:42 | Computer Name = EINSTEIN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:  %%2
 
Error - 02.04.2012 20:27:42 | Computer Name = EINSTEIN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Suite Service" wurde aufgrund folgenden Fehlers nicht
gestartet:  %%3
 
Error - 02.04.2012 20:27:42 | Computer Name = EINSTEIN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  wbsecdrv
 
Error - 02.04.2012 20:27:52 | Computer Name = EINSTEIN | Source = System Error | ID = 1003
Description = Fehlercode 00000019, 1. Parameter 00000020, 2. Parameter 84e00000,
 3. Parameter 84e00828, 4. Parameter 1b050000.
 
 
< End of report >

Ich habe heute zudem noch Malwarebytes Anti-malware drüber laufen lassen.
Hier das zugehörige Log-File:

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.02.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Christian :: EINSTEIN [administrator]

02.04.2012 14:03:16
mbam-log-2012-04-03 (02-04-28).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401536
Time elapsed: 2 hour(s), 52 minute(s), 4 second(s)

Memory Processes Detected: 2
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XSROCGDdNlpYr.exe (Trojan.Agent) -> 2284 -> No action taken.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\6tvo03dNzTweJL.exe (Rogue.FakeHDD) -> 3724 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|XSROCGDdNlpYr.exe (Trojan.Agent) -> Data: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XSROCGDdNlpYr.exe -> No action taken.

Registry Data Items Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XSROCGDdNlpYr.exe (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\6tvo03dNzTweJL.exe (Rogue.FakeHDD) -> No action taken.
C:\RECYCLER\S-1-5-21-2807410001-2874036241-350567841-1006\Dc43.exe (Adware.InstallCore) -> No action taken.
C:\tujserrew.bat (Malware.Trace) -> No action taken.

(end)
Danke für die schnelle Hilfe!

Gruß
Christian

markusg 03.04.2012 08:20
lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Willie.s 03.04.2012 14:30
Hallo Markus,

ich habe die unhide.exe ausgeführt. Die Ordner/Dateien sind jetzt wieder auf dem Desktop und im Explorer sichtbar. Jedoch sind Unterordner von den Programmen im Startmenü nicht gänzlich sichtbar. Bsp.: Der Ordner für Microsoft Office ist sichtbar, Unterordner werden aber nicht angezeigt (leer). Dies betrifft aber nicht alle Unterordner. Ich habe die unhide.exe noch ein zweites Mal ausgeführt - ohne Erfolg bezüglich der Sichtbarkeit der Unterordner.

Hier die unhide.txt vom zweiten Durchlauf:

Code:
Unhide by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
  hxxp://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 04/03/2012 01:47:31 PM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 182271 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 5159 files processed.

Restoring the Start Menu.
 * 340 Shortcuts and Desktop items were restored.


Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 04/03/2012 01:55:05 PM
Execution time: 0 hours(s), 7 minute(s), and 33 seconds(s)

Die Combofix.exe habe ich auf dem Desktop gespeichert, alle Virenprogramme deaktiviert, alle Programme geschlossen, und dann die Combofix.exe ausgeführt. Am Ende gab es einen Neustart. Jedoch kann ich die Combofix.txt nicht finden. Stattdessen liegt unter C: ein Ordner "Combofix" dessen Inhalt dem Inhalt des Arbeitplatzes entspricht. Wobei im Pfadname der Unterordner Combofix nicht auftaucht, sondern direkt C:\...

Ist meine Schilderung verständlich für dich? Kannst du einen Fehler in meiner Ausfühung der beschriebenen Schritte erkennen? Soll ich die Combofix.exe nochmal durchführen?


Gruß
Christian

markusg 03.04.2012 14:41
schau ob eine log.txt auf c: liegt oder die combofix.txt im ordner qoobox, ebenfalls auf c: zu finden ist.

Willie.s 03.04.2012 20:00
Hallo Markus,

kann weder log.txt auf c: noch combofix.txt im ordner qoobox oder auf c: finden.

Soll ich combofix nochmal ausführen?

markusg 03.04.2012 20:10
führe das programm bitte noch mal aus, starte neu, drücke f8 wähle abgesicherter modus mit netzwerk, melde dich im betroffenen konto an.

Willie.s 03.04.2012 21:13
Hallo Markus,

habe combofix nochmal ausgeführt und bin jetzt im abgesicherten Modus mit Netzwerk angemeldet. Kann die combofix.txt bzw. log.txt immer noch nicht finden. Zu den betroffenen Konten: Wir haben zwei Konten auf dem Laptop eingerichtet, beide sind/waren von Smart Hdd betroffen.

markusg 04.04.2012 09:17
führe bitte erst mal den tdss killer aus:
http://www.trojaner-board.de/82358-t...entfernen.html
bei aktion wähle skip, log posten bitte

Willie.s 04.04.2012 11:25
Hallo Markus,

hier der log vom tdds killer:

Code:
12:15:27.0156 0964        TDSS rootkit removing tool 2.7.25.0 Apr  3 2012 13:42:32
12:15:27.0265 0964        ============================================================
12:15:27.0265 0964        Current date / time: 2012/04/04 12:15:27.0265
12:15:27.0265 0964        SystemInfo:
12:15:27.0265 0964       
12:15:27.0265 0964        OS Version: 5.1.2600 ServicePack: 3.0
12:15:27.0265 0964        Product type: Workstation
12:15:27.0265 0964        ComputerName: EINSTEIN
12:15:27.0265 0964        UserName: Christian
12:15:27.0265 0964        Windows directory: C:\WINDOWS
12:15:27.0265 0964        System windows directory: C:\WINDOWS
12:15:27.0265 0964        Processor architecture: Intel x86
12:15:27.0265 0964        Number of processors: 1
12:15:27.0265 0964        Page size: 0x1000
12:15:27.0265 0964        Boot type: Safe boot with network
12:15:27.0265 0964        ============================================================
12:15:29.0421 0964        Drive \Device\Harddisk0\DR0 - Size: 0x12A3F92000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2605, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:15:29.0421 0964        \Device\Harddisk0\DR0:
12:15:29.0421 0964        MBR used
12:15:29.0421 0964        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7DA15C9
12:15:29.0453 0964        \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x7DA1647, BlocksNum 0x177C97E
12:15:29.0500 0964        Initialize success
12:15:29.0500 0964        ============================================================
12:15:46.0375 1132        ============================================================
12:15:46.0375 1132        Scan started
12:15:46.0375 1132        Mode: Manual; SigCheck; TDLFS;
12:15:46.0375 1132        ============================================================
12:15:47.0531 1132        Abiosdsk - ok
12:15:47.0656 1132        abp480n5 - ok
12:15:47.0812 1132        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:15:51.0218 1132        ACPI - ok
12:15:51.0375 1132        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:15:51.0750 1132        ACPIEC - ok
12:15:51.0875 1132        Adobe LM Service (f84c9dee4698df3c1d76801b7b1b55d7) C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
12:15:51.0906 1132        Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
12:15:51.0906 1132        Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
12:15:52.0062 1132        adpu160m - ok
12:15:52.0234 1132        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:15:52.0546 1132        aec - ok
12:15:52.0671 1132        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:15:52.0750 1132        AFD - ok
12:15:52.0937 1132        AgereSoftModem  (b894a08f2a01e27c1989c31c96fdde83) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:15:53.0125 1132        AgereSoftModem - ok
12:15:53.0218 1132        Aha154x - ok
12:15:53.0312 1132        aic78u2 - ok
12:15:53.0437 1132        aic78xx - ok
12:15:53.0796 1132        ALCXWDM        (08a9aebdf5c1ae0d5fa6c3f105b2e69e) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
12:15:54.0234 1132        ALCXWDM - ok
12:15:54.0359 1132        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
12:15:54.0656 1132        Alerter - ok
12:15:54.0750 1132        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
12:15:55.0046 1132        ALG - ok
12:15:55.0234 1132        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:15:55.0546 1132        AliIde - ok
12:15:55.0687 1132        AmdK8          (b9dbaae3219661f4d0c5e8dc0c2f987d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:15:55.0750 1132        AmdK8 - ok
12:15:55.0859 1132        amsint - ok
12:15:56.0078 1132        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
12:15:56.0125 1132        AntiVirSchedulerService - ok
12:15:56.0250 1132        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
12:15:56.0281 1132        AntiVirService - ok
12:15:56.0406 1132        Apple Mobile Device (a8aa9d47f971570a5162b862b80f87e8) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
12:15:56.0421 1132        Apple Mobile Device - ok
12:15:56.0546 1132        AppMgmt        (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
12:15:56.0859 1132        AppMgmt - ok
12:15:56.0984 1132        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:15:57.0312 1132        Arp1394 - ok
12:15:57.0390 1132        asc - ok
12:15:57.0468 1132        asc3350p - ok
12:15:57.0562 1132        asc3550 - ok
12:15:57.0796 1132        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:15:57.0812 1132        aspnet_state - ok
12:15:57.0906 1132        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:15:58.0234 1132        AsyncMac - ok
12:15:58.0359 1132        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:15:58.0671 1132        atapi - ok
12:15:58.0781 1132        Atdisk - ok
12:15:58.0921 1132        Ati HotKey Poller (43e945dc2a642539e2b07633cdc9c30e) C:\WINDOWS\system32\Ati2evxx.exe
12:15:59.0000 1132        Ati HotKey Poller - ok
12:15:59.0171 1132        ati2mtag        (c762f8fca8f7023e3d405ab915e8acd7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:15:59.0328 1132        ati2mtag - ok
12:15:59.0421 1132        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:15:59.0765 1132        Atmarpc - ok
12:15:59.0875 1132        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
12:16:00.0203 1132        AudioSrv - ok
12:16:00.0312 1132        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:16:00.0640 1132        audstub - ok
12:16:00.0750 1132        AVFSFilter - ok
12:16:00.0906 1132        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
12:16:00.0906 1132        avgio - ok
12:16:01.0046 1132        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:16:16.0437 1132        avgntflt - ok
12:16:16.0593 1132        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:16:16.0640 1132        avipbb - ok
12:16:16.0859 1132        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:16:17.0203 1132        Beep - ok
12:16:17.0328 1132        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
12:16:17.0625 1132        BITS - ok
12:16:17.0750 1132        Bonjour Service (9efe4236f8670846b6e7c5b0eff6e715) C:\Programme\Bonjour\mDNSResponder.exe
12:16:17.0781 1132        Bonjour Service - ok
12:16:17.0843 1132        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
12:16:18.0156 1132        Browser - ok
12:16:18.0312 1132        catchme - ok
12:16:18.0453 1132        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:16:18.0812 1132        cbidf2k - ok
12:16:18.0906 1132        cd20xrnt - ok
12:16:19.0000 1132        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:16:19.0390 1132        Cdaudio - ok
12:16:19.0500 1132        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:16:19.0781 1132        Cdfs - ok
12:16:19.0828 1132        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:16:20.0218 1132        Cdrom - ok
12:16:20.0312 1132        Changer - ok
12:16:20.0437 1132        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
12:16:20.0750 1132        CiSvc - ok
12:16:20.0859 1132        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
12:16:21.0140 1132        ClipSrv - ok
12:16:21.0359 1132        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:16:21.0375 1132        clr_optimization_v2.0.50727_32 - ok
12:16:21.0468 1132        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:16:21.0750 1132        CmBatt - ok
12:16:21.0875 1132        CmdIde - ok
12:16:21.0968 1132        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:16:22.0265 1132        Compbatt - ok
12:16:22.0312 1132        COMSysApp - ok
12:16:22.0453 1132        Cpqarray - ok
12:16:22.0562 1132        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
12:16:22.0859 1132        CryptSvc - ok
12:16:22.0984 1132        dac2w2k - ok
12:16:23.0062 1132        dac960nt - ok
12:16:23.0218 1132        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
12:16:23.0343 1132        DcomLaunch - ok
12:16:23.0500 1132        dgderdrv        (3be1651c63954067940e7f473498ad70) C:\WINDOWS\system32\drivers\dgderdrv.sys
12:16:32.0875 1132        dgderdrv - ok
12:16:33.0015 1132        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
12:16:33.0312 1132        Dhcp - ok
12:16:33.0359 1132        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:16:33.0671 1132        Disk - ok
12:16:33.0718 1132        dmadmin - ok
12:16:33.0890 1132        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
12:16:34.0218 1132        dmboot - ok
12:16:34.0328 1132        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
12:16:34.0656 1132        dmio - ok
12:16:34.0703 1132        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:16:35.0109 1132        dmload - ok
12:16:35.0218 1132        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
12:16:35.0515 1132        dmserver - ok
12:16:35.0625 1132        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:16:35.0906 1132        DMusic - ok
12:16:36.0015 1132        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
12:16:36.0125 1132        Dnscache - ok
12:16:36.0250 1132        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
12:16:36.0578 1132        Dot3svc - ok
12:16:36.0671 1132        dpti2o - ok
12:16:36.0765 1132        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:16:37.0062 1132        drmkaud - ok
12:16:37.0171 1132        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
12:16:37.0468 1132        EapHost - ok
12:16:37.0593 1132        ehRecvr        (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
12:16:37.0734 1132        ehRecvr - ok
12:16:37.0875 1132        ehSched        (e774bf24a6cb798dce67ad1c8e917152) C:\WINDOWS\eHome\ehSched.exe
12:16:37.0906 1132        ehSched - ok
12:16:38.0031 1132        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
12:16:38.0312 1132        ERSvc - ok
12:16:38.0453 1132        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:16:38.0546 1132        Eventlog - ok
12:16:38.0718 1132        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
12:16:38.0781 1132        EventSystem - ok
12:16:38.0937 1132        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:16:39.0234 1132        Fastfat - ok
12:16:39.0359 1132        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:16:39.0437 1132        FastUserSwitchingCompatibility - ok
12:16:39.0531 1132        Fax            (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
12:16:39.0843 1132        Fax - ok
12:16:40.0000 1132        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:16:40.0265 1132        Fdc - ok
12:16:40.0406 1132        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
12:16:40.0687 1132        Fips - ok
12:16:40.0828 1132        FLEXnet Licensing Service (d778107d7c2a19d7e7a884a9f0d79581) C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:16:40.0921 1132        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:16:40.0921 1132        FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:16:41.0031 1132        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:16:41.0328 1132        Flpydisk - ok
12:16:41.0437 1132        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:16:41.0765 1132        FltMgr - ok
12:16:41.0968 1132        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:16:42.0015 1132        FontCache3.0.0.0 - ok
12:16:42.0140 1132        FsUsbExDisk    (cbe5f69a5e5b918225f420ba748f3742) C:\WINDOWS\system32\FsUsbExDisk.SYS
12:16:42.0156 1132        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
12:16:42.0156 1132        FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
12:16:42.0265 1132        FsUsbExService  (15ab846886c225fff0376f3cef21188f) C:\WINDOWS\system32\FsUsbExService.Exe
12:16:42.0328 1132        FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
12:16:42.0328 1132        FsUsbExService - detected UnsignedFile.Multi.Generic (1)
12:16:42.0437 1132        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:16:42.0765 1132        Fs_Rec - ok
12:16:42.0906 1132        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:16:43.0250 1132        Ftdisk - ok
12:16:43.0375 1132        GEARAspiWDM    (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:16:43.0421 1132        GEARAspiWDM - ok
12:16:43.0500 1132        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:16:43.0781 1132        Gpc - ok
12:16:43.0984 1132        gupdate        (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
12:16:44.0000 1132        gupdate - ok
12:16:44.0046 1132        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
12:16:44.0062 1132        gupdatem - ok
12:16:44.0218 1132        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:16:44.0515 1132        helpsvc - ok
12:16:44.0562 1132        HidServ - ok
12:16:44.0656 1132        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:16:44.0968 1132        HidUsb - ok
12:16:45.0125 1132        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
12:16:45.0406 1132        hkmsvc - ok
12:16:45.0484 1132        hpn - ok
12:16:45.0578 1132        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:16:45.0671 1132        HTTP - ok
12:16:45.0765 1132        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
12:16:46.0046 1132        HTTPFilter - ok
12:16:46.0093 1132        i2omgmt - ok
12:16:46.0171 1132        i2omp - ok
12:16:46.0265 1132        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:16:46.0562 1132        i8042prt - ok
12:16:46.0718 1132        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:16:46.0750 1132        IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:16:46.0750 1132        IDriverT - detected UnsignedFile.Multi.Generic (1)
12:16:47.0015 1132        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:16:47.0093 1132        idsvc - ok
12:16:47.0218 1132        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:16:47.0531 1132        Imapi - ok
12:16:47.0656 1132        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
12:16:47.0953 1132        ImapiService - ok
12:16:48.0031 1132        ini910u - ok
12:16:48.0187 1132        IntelIde - ok
12:16:48.0328 1132        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:16:48.0609 1132        Ip6Fw - ok
12:16:48.0750 1132        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:16:49.0078 1132        IpFilterDriver - ok
12:16:49.0187 1132        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:16:49.0484 1132        IpInIp - ok
12:16:49.0578 1132        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:16:49.0875 1132        IpNat - ok
12:16:50.0015 1132        iPod Service    (62937a89470af8ff172f0980ca8aefc9) C:\Programme\iPod\bin\iPodService.exe
12:16:50.0093 1132        iPod Service - ok
12:16:50.0218 1132        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:16:50.0484 1132        IPSec - ok
12:16:50.0625 1132        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:16:50.0921 1132        IRENUM - ok
12:16:51.0015 1132        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:16:51.0312 1132        isapnp - ok
12:16:51.0468 1132        Iviaspi        (94a8c9436c36cd9657cfed0043066b9c) C:\WINDOWS\system32\drivers\iviaspi.sys
12:16:51.0500 1132        Iviaspi ( UnsignedFile.Multi.Generic ) - warning
12:16:51.0500 1132        Iviaspi - detected UnsignedFile.Multi.Generic (1)
12:16:51.0625 1132        JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe
12:16:51.0640 1132        JavaQuickStarterService - ok
12:16:51.0703 1132        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:16:52.0046 1132        Kbdclass - ok
12:16:52.0140 1132        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:16:52.0437 1132        kmixer - ok
12:16:52.0562 1132        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:16:52.0671 1132        KSecDD - ok
12:16:52.0750 1132        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
12:16:52.0875 1132        lanmanserver - ok
12:16:53.0000 1132        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
12:16:53.0046 1132        lanmanworkstation - ok
12:16:53.0140 1132        lbrtfdc - ok
12:16:53.0406 1132        LightScribeService (d30d9547c02ecee13e259970f71503d7) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
12:16:53.0421 1132        LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:16:53.0421 1132        LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:16:53.0546 1132        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
12:16:53.0828 1132        LmHosts - ok
12:16:53.0968 1132        McrdSvc        (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe
12:16:54.0015 1132        McrdSvc - ok
12:16:54.0140 1132        MDM            (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
12:16:54.0171 1132        MDM - ok
12:16:54.0296 1132        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
12:16:54.0593 1132        Messenger - ok
12:16:54.0703 1132        MHN            (ded60230e3019c508769ec3c15bcda44) C:\WINDOWS\System32\mhn.dll
12:16:54.0734 1132        MHN ( UnsignedFile.Multi.Generic ) - warning
12:16:54.0734 1132        MHN - detected UnsignedFile.Multi.Generic (1)
12:16:54.0843 1132        MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:16:54.0875 1132        MHNDRV ( UnsignedFile.Multi.Generic ) - warning
12:16:54.0875 1132        MHNDRV - detected UnsignedFile.Multi.Generic (1)
12:16:55.0000 1132        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:16:55.0312 1132        mnmdd - ok
12:16:55.0437 1132        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
12:16:55.0734 1132        mnmsrvc - ok
12:16:55.0796 1132        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
12:16:56.0093 1132        Modem - ok
12:16:56.0218 1132        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:16:56.0484 1132        Mouclass - ok
12:16:56.0625 1132        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:16:56.0953 1132        mouhid - ok
12:16:57.0031 1132        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:16:57.0312 1132        MountMgr - ok
12:16:57.0406 1132        mraid35x - ok
12:16:57.0546 1132        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:16:57.0812 1132        MRxDAV - ok
12:16:57.0953 1132        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:16:58.0109 1132        MRxSmb - ok
12:16:58.0218 1132        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
12:16:58.0500 1132        MSDTC - ok
12:16:58.0593 1132        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:16:58.0937 1132        Msfs - ok
12:16:59.0031 1132        MSIServer - ok
12:16:59.0140 1132        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:16:59.0421 1132        MSKSSRV - ok
12:16:59.0546 1132        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:16:59.0828 1132        MSPCLOCK - ok
12:16:59.0937 1132        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:17:00.0250 1132        MSPQM - ok
12:17:00.0390 1132        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:17:00.0671 1132        mssmbios - ok
12:17:00.0750 1132        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:17:00.0859 1132        Mup - ok
12:17:00.0953 1132        MySecurityCenter License Service (500c0730c7c6f26a7e4b2e284adfe738) C:\Programme\MySecurityCenter\Programs\service.exe
12:17:01.0000 1132        MySecurityCenter License Service - ok
12:17:01.0109 1132        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
12:17:01.0421 1132        napagent - ok
12:17:01.0578 1132        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:17:01.0875 1132        NDIS - ok
12:17:02.0046 1132        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:17:02.0109 1132        NdisTapi - ok
12:17:02.0203 1132        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:17:02.0484 1132        Ndisuio - ok
12:17:02.0546 1132        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:17:02.0859 1132        NdisWan - ok
12:17:02.0968 1132        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:17:03.0062 1132        NDProxy - ok
12:17:03.0125 1132        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:17:03.0421 1132        NetBIOS - ok
12:17:03.0531 1132        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:17:03.0843 1132        NetBT - ok
12:17:03.0968 1132        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:17:04.0250 1132        NetDDE - ok
12:17:04.0296 1132        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:17:04.0640 1132        NetDDEdsdm - ok
12:17:04.0734 1132        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:17:05.0031 1132        Netlogon - ok
12:17:05.0140 1132        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
12:17:05.0437 1132        Netman - ok
12:17:05.0609 1132        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:17:05.0625 1132        NetTcpPortSharing - ok
12:17:05.0687 1132        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:17:06.0031 1132        NIC1394 - ok
12:17:06.0171 1132        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
12:17:06.0250 1132        Nla - ok
12:17:06.0343 1132        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:17:06.0625 1132        Npfs - ok
12:17:06.0734 1132        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:17:07.0031 1132        Ntfs - ok
12:17:07.0140 1132        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:17:07.0421 1132        NtLmSsp - ok
12:17:07.0562 1132        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
12:17:07.0875 1132        NtmsSvc - ok
12:17:07.0984 1132        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:17:08.0296 1132        Null - ok
12:17:08.0421 1132        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:17:08.0781 1132        NwlnkFlt - ok
12:17:08.0875 1132        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:17:09.0203 1132        NwlnkFwd - ok
12:17:09.0343 1132        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:17:09.0625 1132        ohci1394 - ok
12:17:09.0734 1132        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
12:17:09.0765 1132        ose - ok
12:17:09.0859 1132        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
12:17:10.0125 1132        Parport - ok
12:17:10.0234 1132        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:17:10.0515 1132        PartMgr - ok
12:17:10.0625 1132        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
12:17:10.0953 1132        ParVdm - ok
12:17:11.0093 1132        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
12:17:11.0375 1132        PCI - ok
12:17:11.0421 1132        PCIDump - ok
12:17:11.0546 1132        PCIIde - ok
12:17:11.0687 1132        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:17:11.0968 1132        Pcmcia - ok
12:17:12.0046 1132        PDCOMP - ok
12:17:12.0140 1132        PDFRAME - ok
12:17:12.0218 1132        PDRELI - ok
12:17:12.0343 1132        PDRFRAME - ok
12:17:12.0421 1132        perc2 - ok
12:17:12.0500 1132        perc2hib - ok
12:17:13.0015 1132        PEVSystemStart  (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE
12:17:13.0062 1132        PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
12:17:13.0062 1132        PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
12:17:13.0250 1132        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:17:13.0359 1132        PlugPlay - ok
12:17:13.0562 1132        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:17:13.0828 1132        PolicyAgent - ok
12:17:13.0968 1132        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:17:14.0265 1132        PptpMiniport - ok
12:17:14.0359 1132        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
12:17:14.0656 1132        Processor - ok
12:17:14.0781 1132        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:17:15.0046 1132        ProtectedStorage - ok
12:17:15.0171 1132        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:17:15.0453 1132        PSched - ok
12:17:15.0515 1132        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:17:15.0843 1132        Ptilink - ok
12:17:15.0921 1132        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:17:15.0968 1132        PxHelp20 - ok
12:17:16.0093 1132        ql1080 - ok
12:17:16.0171 1132        Ql10wnt - ok
12:17:16.0296 1132        ql12160 - ok
12:17:16.0406 1132        ql1240 - ok
12:17:16.0500 1132        ql1280 - ok
12:17:16.0640 1132        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:17:16.0968 1132        RasAcd - ok
12:17:17.0062 1132        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
12:17:17.0421 1132        RasAuto - ok
12:17:17.0515 1132        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:17:17.0796 1132        Rasl2tp - ok
12:17:17.0875 1132        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
12:17:18.0187 1132        RasMan - ok
12:17:18.0265 1132        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:17:18.0546 1132        RasPppoe - ok
12:17:18.0656 1132        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:17:19.0000 1132        Raspti - ok
12:17:19.0093 1132        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:17:19.0390 1132        Rdbss - ok
12:17:19.0546 1132        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:17:19.0859 1132        RDPCDD - ok
12:17:19.0968 1132        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:17:20.0281 1132        rdpdr - ok
12:17:20.0421 1132        RDPWD          (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:17:20.0515 1132        RDPWD - ok
12:17:20.0625 1132        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
12:17:20.0921 1132        RDSessMgr - ok
12:17:21.0031 1132        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:17:21.0312 1132        redbook - ok
12:17:21.0390 1132        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
12:17:21.0750 1132        RemoteAccess - ok
12:17:21.0812 1132        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
12:17:22.0109 1132        RemoteRegistry - ok
12:17:22.0250 1132        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
12:17:22.0531 1132        RpcLocator - ok
12:17:22.0656 1132        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
12:17:22.0781 1132        RpcSs - ok
12:17:22.0937 1132        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
12:17:23.0250 1132        RSVP - ok
12:17:23.0343 1132        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:17:23.0640 1132        SamSs - ok
12:17:23.0734 1132        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
12:17:24.0031 1132        SCardSvr - ok
12:17:24.0171 1132        SCDEmu          (3b35ce540758bbabb721e234cb5a4f3f) C:\WINDOWS\system32\drivers\SCDEmu.sys
12:17:24.0187 1132        SCDEmu ( UnsignedFile.Multi.Generic ) - warning
12:17:24.0187 1132        SCDEmu - detected UnsignedFile.Multi.Generic (1)
12:17:24.0312 1132        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
12:17:24.0593 1132        Schedule - ok
12:17:24.0765 1132        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:17:25.0046 1132        Secdrv - ok
12:17:25.0156 1132        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
12:17:25.0437 1132        seclogon - ok
12:17:25.0531 1132        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
12:17:25.0796 1132        SENS - ok
12:17:25.0953 1132        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
12:17:26.0234 1132        Serial - ok
12:17:26.0421 1132        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
12:17:26.0718 1132        Sfloppy - ok
12:17:26.0859 1132        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
12:17:27.0156 1132        SharedAccess - ok
12:17:27.0265 1132        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:17:27.0281 1132        ShellHWDetection - ok
12:17:27.0328 1132        Simbad - ok
12:17:27.0437 1132        Sparrow - ok
12:17:27.0531 1132        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:17:27.0843 1132        splitter - ok
12:17:27.0937 1132        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:17:28.0031 1132        Spooler - ok
12:17:28.0140 1132        Spyder3        (1c63fe706ab797bc3c24813ff969b4de) C:\WINDOWS\system32\DRIVERS\Spyder3.sys
12:17:28.0250 1132        Spyder3 - ok
12:17:28.0328 1132        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
12:17:28.0609 1132        sr - ok
12:17:28.0734 1132        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
12:17:29.0015 1132        srservice - ok
12:17:29.0140 1132        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:17:29.0218 1132        Srv - ok
12:17:29.0296 1132        sscebus        (b2063ce662af3ab20045121a5b716df6) C:\WINDOWS\system32\DRIVERS\sscebus.sys
12:17:29.0375 1132        sscebus - ok
12:17:29.0484 1132        sscemdfl        (66799dc0afe3dcaf8368cae17394a762) C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
12:17:29.0500 1132        sscemdfl - ok
12:17:29.0640 1132        sscemdm        (cbf03ffc08f8db547bab2f79aa663d16) C:\WINDOWS\system32\DRIVERS\sscemdm.sys
12:17:29.0656 1132        sscemdm - ok
12:17:29.0781 1132        ssceserd        (60cd4ad33aa52e58faac3abad18cf8ef) C:\WINDOWS\system32\DRIVERS\ssceserd.sys
12:17:29.0796 1132        ssceserd - ok
12:17:29.0937 1132        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
12:17:30.0218 1132        SSDPSRV - ok
12:17:30.0296 1132        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:17:30.0343 1132        ssmdrv - ok
12:17:30.0437 1132        StillCam        (a2dbcc4c8860449df1ab758ea28b4de0) C:\WINDOWS\system32\DRIVERS\serscan.sys
12:17:30.0812 1132        StillCam - ok
12:17:30.0937 1132        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
12:17:31.0234 1132        stisvc - ok
12:17:31.0328 1132        Suite Service - ok
12:17:31.0468 1132        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:17:31.0750 1132        swenum - ok
12:17:31.0843 1132        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:17:32.0140 1132        swmidi - ok
12:17:32.0218 1132        SwPrv - ok
12:17:32.0375 1132        symc810 - ok
12:17:32.0500 1132        symc8xx - ok
12:17:32.0578 1132        sym_hi - ok
12:17:32.0671 1132        sym_u3 - ok
12:17:32.0828 1132        SynTP          (e76e0a9a30a4f2809a3356af32d06f0b) C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:17:32.0890 1132        SynTP - ok
12:17:33.0000 1132        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:17:33.0296 1132        sysaudio - ok
12:17:33.0421 1132        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
12:17:33.0718 1132        SysmonLog - ok
12:17:33.0859 1132        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
12:17:34.0156 1132        TapiSrv - ok
12:17:34.0265 1132        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:17:34.0296 1132        Tcpip - ok
12:17:34.0406 1132        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:17:34.0687 1132        TDPIPE - ok
12:17:34.0796 1132        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:17:35.0062 1132        TDTCP - ok
12:17:35.0156 1132        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:17:35.0468 1132        TermDD - ok
12:17:35.0578 1132        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
12:17:35.0875 1132        TermService - ok
12:17:36.0000 1132        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:17:36.0062 1132        Themes - ok
12:17:36.0109 1132        TlntSvr        (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
12:17:36.0421 1132        TlntSvr - ok
12:17:36.0468 1132        TosIde - ok
12:17:36.0562 1132        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
12:17:36.0859 1132        TrkWks - ok
12:17:36.0968 1132        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:17:37.0296 1132        Udfs - ok
12:17:37.0484 1132        UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
12:17:37.0500 1132        UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
12:17:37.0500 1132        UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
12:17:37.0656 1132        ULI5261XP      (ce2dd5efb0f773382376faaf9f506542) C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS
12:17:37.0703 1132        ULI5261XP - ok
12:17:37.0812 1132        ultra - ok
12:17:37.0968 1132        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:17:38.0296 1132        Update - ok
12:17:38.0468 1132        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
12:17:38.0765 1132        upnphost - ok
12:17:38.0859 1132        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
12:17:39.0156 1132        UPS - ok
12:17:39.0234 1132        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:17:39.0562 1132        usbccgp - ok
12:17:39.0671 1132        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:17:39.0953 1132        usbehci - ok
12:17:40.0046 1132        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:17:40.0328 1132        usbhub - ok
12:17:40.0421 1132        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:17:40.0687 1132        usbohci - ok
12:17:40.0828 1132        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:17:41.0109 1132        usbprint - ok
12:17:41.0203 1132        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:17:41.0500 1132        usbscan - ok
12:17:41.0609 1132        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:17:41.0906 1132        USBSTOR - ok
12:17:42.0015 1132        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:17:42.0296 1132        VgaSave - ok
12:17:42.0375 1132        ViaIde - ok
12:17:42.0515 1132        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
12:17:42.0781 1132        VolSnap - ok
12:17:42.0875 1132        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
12:17:43.0171 1132        VSS - ok
12:17:43.0312 1132        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
12:17:43.0562 1132        W32Time - ok
12:17:43.0640 1132        W33ND          (0baa4c13ccd2cafe1e121121f1c1611d) C:\WINDOWS\system32\DRIVERS\W33ND.SYS
12:17:43.0687 1132        W33ND - ok
12:17:43.0781 1132        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:17:44.0093 1132        Wanarp - ok
12:17:44.0218 1132        wanatw - ok
12:17:44.0312 1132        wbsecdrv - ok
12:17:44.0390 1132        wbsecsvc - ok
12:17:44.0546 1132        Wdf01000        (060e8cb99cc0a6751db5810c042b0d45) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:17:44.0593 1132        Wdf01000 - ok
12:17:44.0687 1132        WDICA - ok
12:17:44.0828 1132        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:17:45.0109 1132        wdmaud - ok
12:17:45.0203 1132        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
12:17:45.0500 1132        WebClient - ok
12:17:45.0687 1132        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:17:45.0968 1132        winmgmt - ok
12:17:46.0328 1132        wlidsvc        (5144ae67d60ec653f97ddf3feed29e77) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:17:46.0484 1132        wlidsvc - ok
12:17:46.0593 1132        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:17:46.0703 1132        WmdmPmSN - ok
12:17:46.0843 1132        Wmi            (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
12:17:46.0984 1132        Wmi - ok
12:17:47.0078 1132        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:17:47.0390 1132        WmiApSrv - ok
12:17:47.0515 1132        WMPNetworkSvc  (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
12:17:47.0609 1132        WMPNetworkSvc - ok
12:17:47.0750 1132        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:17:47.0781 1132        WpdUsb - ok
12:17:47.0921 1132        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:17:48.0281 1132        WS2IFSL - ok
12:17:48.0421 1132        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
12:17:48.0703 1132        wscsvc - ok
12:17:48.0765 1132        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
12:17:49.0062 1132        wuauserv - ok
12:17:49.0187 1132        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:17:49.0218 1132        WudfPf - ok
12:17:49.0328 1132        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:17:49.0375 1132        WudfRd - ok
12:17:49.0437 1132        WudfSvc        (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:17:49.0500 1132        WudfSvc - ok
12:17:49.0625 1132        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
12:17:49.0921 1132        WZCSVC - ok
12:17:50.0046 1132        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
12:17:50.0328 1132        xmlprov - ok
12:17:50.0453 1132        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
12:17:50.0671 1132        \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:17:50.0671 1132        \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:17:50.0718 1132        Boot (0x1200)  (3512296c03ebe65e2d567ebf627925be) \Device\Harddisk0\DR0\Partition0
12:17:50.0718 1132        \Device\Harddisk0\DR0\Partition0 - ok
12:17:50.0812 1132        Boot (0x1200)  (018cb81baf85d085ba189dfbe6607988) \Device\Harddisk0\DR0\Partition1
12:17:50.0812 1132        \Device\Harddisk0\DR0\Partition1 - ok
12:17:50.0828 1132        ============================================================
12:17:50.0828 1132        Scan finished
12:17:50.0828 1132        ============================================================
12:17:51.0046 1768        Detected object count: 13
12:17:51.0046 1768        Actual detected object count: 13
12:22:58.0046 1768        Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0046 1768        Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0046 1768        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0046 1768        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0093 1768        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0093 1768        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0125 1768        FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0125 1768        FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0156 1768        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0156 1768        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0203 1768        Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0203 1768        Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0234 1768        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0234 1768        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0234 1768        MHN ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0234 1768        MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0281 1768        MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0281 1768        MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0281 1768        PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0281 1768        PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0281 1768        SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0281 1768        SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0312 1768        UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0312 1768        UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0312 1768        \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:22:58.0312 1768        \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

markusg 04.04.2012 16:26
sieht io aus.
wie läuft der pc?
lade den CCleaner standard:
CCleaner Download - CCleaner 3.17.1689
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Willie.s 04.04.2012 17:28
Hallo Markus,

hier die Programmliste des CCleaners mit meinen Kommentaren:

Code:
7-Zip 9.20                04.04.2012               
Adobe Acrobat 5.0        Adobe Systems, Inc.        04.04.2012                5.0                                                                        notwendig
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        04.04.2012                10.2.153.1                                                notwendig
Adobe Photoshop CS        Adobe Systems, Inc.                        CS                                                                                notwendig
Adobe Photoshop CS3        Adobe Systems Incorporated        24.08.2009                10.0                                                                notwendig
Adobe Photoshop Lightroom 2.6        Adobe        16.03.2010        106,5MB        2.6.1                                                                                notwendig
Adobe Reader 7.0.9 - Deutsch        Adobe Systems Incorporated        08.01.2009        78,1MB        7.0.9                                                        notwendig                                                               
Apple Mobile Device Support        Apple Inc.        02.02.2009        38,8MB        2.1.2.7                                                                        unnötig
Apple Software Update        Apple Inc.        02.02.2009        2,16MB        2.1.1.116                                                                        unnötig
Athlon 64 Processor Driver                04.04.2012                1.1.0.14                                                                        unbekannt
ATI - Dienstprogramm zur Deinstallation der Software                04.04.2012                6.14.10.1014                                                unbekannt
ATI Display Driver                03.04.2012                8.192-051101a1-030043C                                                                        unbekannt
ATI Systemsteuerung                04.04.2012                6.14.10.5171                                                                                unbekannt
AudibleManager        Audible, Inc.        04.04.2012                2147340288.2147348480.1344632.1244472                                                        unbekannt
Avira AntiVir Personal - Free Antivirus        Avira GmbH        04.04.2012                10.2.0.707                                                        notwendig
AVS Update Manager 1.0        Online Media Technologies Ltd.        03.08.2009                                                                                notwendig
AVS Video Converter 6        Online Media Technologies Ltd.        03.08.2009                                                                                notwendig       
AVS4YOU Software Navigator 1.3        Online Media Technologies Ltd.        03.08.2009                                                                        notwendig               
Bonjour        Apple Inc.        02.02.2009        0,49MB        1.0.105                                                                                                unnötig
Capture NX 2        NIKON CORPORATION        04.04.2012                2.0.0                                                                                notwendig
CCleaner        Piriform        04.04.2012                3.17                                                                                        notwendig
Creative Systeminformationen                04.04.2012                                                                                                notwendig                                                       
Creatix 2.0 AC'97 Modem                                                                                                                                unbekannt
DivX Player        DivXNetworks, Inc.        04.04.2012                2.5.5                                                                                notwendig
DivX Pro        DivXNetworks, Inc.        04.04.2012                5.2.1                                                                                notwendig
DivX User Guide        DivXNetworks, Inc.        04.04.2012                5.2.1                                                                                notwendig       
dm Fotowelt                04.04.2012                                                                                                                notwendig
Elf 1.13 Toolbar        Elf 1.13        04.04.2012                6.3.0.26                                                                        unbekannt
ElsterFormular        Landesfinanzdirektion Thüringen        04.04.2012                12.4.1.7699k                                                                notwendig
ElsterFormular 2008/2009        Steuerverwaltung des Bundes und der Länder        22.09.2009                10.3.0.0                                notwendig
Exif-Viewer 2.50        Ralf Bibinger        02.04.2012                2.50                                                                                unbekannt
FastStone Image Viewer 4.1        FastStone Soft        04.04.2012                4.1                                                                        notwendig
Google Toolbar for Firefox        Google        14.08.2008        0,96MB        2.1.20060807                                                                        unnötig
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät        Hewlett-Packard Co.        27.11.2010        97,8MB        22.0.334.0                notwendig
HP Deskjet 3050 J610 series Hilfe        Hewlett Packard        27.11.2010        12,9MB        140.0.63.63                                                        notwendig
HP Photo Creations        HP Photo Creations Powered by RocketLife        04.04.2012                1.0.0.3341                                        notwendig
HP Update        Hewlett-Packard        27.11.2010        2,97MB        5.002.005.003                                                                                notwendig
InterVideo MediaOne Gallery                04.04.2012                                                                                                unbekannt                                               
InterVideo WinDVD 7        InterVideo Inc.        04.04.2012                7.0-B27.184                                                                        unbekannt
iTunes        Apple Inc.        02.02.2009        103,9MB        8.0.2.20                                                                                        unnötig
J2SE Runtime Environment 5.0 Update 6        Sun Microsystems, Inc.        23.03.2006        152,3MB        1.5.0.60                                                unbekannt
Jalbum        Jalbum AB        09.01.2011        20,0MB        8.13                                                                                                unbekannt
Java(TM) 6 Update 29        Oracle        07.10.2011        91,1MB        6.0.290                                                                                        unbekannt
Kies        Ihr Firmenname        25.12.2010                1.4                                                                                                unbekannt
Learn2 Player (Uninstall Only)                04.04.2012                                                                                                unbekannt               
LetsTrade Komponenten                04.04.2012                                                                                                        unbekannt       
Macromedia Shockwave Player        Macromedia, Inc.        02.04.2012                10.1.0.11                                                        unbekannt
Malwarebytes Anti-Malware Version 1.60.1.1000        Malwarebytes Corporation        02.04.2012                1.60.1.1000                                notwendig
Microsoft .NET Framework 1.0 Hotfix (KB2572066)        Microsoft Corporation        11.10.2011                                                                unbekannt
Microsoft .NET Framework 1.0 Hotfix (KB979904)        Microsoft Corporation        10.06.2010                                                                unbekannt
Microsoft .NET Framework 1.1                12.01.2012                                                                                                unbekannt
Microsoft .NET Framework 1.1 German Language Pack        Microsoft        27.03.2006        3,00MB        1.1.4322                                        unbkeannt
Microsoft .NET Framework 2.0 Language Pack - DEU        Microsoft Corporation        23.03.2006                                                        unbekannt               
Microsoft .NET Framework 2.0 Service Pack 2        Microsoft Corporation        17.02.2012        185,2MB        2.2.30729                                        unbekannt
Microsoft .NET Framework 3.0 Service Pack 2        Microsoft Corporation        23.06.2010        209MB        3.2.30729                                        unbekannt
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        12.01.2012                                                                        unbekannt
Microsoft Compression Client Pack 1.0 for Windows XP        Microsoft Corporation        16.12.2007                1                                        unbekannt
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1        Microsoft Corporation        14.05.2010                                                        unbekannt
Microsoft Office Visio Professional 2003        Microsoft Corporation        15.09.2011        356MB        11.0.8173.0                                        notwendig
Microsoft Office XP Professional mit FrontPage        Microsoft Corporation        19.12.2008        241MB        10.0.2701.0                                        notwendig
Microsoft Silverlight        Microsoft Corporation        17.02.2012        165,7MB        4.1.10111.0                                                                unbekannt
Microsoft User-Mode Driver Framework Feature Pack 1.0        Microsoft Corporation        16.12.2007                                                        unbekannt               
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        16.06.2011        5,28MB        8.0.61001                                        unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        18.04.2011        10,2MB        9.0.30729.5570        unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        15.08.2010        9,65MB        9.0.30729                        unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        08.04.2010        10,2MB        9.0.30729.4148                        unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        16.06.2011        10,2MB        9.0.30729.6161                        unbekannt
Microsoft Windows-Journal-Viewer        Microsoft        30.03.2006        3,47MB        1.5.2315.3                                                        unbekannt
Microsoft Works        Microsoft Corporation        22.01.2011        294MB        08.05.0822                                                                        unnötig
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket        Microsoft Corporation        02.04.2012                                                unbekannt               
Mozilla Firefox 11.0 (x86 de)        Mozilla        04.04.2012                11.0                                                                                notwendig
MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        15.12.2007        2,62MB        4.20.9848.0                                                        unbekannt
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        13.11.2008        2,67MB        4.20.9870.0                                                        unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        25.11.2009        2,77MB        4.20.9876.0                                                        unbekannt
MSXML 6 Service Pack 2 (KB973686)        Microsoft Corporation        25.11.2009        1,40MB        6.20.2003.0                                                unbekannt
MySecurityCenter License Service        MySecurityCenter        15.12.2007        1,72MB        3.0.0.0                                                        unbekannt
NEF Codec        Nikon        16.02.2010                1.00.0000                                                                                        notwendig                                                                                notwendig
Nero Suite                04.04.2012                                                                                                                notwendig
NetWorkingWizard_ICM        Samsung        25.12.2010                1.02.010                                                                                notwendig
Nikon Transfer        Nikon        01.10.2009        46,7MB        1.5.0                                                                                                notwendig
Office 2003 Trial Assistant        Microsoft        06.04.2006        1,29MB        1.0.0                                                                        notwendig
Paint.NET v3.22        dotPDN LLC        27.03.2008        4,31MB        3.22.1                                                                                        notwendig                                                                notwendig
PDFCreator        Frank Heindörfer, Philip Chinery        04.01.2010                0.9.8                                                                notwendig
PED Professional        TÜV SÜD Industrie Service GmbH        20.07.2009                                                                                notwendig
Photomatix Basic version 1.2.1        HDRsoft Sarl        04.04.2012                1.2                                                                        notwendig
Picasa 3        Google, Inc.        04.04.2012                3.8                                                                                        unbekannt                                               
PowerISO                04.04.2012                                                                                                                notwendig
Qtpfsgui 1.9.2        Qtpfsgui Dev Team        15.05.2010                                                                                                unbekannt       
RealPlayer        RealNetworks        04.04.2012                                                                                                        notwendig
Realtek AC'97 Audio        Realtek Semiconductor Corp.        23.03.2006                5.18                                                                unbekannt
Reflex4        Reflex        19.04.2009        77,5MB        4.2.5                                                                                                        notwendig
RI-CAD        HiTec Zang GmbH                                                                                                                                unnötig
SAMSUNG USB Driver for Mobile Phones        SAMSUNG Electronics Co., Ltd.        02.04.2012                1.3.750.0                                        notwendig
Sansa Updater                02.04.2012                                                                                                                notwendig
Search-Results Toolbar        Search-Results.com        12.10.2011        3,96MB        1.13.1.0                                                                unbekannt
Sicherheitsupdate für Windows Media Encoder (KB2447961)        Microsoft Corporation        15.12.2010                                                        unbekannt       
Sicherheitsupdate für Windows Media Encoder (KB954156)        Microsoft Corporation        10.09.2008                                                        unbekannt       
Sicherheitsupdate für Windows Media Encoder (KB979332)        Microsoft Corporation        10.06.2010                                                        unbekannt               
Skype™ 4.0        Skype Technologies S.A.        28.04.2009        30,2MB        4.0.226                                                                                notwendig
SmartSound Quicktracks Plugin        SmartSound Software Inc        05.04.2006        3.0.2.6                                                                        unbekannt
Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten        Hewlett-Packard Co.        27.11.2010        4,80MB        22.0.334.0                unnötig
Synaptics Pointing Device Driver        Synaptics        04.04.2012                8.2.1.0                                                                notwendig
Ulead FilmBrennerei 4.0        Ulead Systems, Inc.        04.04.2012                4.0                                                                        notwendig
Ulead Photo Express 4.0 SE                02.04.2012                                                                                                notwendig
Ulead VideoStudio 9.0        Ulead System        02.04.2012                9.0                                                                                notwendig
ULi LAN Driver                04.04.2012                                                                                                                unbekannt                                                                        u
USB Scanner                03.04.2012                                                                                                                unnötig
VideoLAN VLC media player 0.8.6d        VideoLAN Team        04.04.2012                0.8.6d                                                                notwendig
videon        muvee Technologies        04.04.2012                3.5                                                                                        notwendig
ViewNX        Nikon        01.10.2009        30,6MB        1.4.0                                                                                                        notwendig
Viewpoint Media Player                04.04.2012                                                                                                        notwendig
VSO Image Resizer 3.0.1.72        VSO-Software        19.02.2010                3.0.1.72                                                                notwendig
Winbond WLAN                04.04.2012                                                                                                                unbekannt
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray        Microsoft Corporation        03.01.2011                1.0                        unbekannt
Windows Internet Explorer 8        Microsoft Corporation        26.09.2009                20090308.140743                                                        notwendig
Windows Live ID Sign-in Assistant        Microsoft Corporation        27.11.2010        4,69MB        6.500.3165.0                                                unbekannt
Windows Media Encoder 9-Reihe                05.04.2006                                                                                                notwendig       
Windows Media Format 11 runtime                04.04.2012                                                                                                notwendig
Windows Media Player 11                04.04.2012                                                                                                        notwendig
Windows XP Media Center Edition Screen Saver Screen Saver                04.04.2012                                                                notwendig
Windows XP Service Pack 3        Microsoft Corporation        12.01.2010                20080414.031514                                                        notwendig
WinRAR                04.04.2012                                                                                                                        unnötig       
WinZip 15.0        WinZip Computing, S.L.        10.06.2011        30,5MB        15.0.9411                                                                        notwendig
Yontoo Layers 1.10.01                10.06.2011                1.10.01                                                                                        unbekannt
ZENcast Organizer                04.04.2012                                                                                                        notwendig

Der Rechner läuft gut. Ein Problem ist noch, dass im Startmenü -> Alle Programme nicht alle Unterordner der Programme aufgeführt sind. Außerdem ist mir gerade aufgefallen, dass es unter Alle Programme einen Ordner SMART HDD gibt mit den Unterordnern SMART HDD und Uninstall SMART HDD. Was soll ich damit machen? Habe die Befürchtung, wenn ich auf Uninstall gehe, aktiviere ich wieder den Virus.

markusg 04.04.2012 19:12
deinstaliere:
Adobe Acrobat
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
apple: alle
Bonjour
Elf
Exif
Google Toolbar
InterVideo : beide
iTunes
J2SE
Jalbum
Java
Download der kostenlosen Java-Software
downloade java jre, instalieren.

deinstaliere:
Learn2
LetsTrade
Macromedia
Microsoft Silverlight
MySecurityCenter
Picasa
Search-Results

Skype™ :
Kostenlose Internetanrufe mit Skype. Telefone online billig anrufen
instaliere version 5
deinstaliere:
Studie
VideoLAN
VideoLAN - Official page for VLC media player, the Open Source video framework!
version 2 instalieren.

SMART ordner löschen.
hmm wenn jetzt nicht alle ordner unter alle programme da sind, ists zu spät, das einzige was du dann machen kannst, ist über senden an, die programme ans startmenü zu heften.
die temp ordner wo das start menü hin verschoben wurde sind leer.
öffne otl bereinigen neustart.
öffne ccleaner analysieren, ccleaner starten.
pc neustarten testen wie das system läuft

Willie.s 07.04.2012 12:39
Hey Markus,

vielen, vielen Dank für deine Hilfe. Das verdient höchsten Respekt!

Das System läuft wieder.

Lieben Gruß

Willie


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:52 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131