Trojaner-Board - Trojaner: 2048 bit pgp-rsa

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Trojaner: 2048 bit pgp-rsa (https://www.trojaner-board.de/114212-trojaner-2048-bit-pgp-rsa.html)

Trojaner: 2048 bit pgp-rsa

Guten Morgen,

ich habe seit Dienstag 27.04.2012 das Problem, dass ich nicht mehr in den PC von unserem Verein rein komme.

Es wurde eine E-Mail mit einer Zahlungsaufforderung von knapp 96 Euro geöffnet und im Anhang befand sich dann eine Datei, die die Erläuterung sowie ein Widerrufsrecht hergibt.

Diese wurde geöffnet und kurze Zeit später wurde der Bildschirm schwarz und ist nun mit einem weißen Kasten versehen in dem folgendes steht:

Sie haben sich mit einen Windows-Verschlüsselungs-Trojaner infiziert.

Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Das Besuchen von Seiten mit pornografischen und infizierten Inhalten hat dazu geführt, das Ihr System von einem Computerverschlüsselungstrojaner befallen wurde. Dieses Virus verschlüsselt Ihre Festplatte mit einem 2048 Bit PGP-RSA Schlüssel und eine selbstständige Entschlüsselung ist nicht mehr machbar.

Um das System wiederherstellen zu können, müssen Sie ein zusätzliches Sicherheitupdate herunterladen. Diese Update ist ein kostenpflichtiges Upgrade für infizierte Windowssysteme. Kostenpflichtig ist es, weil es nicht zum ursprünglichen Windowspaket gehört und nur dafür entwickelt wurde um Ihnen zu helfen ihre Daten nicht zu verlieren. Bitte schalten Sie den Computer nicht aus, sonst kann es vorkommen das der Virus nicht beseitigt werden kann und Sie ihre Daten komplett verlieren. Dieses Update beschützt ihr System vollständig von Virus und Schadprogrammen stabilisiert ihr Computersystem und verhindert den Datenverlust.

Damit ihr Computer schnellstens entsperrt wird, nutzen Sie bitte die schnelle und diskrete Zahlungsmöglichkeit durch Paysafecard oder Ukash. Diese Karten können Sie an fast jeder Tankstelle oder einem Kiosk in Ihrer Nähe kaufen. Diese Codes gibts auch überall da, wo Sie Handyaufladekarten erwerben können. Sofort nach der Eingabe und der Gültigkeitsprüfung wird das Update auf Ihren Computer automatisch heruntergeladen und installiert. Ihr System wird sofort entschlüsselt und von dem Trojaner befreit.

20 Euro Paysave-Card Code:____________________ Code eingeben

20 Euro Ucash Code: _____________________Code eingeben.

Der PC ist für meinen Verein wichtig, da auf diesem PC die Mitgliederverwaltung ist mit Kontonummern für Bankeinzug.
Betriebssystem Window XP Home
Im Abgesicherten Modus komme ich ins Internet.
Kann den PC auch vom Netz trennen und ein Labtop anschliessen.
Die Mail mit dem der Schwachsinn anfing ist noch vorhanden und kann
bei bedarf gesendet werden.
Bitte helft mir und meinem Verein.
Ich bin ein Leihe am PC

Mit freundlichen Grüßen
fharry

Zitat:

Im Abgesicherten Modus komme ich ins Internet.

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

Hallo Arne,
Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?
Ja der funktioniert noch, und eine Internetverbindung habe ich auch!
wie soll ich jetzt vorgehen?
Gruß
fharry

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo Arne,
habe alles so ausgeführt wie beschrieben

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

Malwarebytes : Free anti-malware, anti-virus and spyware removal download
 

Datenbank Version: v2012.04.28.05
 

Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 6.0.2900.5512

Admin :: TUS [Administrator]
 

Schutz: Deaktiviert
 

28.04.2012 18:32:14

mbam-log-2012-04-28 (18-32-14).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 229049

Laufzeit: 28 Minute(n), 30 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 3

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|D4D1254F (Malware.Gen) -> Daten: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Fqfkz\5E8A4CE7D4D1254FAF0F.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Realtecdriver (Backdoor.Agent) -> Daten: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Realtec\Realtecdriver.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 23

C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Fqfkz\5E8A4CE7D4D1254FAF0F.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\adljdwylgj.pre (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\amyaglndjy.pre (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\ckotbzpupc.pre (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\dgmytozbua.pre (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\fqifqehzof.pre (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\pfrpfhvpyp.pre (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\whrshnfpfs.pre (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\xlrglywdjg.pre (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\ymoymnjdwy.pre (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\zfdpfagshp.pre (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\System Volume Information\_restore{500586B2-90C1-433E-9849-C4156A350C8B}\RP1\A0001006.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\System Volume Information\_restore{500586B2-90C1-433E-9849-C4156A350C8B}\RP2\A0002009.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\System Volume Information\_restore{500586B2-90C1-433E-9849-C4156A350C8B}\RP2\A0003019.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\System Volume Information\_restore{500586B2-90C1-433E-9849-C4156A350C8B}\RP2\A0004025.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\System Volume Information\_restore{500586B2-90C1-433E-9849-C4156A350C8B}\RP2\A0005029.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\System Volume Information\_restore{500586B2-90C1-433E-9849-C4156A350C8B}\RP2\A0006029.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\System Volume Information\_restore{500586B2-90C1-433E-9849-C4156A350C8B}\RP2\A0007034.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\System Volume Information\_restore{500586B2-90C1-433E-9849-C4156A350C8B}\RP2\A0007042.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\System Volume Information\_restore{500586B2-90C1-433E-9849-C4156A350C8B}\RP2\A0008048.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\System Volume Information\_restore{500586B2-90C1-433E-9849-C4156A350C8B}\RP2\A0008055.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\System Volume Information\_restore{500586B2-90C1-433E-9849-C4156A350C8B}\RP2\A0009054.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\WINDOWS\system32\5E6E78B6D4D1254FE193.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=d4398970594ec947b170c04f48292f89

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-28 06:15:09

# local_time=2012-04-28 08:15:09 (+0100, Westeuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=256 16777215 100 0 160093575 160093575 0 0

# compatibility_mode=1797 16775146 100 93 349641 72170935 341873 0

# compatibility_mode=8192 67108863 100 0 457 457 0 0

# scanned=48830

# found=0

# cleaned=0

# scan_time=2569

Ich hoffe es ist richtig so!
das was er in Quarantäne gestellt hat habe ich auch gelöscht!
Gruß
fharry

Hier vielleicht noch eine Hilfe:
www.youtube.com/watch?v=Z1irybtZy4M

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Hallo Arne,
zu Frage 1: der normale Modus geht wieder uneingeschrängt
zu Frage 2: so wie es aussieht ist alles vorhanden aber verschlüsselt
Gruß
Harry

Wie man die Dateien entschlüsselt dazu gibt es hier Hinweise genug

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo Arne,
hier der Extras.Txt-Editor
OTL Logfile:

Code:

OTL Extras logfile created on: 02.05.2012 18:45:33 - Run 1

OTL by OldTimer - Version 3.2.42.2     Folder = C:\Dokumente und Einstellungen\Admin\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

478,95 Mb Total Physical Memory | 286,57 Mb Available Physical Memory | 59,83% Memory free

1,10 Gb Paging File | 0,63 Gb Available in Paging File | 57,49% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 9,77 Gb Total Space | 1,12 Gb Free Space | 11,51% Space Free | Partition Type: NTFS

Drive D: | 27,50 Gb Total Space | 25,72 Gb Free Space | 93,53% Space Free | Partition Type: NTFS

Drive E: | 3,00 Gb Total Space | 2,96 Gb Free Space | 98,74% Space Free | Partition Type: FAT32

 

Computer Name: TUS | User Name: Admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

 

[HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DoNotAllowExceptions" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch

"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008

"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007

"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver

"{E659E0EE-10E6-49B7-8696-60F38D0EB174}" = Sunbelt Kerio Personal Firewall

"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"ElsterFormular 11.3.0.4235" = ElsterFormular

"ESET Online Scanner" = ESET Online Scanner v3

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)

"OnlineControl_is1" = OnlineControl 1.1

"Profi cash" = Profi cash

"PTBSync" = PTBSync (Atomuhr Synchronisation & Terminkalender)

"SiS VGA Driver" = SiS VGA Utilities

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4

"sv.net" = sv.net

"TDSLSM" = T-DSL SpeedManager

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"Windows XP Service Pack" = Windows XP Service Pack 3

"YTdetect" = Yahoo! Detect

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 26.04.2012 18:29:05 | Computer Name = TUS | Source = PerfNet | ID = 2006

Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.

Es

 werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene Fehlercode

 ist DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information ist DWORD 2.

 

Error - 28.04.2012 12:25:28 | Computer Name = TUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung

 zurückgegeben.  .

 

Error - 28.04.2012 12:25:28 | Computer Name = TUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten

 Vorgang nicht ausführen.  .

 

Error - 28.04.2012 12:25:29 | Computer Name = TUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten

 Vorgang nicht ausführen.  .

 

Error - 28.04.2012 12:25:29 | Computer Name = TUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten

 Vorgang nicht ausführen.  .

 

Error - 28.04.2012 12:25:29 | Computer Name = TUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten

 Vorgang nicht ausführen.  .

 

Error - 28.04.2012 12:25:29 | Computer Name = TUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten

 Vorgang nicht ausführen.  .

 

Error - 28.04.2012 13:24:47 | Computer Name = TUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung

 zurückgegeben.  .

 

Error - 28.04.2012 13:24:47 | Computer Name = TUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten

 Vorgang nicht ausführen.  .

 

Error - 02.05.2012 12:37:32 | Computer Name = TUS | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 6.0.2900.5512, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ System Events ]

Error - 01.05.2012 06:40:30 | Computer Name = TUS | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "TSMService"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {D8081313-4CEA-43B4-B5A4-074F184A53B4}

 

Error - 01.05.2012 06:40:32 | Computer Name = TUS | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst TSMService.

 

Error - 01.05.2012 06:40:32 | Computer Name = TUS | Source = Service Control Manager | ID = 7000

Description = Der Dienst "TSMService" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1053

 

Error - 01.05.2012 06:24:35 | Computer Name = TUS | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%2

 

Error - 01.05.2012 06:26:36 | Computer Name = TUS | Source = Service Control Manager | ID = 7022

Description = Der Dienst "Avira AntiVir Guard" wurde nicht ordnungsgemäß gestartet.

 

Error - 01.05.2012 06:30:09 | Computer Name = TUS | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%2

 

Error - 01.05.2012 06:32:05 | Computer Name = TUS | Source = Service Control Manager | ID = 7022

Description = Der Dienst "Avira AntiVir Guard" wurde nicht ordnungsgemäß gestartet.

 

Error - 01.05.2012 06:32:36 | Computer Name = TUS | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.

 

Error - 01.05.2012 06:32:36 | Computer Name = TUS | Source = Service Control Manager | ID = 7000

Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1053

 

Error - 02.05.2012 12:29:22 | Computer Name = TUS | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%2

 

 

< End of report >

--- --- ---

und hier der OTL.Txt-Editor

OTL Logfile:

Code:

OTL logfile created on: 02.05.2012 18:45:33 - Run 1

OTL by OldTimer - Version 3.2.42.2     Folder = C:\Dokumente und Einstellungen\Admin\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

478,95 Mb Total Physical Memory | 286,57 Mb Available Physical Memory | 59,83% Memory free

1,10 Gb Paging File | 0,63 Gb Available in Paging File | 57,49% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 9,77 Gb Total Space | 1,12 Gb Free Space | 11,51% Space Free | Partition Type: NTFS

Drive D: | 27,50 Gb Total Space | 25,72 Gb Free Space | 93,53% Space Free | Partition Type: NTFS

Drive E: | 3,00 Gb Total Space | 2,96 Gb Free Space | 98,74% Space Free | Partition Type: FAT32

 

Computer Name: TUS | User Name: Admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.05.02 18:40:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe

PRC - [2012.04.09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2011.07.01 18:39:53 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.05.06 13:02:28 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2010.11.07 14:34:27 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2010.01.14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.07.18 12:02:58 | 001,205,784 | ---- | M] (Sunbelt Software) -- C:\Programme\Sunbelt Software\Personal Firewall\kpf4ss.exe

PRC - [2006.07.18 12:02:56 | 001,955,352 | ---- | M] (Sunbelt Software) -- C:\Programme\Sunbelt Software\Personal Firewall\kpf4gui.exe

PRC - [2005.06.20 22:42:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2005.05.17 17:42:32 | 000,933,888 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\ControlCenter2\brctrcen.exe

PRC - [2004.07.19 10:56:12 | 000,094,208 | ---- | M] (T-Com Bereich Endgeräte) -- C:\Programme\OnlineControl\ocontrol.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.01.28 13:57:58 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2006.03.27 12:25:04 | 000,470,016 | ---- | M] () -- C:\Programme\Sunbelt Software\Personal Firewall\PocoXML.dll

MOD - [2006.03.27 12:24:54 | 000,859,648 | ---- | M] () -- C:\Programme\Sunbelt Software\Personal Firewall\PocoFoundation.dll

MOD - [2006.03.27 12:24:50 | 000,018,432 | ---- | M] () -- C:\Programme\Sunbelt Software\Personal Firewall\PocoExt.dll

MOD - [2006.02.14 15:36:10 | 000,155,648 | ---- | M] () -- C:\Programme\Sunbelt Software\Personal Firewall\ssleay32.dll

MOD - [2006.02.14 15:35:54 | 000,827,392 | ---- | M] () -- C:\Programme\Sunbelt Software\Personal Firewall\libeay32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.07.01 18:39:53 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.05.06 13:02:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2006.07.18 12:02:58 | 001,205,784 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Programme\Sunbelt Software\Personal Firewall\kpf4ss.exe -- (KPF4)

SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2004.07.14 16:00:44 | 000,147,456 | ---- | M] (T-Systems Nova, Berkom) [On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\TSMSvc.exe -- (TSMService)

SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2012.04.28 19:14:21 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.07.01 18:39:59 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.07.01 18:39:59 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2006.11.15 18:58:12 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)

DRV - [2006.11.15 18:57:38 | 000,003,567 | ---- | M] (Beyond Logic hxxp://www.beyondlogic.org) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ptbtalk.sys -- (PortTalk)

DRV - [2006.07.18 12:02:52 | 000,091,672 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\khips.sys -- (khips)

DRV - [2006.07.18 12:02:50 | 000,284,184 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv)

DRV - [2005.09.03 18:49:28 | 000,261,632 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2005.08.25 21:23:28 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2005.06.20 23:08:44 | 002,324,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)

DRV - [2004.03.11 17:44:26 | 000,009,696 | ---- | M] (T-Systems Nova GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\TNPACKET.SYS -- (TNPacket)

DRV - [2002.10.28 10:23:38 | 000,038,528 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)

DRV - [2000.10.15 18:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\PCANDIS5.SYS -- (PCANDIS5)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ333SSDE&apn_uid=C167207F-7FE3-4740-B67E-FB9003DD305D&apn_sauid=9BBE898A-A3A7-4211-AC9A-5E712421B07A

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.2.1:8081

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.23 00:21:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2011.08.09 22:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions

[2012.04.28 18:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\iyyti28e.default\extensions

[2012.02.25 01:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.03.23 00:21:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.02.17 23:24:43 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.17 23:24:43 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.02.17 23:24:43 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.17 23:24:43 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.17 23:24:43 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.17 23:24:43 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.

O3 - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O3 - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)

O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe (T-Com Bereich Endgeräte)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Zahlungserinnerung.lnk = C:\Programme\Profi cash\wzed.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11D95A6E-37CF-48BD-9ACA-265DE655EB37}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.01.10 16:05:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [1997.01.01 00:24:22 | 000,000,156 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]

O33 - MountPoints2\{50201a4e-5301-11e0-b880-003005ba760f}\Shell - "" = AutoRun

O33 - MountPoints2\{50201a4e-5301-11e0-b880-003005ba760f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{50201a4e-5301-11e0-b880-003005ba760f}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O33 - MountPoints2\{91576401-ce2c-11de-b7fa-003005ba760f}\Shell - "" = AutoRun

O33 - MountPoints2\{91576401-ce2c-11de-b7fa-003005ba760f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{91576401-ce2c-11de-b7fa-003005ba760f}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: 6to4 -  File not found

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)

MsConfig - StartUpReg: PTBSync - hkey= - key= - C:\Programme\PTBSync\PTBSync.exe (ElmüSoft)

MsConfig - StartUpReg: T-DSL SpeedMgr - hkey= - key= - C:\Programme\T-DSL SpeedManager\SpeedMgr.exe (T-Systems Nova, Berkom)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket

ActiveX: {3B06E2DD-0DB6-1908-A811-5804CA93F175} - DirectAnimation

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()

 

CREATERESTOREPOINT

Unable to start System Restore Service. Error code 1056

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.02 18:39:56 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe

[2012.04.28 19:24:50 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.04.28 19:14:21 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012.04.28 18:29:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes

[2012.04.28 18:29:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.04.28 18:29:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.04.28 18:29:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.04.28 18:29:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.04.25 11:22:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

[2012.04.25 11:22:05 | 003,897,504 | ---- | C] (AVG Technologies) -- C:\Dokumente und Einstellungen\Admin\Desktop\avg_avct_stb_all_2012_1796_cm10.exe

[2012.04.25 10:59:51 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2012.04.25 10:59:51 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[2012.04.24 21:38:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Fqfkz

[2012.04.24 21:37:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Realtec

[2012.04.17 20:50:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in

[2012.04.17 20:50:46 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft

[2012.04.08 13:00:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\GS-Büro 32

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.02 19:03:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2012.05.02 18:46:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.05.02 18:40:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe

[2012.05.02 18:30:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.05.02 18:30:46 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.05.02 18:28:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.05.01 12:52:58 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET

[2012.04.28 19:14:21 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012.04.28 18:29:48 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.25 11:22:10 | 003,897,504 | ---- | M] (AVG Technologies) -- C:\Dokumente und Einstellungen\Admin\Desktop\avg_avct_stb_all_2012_1796_cm10.exe

[2012.04.24 21:46:39 | 000,013,030 | ---- | M] () -- C:\locked-PDOXUSRS.NET.anau

[2012.04.24 21:46:06 | 000,000,305 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\locked-addr_file.html.tmyi

[2012.04.24 21:45:45 | 000,015,882 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\locked-ust10-12.08.pfup

[2012.04.24 21:44:12 | 000,018,435 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\locked-lst2009.08.fqck

[2012.04.24 21:44:12 | 000,012,775 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\locked-evprint.pdf.xnau

[2012.04.24 21:44:04 | 000,000,134 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-tus04hoerdt - Home.url.rsjd

[2012.04.24 21:44:02 | 000,000,146 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-Oracle Web Access starten.url.qlmy

[2012.04.24 21:43:32 | 000,000,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-Ergebnisse 1. Spieltag 2.Kreisklassen Kreis Südpfalz (2. Kreisklasse Mitte, Herren) - Spieljahr 11-12 Südwest bei FUSSBALL.DE.url.awdj

[2012.04.24 21:43:32 | 000,000,282 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-FAQ**DFBnet.url.irag

[2012.04.24 21:43:31 | 000,000,679 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-Ergebnisse 1. Spieltag 1.Kreisklassen Kreis Südpfalz (1.Kreisklasse Südpfalz Mitte, Herren) - Spieljahr 11-12 Südwest bei FUSSBALL.DE.url.fjln

[2012.04.24 21:43:31 | 000,000,261 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-Ergebnismeldung.url.eypu

[2012.04.24 21:43:30 | 000,000,273 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-DFBnet SpielPLUS.url.utyw

[2012.04.24 21:43:30 | 000,000,271 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-DFBnet - Das Servicenetz des deutschen Fußballs.url.jxnk

[2012.04.24 21:43:30 | 000,000,237 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-DFBnet Meldebogen.url.reln

[2012.04.24 21:43:17 | 000,000,085 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\locked-coala.config.nyva

[2012.04.23 22:46:46 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh325

[2012.04.23 22:46:36 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh324

[2012.04.23 22:46:26 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323

[2012.04.23 22:46:18 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322

[2012.04.23 22:46:10 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321

[2012.04.23 22:45:06 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320

[2012.04.13 00:06:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.05.01 12:51:53 | 000,013,030 | ---- | C] () -- C:\PDOXUSRS.NET

[2012.04.28 18:29:48 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.24 21:41:03 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325

[2012.04.24 21:41:03 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324

[2012.04.24 21:41:03 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323

[2012.04.24 21:41:02 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322

[2012.04.24 21:41:02 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321

[2012.04.24 21:41:02 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320

[2012.02.15 21:45:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.08.09 22:11:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

 
 ========== LOP Check ==========

 

[2007.08.09 19:09:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\AVG7

[2010.04.14 18:44:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\elsterformular

[2012.04.28 19:03:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Fqfkz

[2006.10.18 17:18:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\T-DSL SpeedManager

[2006.11.08 17:41:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\T-Online

[2011.08.05 12:51:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask

[2007.08.09 19:06:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avg7

[2012.04.25 10:59:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[2010.04.11 11:58:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular

[2012.04.25 11:26:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

[2007.08.06 10:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft

[2012.04.24 21:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager

[2006.11.08 17:41:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online

[2012.04.25 10:59:51 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2012.05.02 19:03:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2007.08.06 09:47:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Adobe

[2012.04.24 21:42:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\AdobeUM

[2007.08.09 19:09:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\AVG7

[2010.09.23 16:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Avira

[2007.08.06 10:49:07 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Brother

[2010.04.14 18:44:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\elsterformular

[2012.04.28 19:03:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Fqfkz

[2007.07.27 19:37:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Google

[2006.11.15 19:02:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Help

[2006.01.10 16:10:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Identities

[2006.11.08 17:38:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia

[2012.04.28 18:29:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes

[2011.06.02 17:41:03 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft

[2011.08.09 22:11:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla

[2012.04.28 18:19:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Realtec

[2007.04.10 19:30:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sun

[2012.04.24 21:43:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Symantec

[2006.10.18 17:18:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\T-DSL SpeedManager

[2006.11.08 17:41:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\T-Online

[2011.03.20 16:52:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\U3

 
 < %APPDATA%\*.exe /s >

[2006.12.14 11:00:02 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\U3\temp\cleanup.exe

[2007.02.12 18:46:54 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\U3\temp\Launchpad Removal.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008.10.12 15:09:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008.10.12 15:09:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008.10.12 15:09:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008.10.12 15:09:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll

[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2006.01.10 16:53:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2006.01.10 16:53:35 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2006.01.10 16:53:35 | 000,409,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 

< End of report >

--- --- ---

Hallo Arne,
hier der Extras.Txt-Editor
OTL Logfile:

Code:

OTL Extras logfile created on: 02.05.2012 18:45:33 - Run 1

OTL by OldTimer - Version 3.2.42.2     Folder = C:\Dokumente und Einstellungen\Admin\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

478,95 Mb Total Physical Memory | 286,57 Mb Available Physical Memory | 59,83% Memory free

1,10 Gb Paging File | 0,63 Gb Available in Paging File | 57,49% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 9,77 Gb Total Space | 1,12 Gb Free Space | 11,51% Space Free | Partition Type: NTFS

Drive D: | 27,50 Gb Total Space | 25,72 Gb Free Space | 93,53% Space Free | Partition Type: NTFS

Drive E: | 3,00 Gb Total Space | 2,96 Gb Free Space | 98,74% Space Free | Partition Type: FAT32

 

Computer Name: TUS | User Name: Admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

 

[HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DoNotAllowExceptions" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch

"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008

"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007

"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver

"{E659E0EE-10E6-49B7-8696-60F38D0EB174}" = Sunbelt Kerio Personal Firewall

"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"ElsterFormular 11.3.0.4235" = ElsterFormular

"ESET Online Scanner" = ESET Online Scanner v3

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)

"OnlineControl_is1" = OnlineControl 1.1

"Profi cash" = Profi cash

"PTBSync" = PTBSync (Atomuhr Synchronisation & Terminkalender)

"SiS VGA Driver" = SiS VGA Utilities

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4

"sv.net" = sv.net

"TDSLSM" = T-DSL SpeedManager

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"Windows XP Service Pack" = Windows XP Service Pack 3

"YTdetect" = Yahoo! Detect

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 26.04.2012 18:29:05 | Computer Name = TUS | Source = PerfNet | ID = 2006

Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.

Es

 werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene Fehlercode

 ist DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information ist DWORD 2.

 

Error - 28.04.2012 12:25:28 | Computer Name = TUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung

 zurückgegeben.  .

 

Error - 28.04.2012 12:25:28 | Computer Name = TUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten

 Vorgang nicht ausführen.  .

 

Error - 28.04.2012 12:25:29 | Computer Name = TUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten

 Vorgang nicht ausführen.  .

 

Error - 28.04.2012 12:25:29 | Computer Name = TUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten

 Vorgang nicht ausführen.  .

 

Error - 28.04.2012 12:25:29 | Computer Name = TUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten

 Vorgang nicht ausführen.  .

 

Error - 28.04.2012 12:25:29 | Computer Name = TUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten

 Vorgang nicht ausführen.  .

 

Error - 28.04.2012 13:24:47 | Computer Name = TUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung

 zurückgegeben.  .

 

Error - 28.04.2012 13:24:47 | Computer Name = TUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten

 Vorgang nicht ausführen.  .

 

Error - 02.05.2012 12:37:32 | Computer Name = TUS | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 6.0.2900.5512, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ System Events ]

Error - 01.05.2012 06:40:30 | Computer Name = TUS | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "TSMService"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {D8081313-4CEA-43B4-B5A4-074F184A53B4}

 

Error - 01.05.2012 06:40:32 | Computer Name = TUS | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst TSMService.

 

Error - 01.05.2012 06:40:32 | Computer Name = TUS | Source = Service Control Manager | ID = 7000

Description = Der Dienst "TSMService" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1053

 

Error - 01.05.2012 06:24:35 | Computer Name = TUS | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%2

 

Error - 01.05.2012 06:26:36 | Computer Name = TUS | Source = Service Control Manager | ID = 7022

Description = Der Dienst "Avira AntiVir Guard" wurde nicht ordnungsgemäß gestartet.

 

Error - 01.05.2012 06:30:09 | Computer Name = TUS | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%2

 

Error - 01.05.2012 06:32:05 | Computer Name = TUS | Source = Service Control Manager | ID = 7022

Description = Der Dienst "Avira AntiVir Guard" wurde nicht ordnungsgemäß gestartet.

 

Error - 01.05.2012 06:32:36 | Computer Name = TUS | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.

 

Error - 01.05.2012 06:32:36 | Computer Name = TUS | Source = Service Control Manager | ID = 7000

Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1053

 

Error - 02.05.2012 12:29:22 | Computer Name = TUS | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%2

 

 

< End of report >

--- --- ---

und hier der OTL.Txt-Editor

OTL Logfile:

Code:

OTL logfile created on: 02.05.2012 18:45:33 - Run 1

OTL by OldTimer - Version 3.2.42.2     Folder = C:\Dokumente und Einstellungen\Admin\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

478,95 Mb Total Physical Memory | 286,57 Mb Available Physical Memory | 59,83% Memory free

1,10 Gb Paging File | 0,63 Gb Available in Paging File | 57,49% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 9,77 Gb Total Space | 1,12 Gb Free Space | 11,51% Space Free | Partition Type: NTFS

Drive D: | 27,50 Gb Total Space | 25,72 Gb Free Space | 93,53% Space Free | Partition Type: NTFS

Drive E: | 3,00 Gb Total Space | 2,96 Gb Free Space | 98,74% Space Free | Partition Type: FAT32

 

Computer Name: TUS | User Name: Admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.05.02 18:40:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe

PRC - [2012.04.09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2011.07.01 18:39:53 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.05.06 13:02:28 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2010.11.07 14:34:27 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2010.01.14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.07.18 12:02:58 | 001,205,784 | ---- | M] (Sunbelt Software) -- C:\Programme\Sunbelt Software\Personal Firewall\kpf4ss.exe

PRC - [2006.07.18 12:02:56 | 001,955,352 | ---- | M] (Sunbelt Software) -- C:\Programme\Sunbelt Software\Personal Firewall\kpf4gui.exe

PRC - [2005.06.20 22:42:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2005.05.17 17:42:32 | 000,933,888 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\ControlCenter2\brctrcen.exe

PRC - [2004.07.19 10:56:12 | 000,094,208 | ---- | M] (T-Com Bereich Endgeräte) -- C:\Programme\OnlineControl\ocontrol.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.01.28 13:57:58 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2006.03.27 12:25:04 | 000,470,016 | ---- | M] () -- C:\Programme\Sunbelt Software\Personal Firewall\PocoXML.dll

MOD - [2006.03.27 12:24:54 | 000,859,648 | ---- | M] () -- C:\Programme\Sunbelt Software\Personal Firewall\PocoFoundation.dll

MOD - [2006.03.27 12:24:50 | 000,018,432 | ---- | M] () -- C:\Programme\Sunbelt Software\Personal Firewall\PocoExt.dll

MOD - [2006.02.14 15:36:10 | 000,155,648 | ---- | M] () -- C:\Programme\Sunbelt Software\Personal Firewall\ssleay32.dll

MOD - [2006.02.14 15:35:54 | 000,827,392 | ---- | M] () -- C:\Programme\Sunbelt Software\Personal Firewall\libeay32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.07.01 18:39:53 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.05.06 13:02:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2006.07.18 12:02:58 | 001,205,784 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Programme\Sunbelt Software\Personal Firewall\kpf4ss.exe -- (KPF4)

SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2004.07.14 16:00:44 | 000,147,456 | ---- | M] (T-Systems Nova, Berkom) [On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\TSMSvc.exe -- (TSMService)

SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2012.04.28 19:14:21 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.07.01 18:39:59 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.07.01 18:39:59 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2006.11.15 18:58:12 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)

DRV - [2006.11.15 18:57:38 | 000,003,567 | ---- | M] (Beyond Logic hxxp://www.beyondlogic.org) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ptbtalk.sys -- (PortTalk)

DRV - [2006.07.18 12:02:52 | 000,091,672 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\khips.sys -- (khips)

DRV - [2006.07.18 12:02:50 | 000,284,184 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv)

DRV - [2005.09.03 18:49:28 | 000,261,632 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2005.08.25 21:23:28 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2005.06.20 23:08:44 | 002,324,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)

DRV - [2004.03.11 17:44:26 | 000,009,696 | ---- | M] (T-Systems Nova GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\TNPACKET.SYS -- (TNPacket)

DRV - [2002.10.28 10:23:38 | 000,038,528 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)

DRV - [2000.10.15 18:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\PCANDIS5.SYS -- (PCANDIS5)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ333SSDE&apn_uid=C167207F-7FE3-4740-B67E-FB9003DD305D&apn_sauid=9BBE898A-A3A7-4211-AC9A-5E712421B07A

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.2.1:8081

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.23 00:21:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2011.08.09 22:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions

[2012.04.28 18:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\iyyti28e.default\extensions

[2012.02.25 01:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.03.23 00:21:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.02.17 23:24:43 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.17 23:24:43 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.02.17 23:24:43 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.17 23:24:43 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.17 23:24:43 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.17 23:24:43 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.

O3 - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O3 - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)

O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe (T-Com Bereich Endgeräte)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Zahlungserinnerung.lnk = C:\Programme\Profi cash\wzed.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11D95A6E-37CF-48BD-9ACA-265DE655EB37}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.01.10 16:05:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [1997.01.01 00:24:22 | 000,000,156 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]

O33 - MountPoints2\{50201a4e-5301-11e0-b880-003005ba760f}\Shell - "" = AutoRun

O33 - MountPoints2\{50201a4e-5301-11e0-b880-003005ba760f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{50201a4e-5301-11e0-b880-003005ba760f}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O33 - MountPoints2\{91576401-ce2c-11de-b7fa-003005ba760f}\Shell - "" = AutoRun

O33 - MountPoints2\{91576401-ce2c-11de-b7fa-003005ba760f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{91576401-ce2c-11de-b7fa-003005ba760f}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: 6to4 -  File not found

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)

MsConfig - StartUpReg: PTBSync - hkey= - key= - C:\Programme\PTBSync\PTBSync.exe (ElmüSoft)

MsConfig - StartUpReg: T-DSL SpeedMgr - hkey= - key= - C:\Programme\T-DSL SpeedManager\SpeedMgr.exe (T-Systems Nova, Berkom)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket

ActiveX: {3B06E2DD-0DB6-1908-A811-5804CA93F175} - DirectAnimation

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()

 

CREATERESTOREPOINT

Unable to start System Restore Service. Error code 1056

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.02 18:39:56 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe

[2012.04.28 19:24:50 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.04.28 19:14:21 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012.04.28 18:29:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes

[2012.04.28 18:29:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.04.28 18:29:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.04.28 18:29:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.04.28 18:29:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.04.25 11:22:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

[2012.04.25 11:22:05 | 003,897,504 | ---- | C] (AVG Technologies) -- C:\Dokumente und Einstellungen\Admin\Desktop\avg_avct_stb_all_2012_1796_cm10.exe

[2012.04.25 10:59:51 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2012.04.25 10:59:51 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[2012.04.24 21:38:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Fqfkz

[2012.04.24 21:37:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Realtec

[2012.04.17 20:50:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in

[2012.04.17 20:50:46 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft

[2012.04.08 13:00:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\GS-Büro 32

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.02 19:03:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2012.05.02 18:46:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.05.02 18:40:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe

[2012.05.02 18:30:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.05.02 18:30:46 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.05.02 18:28:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.05.01 12:52:58 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET

[2012.04.28 19:14:21 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012.04.28 18:29:48 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.25 11:22:10 | 003,897,504 | ---- | M] (AVG Technologies) -- C:\Dokumente und Einstellungen\Admin\Desktop\avg_avct_stb_all_2012_1796_cm10.exe

[2012.04.24 21:46:39 | 000,013,030 | ---- | M] () -- C:\locked-PDOXUSRS.NET.anau

[2012.04.24 21:46:06 | 000,000,305 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\locked-addr_file.html.tmyi

[2012.04.24 21:45:45 | 000,015,882 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\locked-ust10-12.08.pfup

[2012.04.24 21:44:12 | 000,018,435 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\locked-lst2009.08.fqck

[2012.04.24 21:44:12 | 000,012,775 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\locked-evprint.pdf.xnau

[2012.04.24 21:44:04 | 000,000,134 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-tus04hoerdt - Home.url.rsjd

[2012.04.24 21:44:02 | 000,000,146 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-Oracle Web Access starten.url.qlmy

[2012.04.24 21:43:32 | 000,000,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-Ergebnisse 1. Spieltag 2.Kreisklassen Kreis Südpfalz (2. Kreisklasse Mitte, Herren) - Spieljahr 11-12 Südwest bei FUSSBALL.DE.url.awdj

[2012.04.24 21:43:32 | 000,000,282 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-FAQ**DFBnet.url.irag

[2012.04.24 21:43:31 | 000,000,679 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-Ergebnisse 1. Spieltag 1.Kreisklassen Kreis Südpfalz (1.Kreisklasse Südpfalz Mitte, Herren) - Spieljahr 11-12 Südwest bei FUSSBALL.DE.url.fjln

[2012.04.24 21:43:31 | 000,000,261 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-Ergebnismeldung.url.eypu

[2012.04.24 21:43:30 | 000,000,273 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-DFBnet SpielPLUS.url.utyw

[2012.04.24 21:43:30 | 000,000,271 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-DFBnet - Das Servicenetz des deutschen Fußballs.url.jxnk

[2012.04.24 21:43:30 | 000,000,237 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\locked-DFBnet Meldebogen.url.reln

[2012.04.24 21:43:17 | 000,000,085 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\locked-coala.config.nyva

[2012.04.23 22:46:46 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh325

[2012.04.23 22:46:36 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh324

[2012.04.23 22:46:26 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323

[2012.04.23 22:46:18 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322

[2012.04.23 22:46:10 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321

[2012.04.23 22:45:06 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320

[2012.04.13 00:06:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.05.01 12:51:53 | 000,013,030 | ---- | C] () -- C:\PDOXUSRS.NET

[2012.04.28 18:29:48 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.24 21:41:03 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325

[2012.04.24 21:41:03 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324

[2012.04.24 21:41:03 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323

[2012.04.24 21:41:02 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322

[2012.04.24 21:41:02 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321

[2012.04.24 21:41:02 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320

[2012.02.15 21:45:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.08.09 22:11:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

 
 ========== LOP Check ==========

 

[2007.08.09 19:09:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\AVG7

[2010.04.14 18:44:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\elsterformular

[2012.04.28 19:03:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Fqfkz

[2006.10.18 17:18:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\T-DSL SpeedManager

[2006.11.08 17:41:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\T-Online

[2011.08.05 12:51:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask

[2007.08.09 19:06:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avg7

[2012.04.25 10:59:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[2010.04.11 11:58:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular

[2012.04.25 11:26:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

[2007.08.06 10:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft

[2012.04.24 21:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager

[2006.11.08 17:41:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online

[2012.04.25 10:59:51 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2012.05.02 19:03:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2007.08.06 09:47:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Adobe

[2012.04.24 21:42:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\AdobeUM

[2007.08.09 19:09:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\AVG7

[2010.09.23 16:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Avira

[2007.08.06 10:49:07 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Brother

[2010.04.14 18:44:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\elsterformular

[2012.04.28 19:03:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Fqfkz

[2007.07.27 19:37:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Google

[2006.11.15 19:02:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Help

[2006.01.10 16:10:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Identities

[2006.11.08 17:38:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia

[2012.04.28 18:29:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes

[2011.06.02 17:41:03 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft

[2011.08.09 22:11:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla

[2012.04.28 18:19:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Realtec

[2007.04.10 19:30:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sun

[2012.04.24 21:43:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Symantec

[2006.10.18 17:18:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\T-DSL SpeedManager

[2006.11.08 17:41:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\T-Online

[2011.03.20 16:52:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\U3

 
 < %APPDATA%\*.exe /s >

[2006.12.14 11:00:02 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\U3\temp\cleanup.exe

[2007.02.12 18:46:54 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\U3\temp\Launchpad Removal.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008.10.12 15:09:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008.10.12 15:09:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008.10.12 15:09:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008.10.12 15:09:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll

[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2006.01.10 16:53:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2006.01.10 16:53:35 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2006.01.10 16:53:35 | 000,409,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 

< End of report >

--- --- ---

Gruß
Harry

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ333SSDE&apn_uid=C167207F-7FE3-4740-B67E-FB9003DD305D&apn_sauid=9BBE898A-A3A7-4211-AC9A-5E712421B07A

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.2.1:8081

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.

O3 - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O3 - HKU\S-1-5-21-1229272821-1364589140-725345543-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.01.10 16:05:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [1997.01.01 00:24:22 | 000,000,156 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]

O33 - MountPoints2\{50201a4e-5301-11e0-b880-003005ba760f}\Shell - "" = AutoRun

O33 - MountPoints2\{50201a4e-5301-11e0-b880-003005ba760f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{50201a4e-5301-11e0-b880-003005ba760f}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O33 - MountPoints2\{91576401-ce2c-11de-b7fa-003005ba760f}\Shell - "" = AutoRun

O33 - MountPoints2\{91576401-ce2c-11de-b7fa-003005ba760f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{91576401-ce2c-11de-b7fa-003005ba760f}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

[2012.04.23 22:46:46 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh325

[2012.04.23 22:46:36 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh324

[2012.04.23 22:46:26 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323

[2012.04.23 22:46:18 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322

[2012.04.23 22:46:10 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321

[2012.04.23 22:45:06 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320

[2012.04.28 19:03:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Fqfkz

[2011.08.05 12:51:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask

:Files

C:\Programme\Ask.com

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo Arne,
ich habe den Text in das Feld Benutzerdefinierte Scans/Fixes
kopiert und auf Fix geklickt aber es ist nichts passiert.
OTL hat dann ganz unten folgenden Text angezeigt
Killing prosses. DO NOT INTERRUPT

was soll ich tun?

Gruß
Harry

Hallo Arne,
ich habe den Text in das feld Benutzerdefinierte Scans/Fixes
kopiert und auf den Button Fix geklickt und nichts ist passiert!
OTL hat ganz unten folgenden Text angezeigt
Killing processes. DO NOT INTERRUPT
was soll ich tun?
Gruß
Harry

Hallo Arne,
ich habe den Text in das feld Benutzerdefinierte Scans/Fixes
kopiert und auf den Button Fix geklickt und nichts ist passiert!
OTL hat ganz unten folgenden Text angezeigt
Killing processes. DO NOT INTERRUPT
was soll ich tun?
Gruß
Harry

Wiederhol den Fix im abgesicherten Modus bitte

Hallo Arne,
hier die gefixten Einträge im Abgesicherten Modus

Code:

 All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.

C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.

HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.

HKU\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.

Registry value HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.

Registry value HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.

Registry value HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.

C:\Programme\Ask.com\Updater\Updater.exe moved successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\AUTOEXEC.BAT moved successfully.

E:\AUTOEXEC.BAT moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50201a4e-5301-11e0-b880-003005ba760f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50201a4e-5301-11e0-b880-003005ba760f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50201a4e-5301-11e0-b880-003005ba760f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50201a4e-5301-11e0-b880-003005ba760f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50201a4e-5301-11e0-b880-003005ba760f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50201a4e-5301-11e0-b880-003005ba760f}\ not found.

File I:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91576401-ce2c-11de-b7fa-003005ba760f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91576401-ce2c-11de-b7fa-003005ba760f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91576401-ce2c-11de-b7fa-003005ba760f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91576401-ce2c-11de-b7fa-003005ba760f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91576401-ce2c-11de-b7fa-003005ba760f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91576401-ce2c-11de-b7fa-003005ba760f}\ not found.

File I:\LaunchU3.exe -a not found.

C:\WINDOWS\system32\winsh325 moved successfully.

C:\WINDOWS\system32\winsh324 moved successfully.

C:\WINDOWS\system32\winsh323 moved successfully.

C:\WINDOWS\system32\winsh322 moved successfully.

C:\WINDOWS\system32\winsh321 moved successfully.

C:\WINDOWS\system32\winsh320 moved successfully.

C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Fqfkz folder moved successfully.

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask\APN-Stub folder moved successfully.

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask folder moved successfully.

========== FILES ==========

C:\Programme\Ask.com\Updater folder moved successfully.

C:\Programme\Ask.com\assets\oobe folder moved successfully.

C:\Programme\Ask.com\assets folder moved successfully.

C:\Programme\Ask.com folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Admin

->Temp folder emptied: 73775300 bytes

->Temporary Internet Files folder emptied: 10267314 bytes

->Java cache emptied: 54964366 bytes

->FireFox cache emptied: 57715300 bytes

->Flash cache emptied: 29114 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 276038 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 148243621 bytes

%systemroot% .tmp files removed: 2134333 bytes

%systemroot%\System32 .tmp files removed: 667527 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 72106738 bytes

RecycleBin emptied: 170795261 bytes

 

Total Files Cleaned = 564,00 mb

 

 

[EMPTYFLASH]

 

User: Admin

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

Total Flash Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.42.2 log created on 05032012_191511
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

und hier im normal Betrieb

Code:

 All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.

HKU\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.

Registry value HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.

Registry value HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.

Registry value HKEY_USERS\S-1-5-21-1229272821-1364589140-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.

File C:\Programme\Ask.com\Updater\Updater.exe not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File C:\AUTOEXEC.BAT not found.

File E:\AUTOEXEC.BAT not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50201a4e-5301-11e0-b880-003005ba760f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50201a4e-5301-11e0-b880-003005ba760f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50201a4e-5301-11e0-b880-003005ba760f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50201a4e-5301-11e0-b880-003005ba760f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50201a4e-5301-11e0-b880-003005ba760f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50201a4e-5301-11e0-b880-003005ba760f}\ not found.

File I:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91576401-ce2c-11de-b7fa-003005ba760f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91576401-ce2c-11de-b7fa-003005ba760f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91576401-ce2c-11de-b7fa-003005ba760f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91576401-ce2c-11de-b7fa-003005ba760f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91576401-ce2c-11de-b7fa-003005ba760f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91576401-ce2c-11de-b7fa-003005ba760f}\ not found.

File I:\LaunchU3.exe -a not found.

File C:\WINDOWS\System32\winsh325 not found.

File C:\WINDOWS\System32\winsh324 not found.

File C:\WINDOWS\System32\winsh323 not found.

File C:\WINDOWS\System32\winsh322 not found.

File C:\WINDOWS\System32\winsh321 not found.

File C:\WINDOWS\System32\winsh320 not found.

Folder C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Fqfkz\ not found.

Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask\ not found.

========== FILES ==========

File\Folder C:\Programme\Ask.com not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Admin

->Temp folder emptied: 16463 bytes

->Temporary Internet Files folder emptied: 1488812 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 664 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1,00 mb

 

 

[EMPTYFLASH]

 

User: Admin

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

Total Flash Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.42.2 log created on 05032012_193157
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Dateien sind noch verschlüsselt
Gruß
Harry

Zitat:

Dateien sind noch verschlüsselt

Ja was denn sonst? :balla:
Wie die entschlüsselt werden dazu gibt es hier genug Hinweise!!

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Hallo Arne,
die Zip-Datei ist Hochgeladen
Gruß
Harry

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hallo Arne,
hie der Log vom TDSS

Code:

 19:27:06.0490 1472        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18

19:27:06.0850 1472        ============================================================

19:27:06.0850 1472        Current date / time: 2012/05/04 19:27:06.0850

19:27:06.0850 1472        SystemInfo:

19:27:06.0850 1472        

19:27:06.0850 1472        OS Version: 5.1.2600 ServicePack: 3.0

19:27:06.0850 1472        Product type: Workstation

19:27:06.0850 1472        ComputerName: TUS

19:27:06.0850 1472        UserName: Admin

19:27:06.0850 1472        Windows directory: C:\WINDOWS

19:27:06.0850 1472        System windows directory: C:\WINDOWS

19:27:06.0850 1472        Processor architecture: Intel x86

19:27:06.0850 1472        Number of processors: 1

19:27:06.0850 1472        Page size: 0x1000

19:27:06.0850 1472        Boot type: Normal boot

19:27:06.0850 1472        ============================================================

19:27:08.0444 1472        Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

19:27:08.0459 1472        Drive \Device\Harddisk1\DR1 - Size: 0xC0720000 (3.01 Gb), SectorSize: 0x200, Cylinders: 0x30E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x80, Type 'K0', Flags 0x00000054

19:27:08.0459 1472        ============================================================

19:27:08.0459 1472        \Device\Harddisk0\DR0:

19:27:08.0459 1472        MBR partitions:

19:27:08.0459 1472        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1388AFC

19:27:08.0475 1472        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388B7A, BlocksNum 0x3700647

19:27:08.0475 1472        \Device\Harddisk1\DR1:

19:27:08.0475 1472        MBR partitions:

19:27:08.0475 1472        \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x6038C1

19:27:08.0475 1472        ============================================================

19:27:08.0709 1472        C: <-> \Device\Harddisk0\DR0\Partition0

19:27:08.0740 1472        D: <-> \Device\Harddisk0\DR0\Partition1

19:27:08.0756 1472        E: <-> \Device\Harddisk1\DR1\Partition0

19:27:08.0756 1472        ============================================================

19:27:08.0756 1472        Initialize success

19:27:08.0756 1472        ============================================================

19:27:17.0709 1548        ============================================================

19:27:17.0709 1548        Scan started

19:27:17.0709 1548        Mode: Manual; SigCheck; TDLFS; 

19:27:17.0709 1548        ============================================================

19:27:17.0959 1548        Abiosdsk - ok

19:27:17.0990 1548        abp480n5 - ok

19:27:18.0053 1548        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:27:18.0990 1548        ACPI - ok

19:27:19.0022 1548        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

19:27:19.0209 1548        ACPIEC - ok

19:27:19.0225 1548        adpu160m - ok

19:27:19.0256 1548        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

19:27:19.0459 1548        aec - ok

19:27:19.0506 1548        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

19:27:19.0553 1548        AFD - ok

19:27:19.0569 1548        Aha154x - ok

19:27:19.0600 1548        aic78u2 - ok

19:27:19.0615 1548        aic78xx - ok

19:27:19.0803 1548        ALCXWDM         (35045a23957a71ba649740741e69408c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

19:27:20.0178 1548        ALCXWDM - ok

19:27:20.0272 1548        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

19:27:20.0459 1548        Alerter - ok

19:27:20.0506 1548        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

19:27:20.0600 1548        ALG - ok

19:27:20.0631 1548        AliIde - ok

19:27:20.0662 1548        amsint - ok

19:27:20.0709 1548        AN983           (e2ad6cc7d407f2b5cb2899775cf84f51) C:\WINDOWS\system32\DRIVERS\AN983.sys

19:27:20.0772 1548        AN983 - ok

19:27:20.0881 1548        AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Programme\Avira\AntiVir Desktop\sched.exe

19:27:20.0912 1548        AntiVirSchedulerService - ok

19:27:20.0959 1548        AntiVirService  (df5a3016052755c910a206058b4a1729) C:\Programme\Avira\AntiVir Desktop\avguard.exe

19:27:21.0006 1548        AntiVirService - ok

19:27:21.0022 1548        AppMgmt - ok

19:27:21.0037 1548        asc - ok

19:27:21.0053 1548        asc3350p - ok

19:27:21.0084 1548        asc3550 - ok

19:27:21.0178 1548        aspnet_state    (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

19:27:21.0209 1548        aspnet_state ( UnsignedFile.Multi.Generic ) - warning

19:27:21.0209 1548        aspnet_state - detected UnsignedFile.Multi.Generic (1)

19:27:21.0240 1548        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:27:21.0428 1548        AsyncMac - ok

19:27:21.0475 1548        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

19:27:21.0709 1548        atapi - ok

19:27:21.0725 1548        Atdisk - ok

19:27:21.0787 1548        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:27:22.0006 1548        Atmarpc - ok

19:27:22.0053 1548        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

19:27:22.0256 1548        AudioSrv - ok

19:27:22.0287 1548        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

19:27:22.0490 1548        audstub - ok

19:27:22.0537 1548        Automatisches LiveUpdate - Scheduler - ok

19:27:22.0584 1548        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys

19:27:22.0600 1548        avgio - ok

19:27:22.0631 1548        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

19:27:22.0694 1548        avgntflt - ok

19:27:22.0725 1548        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

19:27:22.0772 1548        avipbb - ok

19:27:22.0834 1548        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

19:27:23.0053 1548        Beep - ok

19:27:23.0115 1548        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

19:27:23.0381 1548        BITS - ok

19:27:23.0444 1548        Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\WINDOWS\system32\brsvc01a.exe

19:27:23.0490 1548        Brother XP spl Service - ok

19:27:23.0537 1548        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

19:27:23.0756 1548        Browser - ok

19:27:23.0819 1548        BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys

19:27:23.0881 1548        BrScnUsb - ok

19:27:23.0912 1548        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

19:27:24.0131 1548        cbidf2k - ok

19:27:24.0147 1548        cd20xrnt - ok

19:27:24.0194 1548        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

19:27:24.0412 1548        Cdaudio - ok

19:27:24.0475 1548        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

19:27:24.0694 1548        Cdfs - ok

19:27:24.0725 1548        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:27:24.0928 1548        Cdrom - ok

19:27:24.0944 1548        Changer - ok

19:27:25.0006 1548        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

19:27:25.0209 1548        CiSvc - ok

19:27:25.0256 1548        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

19:27:25.0490 1548        ClipSrv - ok

19:27:25.0506 1548        CmdIde - ok

19:27:25.0522 1548        COMSysApp - ok

19:27:25.0553 1548        Cpqarray - ok

19:27:25.0600 1548        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

19:27:25.0819 1548        CryptSvc - ok

19:27:25.0834 1548        dac2w2k - ok

19:27:25.0850 1548        dac960nt - ok

19:27:25.0928 1548        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

19:27:26.0006 1548        DcomLaunch - ok

19:27:26.0069 1548        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

19:27:26.0287 1548        Dhcp - ok

19:27:26.0319 1548        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

19:27:26.0537 1548        Disk - ok

19:27:26.0569 1548        dmadmin - ok

19:27:26.0662 1548        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

19:27:26.0944 1548        dmboot - ok

19:27:26.0975 1548        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

19:27:27.0225 1548        dmio - ok

19:27:27.0272 1548        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

19:27:27.0506 1548        dmload - ok

19:27:27.0537 1548        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

19:27:27.0756 1548        dmserver - ok

19:27:27.0803 1548        DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

19:27:27.0944 1548        DMusic - ok

19:27:27.0990 1548        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

19:27:28.0037 1548        Dnscache - ok

19:27:28.0069 1548        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

19:27:28.0287 1548        Dot3svc - ok

19:27:28.0350 1548        Dot4            (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

19:27:28.0600 1548        Dot4 - ok

19:27:28.0647 1548        Dot4Print       (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

19:27:28.0850 1548        Dot4Print - ok

19:27:28.0897 1548        Dot4Scan        (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys

19:27:29.0147 1548        Dot4Scan - ok

19:27:29.0162 1548        dpti2o - ok

19:27:29.0209 1548        drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

19:27:29.0350 1548        drmkaud - ok

19:27:29.0381 1548        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

19:27:29.0600 1548        EapHost - ok

19:27:29.0678 1548        EraserUtilRebootDrv - ok

19:27:29.0725 1548        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

19:27:29.0944 1548        ERSvc - ok

19:27:29.0975 1548        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

19:27:30.0022 1548        Eventlog - ok

19:27:30.0084 1548        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

19:27:30.0131 1548        EventSystem - ok

19:27:30.0209 1548        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

19:27:30.0412 1548        Fastfat - ok

19:27:30.0475 1548        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

19:27:30.0522 1548        FastUserSwitchingCompatibility - ok

19:27:30.0553 1548        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

19:27:30.0772 1548        Fdc - ok

19:27:30.0803 1548        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

19:27:31.0006 1548        Fips - ok

19:27:31.0037 1548        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

19:27:31.0272 1548        Flpydisk - ok

19:27:31.0319 1548        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

19:27:31.0522 1548        FltMgr - ok

19:27:31.0569 1548        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:27:31.0787 1548        Fs_Rec - ok

19:27:31.0850 1548        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:27:32.0037 1548        Ftdisk - ok

19:27:32.0115 1548        fwdrv           (1ff2eef447a177df2c544b80f8f7f879) C:\WINDOWS\system32\drivers\fwdrv.sys

19:27:32.0147 1548        fwdrv - ok

19:27:32.0194 1548        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:27:32.0412 1548        Gpc - ok

19:27:32.0537 1548        gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe

19:27:32.0553 1548        gupdate - ok

19:27:32.0569 1548        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe

19:27:32.0600 1548        gupdatem - ok

19:27:32.0662 1548        gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

19:27:32.0694 1548        gusvc - ok

19:27:32.0772 1548        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

19:27:32.0975 1548        helpsvc - ok

19:27:32.0990 1548        HidServ - ok

19:27:33.0037 1548        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

19:27:33.0256 1548        hkmsvc - ok

19:27:33.0272 1548        hpn - ok

19:27:33.0350 1548        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

19:27:33.0412 1548        HTTP - ok

19:27:33.0459 1548        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

19:27:33.0678 1548        HTTPFilter - ok

19:27:33.0694 1548        i2omgmt - ok

19:27:33.0709 1548        i2omp - ok

19:27:33.0756 1548        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

19:27:33.0959 1548        i8042prt - ok

19:27:34.0069 1548        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

19:27:34.0100 1548        IDriverT ( UnsignedFile.Multi.Generic ) - warning

19:27:34.0100 1548        IDriverT - detected UnsignedFile.Multi.Generic (1)

19:27:34.0147 1548        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

19:27:34.0365 1548        Imapi - ok

19:27:34.0412 1548        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

19:27:34.0615 1548        ImapiService - ok

19:27:34.0647 1548        ini910u - ok

19:27:34.0678 1548        IntelIde - ok

19:27:34.0725 1548        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

19:27:34.0928 1548        intelppm - ok

19:27:34.0959 1548        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

19:27:35.0178 1548        Ip6Fw - ok

19:27:35.0240 1548        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:27:35.0444 1548        IpFilterDriver - ok

19:27:35.0490 1548        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:27:35.0709 1548        IpInIp - ok

19:27:35.0756 1548        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:27:35.0959 1548        IpNat - ok

19:27:36.0022 1548        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

19:27:36.0225 1548        IPSec - ok

19:27:36.0256 1548        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

19:27:36.0350 1548        IRENUM - ok

19:27:36.0412 1548        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:27:36.0615 1548        isapnp - ok

19:27:36.0740 1548        JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe

19:27:36.0772 1548        JavaQuickStarterService - ok

19:27:36.0819 1548        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:27:37.0022 1548        Kbdclass - ok

19:27:37.0084 1548        khips           (304ce9fb3d64caa07b940bef4f8c2dcd) C:\WINDOWS\system32\drivers\khips.sys

19:27:37.0115 1548        khips - ok

19:27:37.0162 1548        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

19:27:37.0365 1548        kmixer - ok

19:27:37.0475 1548        KPF4            (9ef600c64435ccfdea01c991289e76ec) C:\Programme\Sunbelt Software\Personal Firewall\kpf4ss.exe

19:27:37.0615 1548        KPF4 - ok

19:27:37.0740 1548        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

19:27:37.0819 1548        KSecDD - ok

19:27:37.0865 1548        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

19:27:37.0928 1548        lanmanserver - ok

19:27:37.0975 1548        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

19:27:38.0022 1548        lanmanworkstation - ok

19:27:38.0037 1548        lbrtfdc - ok

19:27:38.0100 1548        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

19:27:38.0303 1548        LmHosts - ok

19:27:38.0350 1548        MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

19:27:38.0365 1548        MBAMSwissArmy - ok

19:27:38.0475 1548        McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe

19:27:38.0506 1548        McComponentHostService - ok

19:27:38.0553 1548        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

19:27:38.0756 1548        Messenger - ok

19:27:38.0803 1548        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

19:27:39.0022 1548        mnmdd - ok

19:27:39.0069 1548        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

19:27:39.0272 1548        mnmsrvc - ok

19:27:39.0303 1548        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

19:27:39.0506 1548        Modem - ok

19:27:39.0537 1548        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:27:39.0740 1548        Mouclass - ok

19:27:39.0756 1548        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

19:27:39.0928 1548        MountMgr - ok

19:27:39.0959 1548        mraid35x - ok

19:27:40.0006 1548        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:27:40.0209 1548        MRxDAV - ok

19:27:40.0272 1548        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

19:27:40.0350 1548        MRxSmb - ok

19:27:40.0381 1548        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

19:27:40.0569 1548        MSDTC - ok

19:27:40.0615 1548        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

19:27:40.0819 1548        Msfs - ok

19:27:40.0834 1548        MSIServer - ok

19:27:40.0881 1548        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:27:41.0084 1548        MSKSSRV - ok

19:27:41.0100 1548        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:27:41.0287 1548        MSPCLOCK - ok

19:27:41.0334 1548        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

19:27:41.0537 1548        MSPQM - ok

19:27:41.0584 1548        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:27:41.0772 1548        mssmbios - ok

19:27:41.0819 1548        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

19:27:41.0865 1548        Mup - ok

19:27:41.0912 1548        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

19:27:42.0115 1548        napagent - ok

19:27:42.0178 1548        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

19:27:42.0397 1548        NDIS - ok

19:27:42.0444 1548        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:27:42.0475 1548        NdisTapi - ok

19:27:42.0506 1548        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:27:42.0709 1548        Ndisuio - ok

19:27:42.0740 1548        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:27:42.0959 1548        NdisWan - ok

19:27:43.0006 1548        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

19:27:43.0053 1548        NDProxy - ok

19:27:43.0069 1548        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

19:27:43.0272 1548        NetBIOS - ok

19:27:43.0334 1548        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

19:27:43.0537 1548        NetBT - ok

19:27:43.0600 1548        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

19:27:43.0803 1548        NetDDE - ok

19:27:43.0834 1548        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

19:27:44.0006 1548        NetDDEdsdm - ok

19:27:44.0022 1548        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

19:27:44.0240 1548        Netlogon - ok

19:27:44.0272 1548        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

19:27:44.0475 1548        Netman - ok

19:27:44.0522 1548        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

19:27:44.0569 1548        Nla - ok

19:27:44.0615 1548        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

19:27:44.0803 1548        Npfs - ok

19:27:44.0881 1548        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

19:27:45.0115 1548        Ntfs - ok

19:27:45.0131 1548        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

19:27:45.0334 1548        NtLmSsp - ok

19:27:45.0381 1548        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

19:27:45.0615 1548        NtmsSvc - ok

19:27:45.0678 1548        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

19:27:45.0865 1548        Null - ok

19:27:45.0897 1548        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:27:46.0115 1548        NwlnkFlt - ok

19:27:46.0147 1548        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:27:46.0365 1548        NwlnkFwd - ok

19:27:46.0444 1548        ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

19:27:46.0506 1548        ose - ok

19:27:46.0553 1548        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

19:27:46.0740 1548        Parport - ok

19:27:46.0772 1548        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

19:27:46.0975 1548        PartMgr - ok

19:27:47.0022 1548        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

19:27:47.0209 1548        ParVdm - ok

19:27:47.0256 1548        PCANDIS5        (d0084a9ade989fe703e4f22171f4e4dc) C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS

19:27:47.0287 1548        PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning

19:27:47.0287 1548        PCANDIS5 - detected UnsignedFile.Multi.Generic (1)

19:27:47.0334 1548        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

19:27:47.0522 1548        PCI - ok

19:27:47.0553 1548        PCIDump - ok

19:27:47.0600 1548        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

19:27:47.0787 1548        PCIIde - ok

19:27:47.0819 1548        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

19:27:48.0022 1548        Pcmcia - ok

19:27:48.0037 1548        PDCOMP - ok

19:27:48.0069 1548        PDFRAME - ok

19:27:48.0084 1548        PDRELI - ok

19:27:48.0115 1548        PDRFRAME - ok

19:27:48.0131 1548        perc2 - ok

19:27:48.0162 1548        perc2hib - ok

19:27:48.0240 1548        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

19:27:48.0256 1548        PlugPlay - ok

19:27:48.0272 1548        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

19:27:48.0475 1548        PolicyAgent - ok

19:27:48.0506 1548        PortTalk        (7d5a2d755b6c6579f63657b527d6ff1b) C:\WINDOWS\system32\Drivers\PtbTalk.sys

19:27:48.0522 1548        PortTalk ( UnsignedFile.Multi.Generic ) - warning

19:27:48.0522 1548        PortTalk - detected UnsignedFile.Multi.Generic (1)

19:27:48.0569 1548        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:27:48.0756 1548        PptpMiniport - ok

19:27:48.0772 1548        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

19:27:48.0959 1548        ProtectedStorage - ok

19:27:48.0975 1548        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

19:27:49.0178 1548        PSched - ok

19:27:49.0240 1548        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:27:49.0412 1548        Ptilink - ok

19:27:49.0428 1548        ql1080 - ok

19:27:49.0444 1548        Ql10wnt - ok

19:27:49.0475 1548        ql12160 - ok

19:27:49.0490 1548        ql1240 - ok

19:27:49.0522 1548        ql1280 - ok

19:27:49.0553 1548        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:27:49.0740 1548        RasAcd - ok

19:27:49.0787 1548        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

19:27:50.0006 1548        RasAuto - ok

19:27:50.0037 1548        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:27:50.0225 1548        Rasl2tp - ok

19:27:50.0287 1548        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

19:27:50.0490 1548        RasMan - ok

19:27:50.0522 1548        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:27:50.0709 1548        RasPppoe - ok

19:27:50.0725 1548        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

19:27:50.0912 1548        Raspti - ok

19:27:50.0959 1548        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:27:51.0147 1548        Rdbss - ok

19:27:51.0194 1548        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:27:51.0412 1548        RDPCDD - ok

19:27:51.0459 1548        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

19:27:51.0522 1548        RDPWD - ok

19:27:51.0569 1548        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

19:27:51.0787 1548        RDSessMgr - ok

19:27:51.0850 1548        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

19:27:52.0037 1548        redbook - ok

19:27:52.0084 1548        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

19:27:52.0287 1548        RemoteAccess - ok

19:27:52.0334 1548        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

19:27:52.0553 1548        RpcLocator - ok

19:27:52.0615 1548        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

19:27:52.0662 1548        RpcSs - ok

19:27:52.0709 1548        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

19:27:52.0912 1548        RSVP - ok

19:27:52.0959 1548        rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

19:27:53.0162 1548        rtl8139 - ok

19:27:53.0209 1548        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

19:27:53.0397 1548        SamSs - ok

19:27:53.0444 1548        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

19:27:53.0647 1548        SCardSvr - ok

19:27:53.0694 1548        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

19:27:53.0912 1548        Schedule - ok

19:27:53.0959 1548        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:27:54.0037 1548        Secdrv - ok

19:27:54.0100 1548        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

19:27:54.0303 1548        seclogon - ok

19:27:54.0334 1548        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

19:27:54.0522 1548        SENS - ok

19:27:54.0553 1548        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

19:27:54.0756 1548        serenum - ok

19:27:54.0819 1548        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

19:27:54.0990 1548        Serial - ok

19:27:55.0037 1548        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

19:27:55.0225 1548        Sfloppy - ok

19:27:55.0272 1548        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

19:27:55.0490 1548        SharedAccess - ok

19:27:55.0553 1548        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

19:27:55.0584 1548        ShellHWDetection - ok

19:27:55.0600 1548        Simbad - ok

19:27:55.0662 1548        SiS315          (7469858341a5b6f22dedd2995f4d2ff2) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

19:27:55.0725 1548        SiS315 - ok

19:27:55.0756 1548        SiSkp           (9a0f86efa0ef99115a23c8624e2e6bc7) C:\WINDOWS\system32\DRIVERS\srvkp.sys

19:27:55.0803 1548        SiSkp - ok

19:27:55.0819 1548        Sparrow - ok

19:27:55.0865 1548        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

19:27:56.0053 1548        splitter - ok

19:27:56.0100 1548        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

19:27:56.0147 1548        Spooler - ok

19:27:56.0194 1548        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

19:27:56.0303 1548        sr - ok

19:27:56.0365 1548        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

19:27:56.0459 1548        srservice - ok

19:27:56.0522 1548        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

19:27:56.0584 1548        Srv - ok

19:27:56.0647 1548        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

19:27:56.0756 1548        SSDPSRV - ok

19:27:56.0803 1548        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

19:27:56.0819 1548        ssmdrv - ok

19:27:56.0881 1548        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

19:27:57.0115 1548        stisvc - ok

19:27:57.0147 1548        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

19:27:57.0350 1548        swenum - ok

19:27:57.0412 1548        swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

19:27:57.0428 1548        swmidi ( UnsignedFile.Multi.Generic ) - warning

19:27:57.0428 1548        swmidi - detected UnsignedFile.Multi.Generic (1)

19:27:57.0428 1548        SwPrv - ok

19:27:57.0459 1548        symc810 - ok

19:27:57.0490 1548        symc8xx - ok

19:27:57.0537 1548        symlcbrd        (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

19:27:57.0569 1548        symlcbrd - ok

19:27:57.0584 1548        sym_hi - ok

19:27:57.0600 1548        sym_u3 - ok

19:27:57.0647 1548        sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

19:27:57.0787 1548        sysaudio - ok

19:27:57.0834 1548        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

19:27:58.0053 1548        SysmonLog - ok

19:27:58.0100 1548        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

19:27:58.0287 1548        TapiSrv - ok

19:27:58.0350 1548        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:27:58.0428 1548        Tcpip - ok

19:27:58.0475 1548        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

19:27:58.0662 1548        TDPIPE - ok

19:27:58.0709 1548        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

19:27:58.0928 1548        TDTCP - ok

19:27:58.0975 1548        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

19:27:59.0178 1548        TermDD - ok

19:27:59.0240 1548        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

19:27:59.0459 1548        TermService - ok

19:27:59.0506 1548        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

19:27:59.0537 1548        Themes - ok

19:27:59.0647 1548        TNPacket        (52ab2f2b0d2fd7cc2fdb489c449feb8e) C:\Programme\T-DSL SpeedManager\TNPACKET.SYS

19:27:59.0662 1548        TNPacket ( UnsignedFile.Multi.Generic ) - warning

19:27:59.0662 1548        TNPacket - detected UnsignedFile.Multi.Generic (1)

19:27:59.0694 1548        TosIde - ok

19:27:59.0756 1548        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

19:27:59.0944 1548        TrkWks - ok

19:27:59.0975 1548        TSMService      (bf2236a5a39b21f694ccd7b5a6639e71) C:\Programme\T-DSL SpeedManager\tsmsvc.exe

19:28:00.0006 1548        TSMService ( UnsignedFile.Multi.Generic ) - warning

19:28:00.0006 1548        TSMService - detected UnsignedFile.Multi.Generic (1)

19:28:00.0053 1548        uagp35          (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys

19:28:00.0209 1548        uagp35 - ok

19:28:00.0240 1548        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

19:28:00.0428 1548        Udfs - ok

19:28:00.0444 1548        ultra - ok

19:28:00.0490 1548        UMWdf           (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe

19:28:00.0537 1548        UMWdf - ok

19:28:00.0615 1548        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

19:28:00.0834 1548        Update - ok

19:28:00.0897 1548        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

19:28:01.0022 1548        upnphost - ok

19:28:01.0069 1548        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

19:28:01.0287 1548        UPS - ok

19:28:01.0350 1548        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:28:01.0522 1548        usbccgp - ok

19:28:01.0569 1548        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:28:01.0772 1548        usbehci - ok

19:28:01.0819 1548        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:28:02.0006 1548        usbhub - ok

19:28:02.0053 1548        usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

19:28:02.0240 1548        usbohci - ok

19:28:02.0287 1548        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

19:28:02.0459 1548        usbprint - ok

19:28:02.0506 1548        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:28:02.0709 1548        USBSTOR - ok

19:28:02.0756 1548        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

19:28:02.0944 1548        VgaSave - ok

19:28:02.0959 1548        ViaIde - ok

19:28:03.0022 1548        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

19:28:03.0194 1548        VolSnap - ok

19:28:03.0256 1548        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

19:28:03.0365 1548        VSS - ok

19:28:03.0428 1548        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

19:28:03.0631 1548        W32Time - ok

19:28:03.0678 1548        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:28:03.0865 1548        Wanarp - ok

19:28:03.0881 1548        WDICA - ok

19:28:03.0944 1548        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

19:28:04.0131 1548        wdmaud - ok

19:28:04.0178 1548        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

19:28:04.0365 1548        WebClient - ok

19:28:04.0428 1548        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

19:28:04.0631 1548        winmgmt - ok

19:28:04.0694 1548        WmdmPmSN        (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll

19:28:04.0772 1548        WmdmPmSN - ok

19:28:04.0819 1548        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

19:28:05.0037 1548        WmiApSrv - ok

19:28:05.0365 1548        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

19:28:05.0553 1548        wscsvc - ok

19:28:05.0600 1548        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

19:28:05.0787 1548        wuauserv - ok

19:28:05.0850 1548        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

19:28:06.0100 1548        WZCSVC - ok

19:28:06.0131 1548        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

19:28:06.0334 1548        xmlprov - ok

19:28:06.0381 1548        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

19:28:06.0709 1548        \Device\Harddisk0\DR0 - ok

19:28:06.0740 1548        MBR (0x1B8)     (672d49b92adfa952c7ad0fb98d4ad10b) \Device\Harddisk1\DR1

19:28:08.0600 1548        \Device\Harddisk1\DR1 - ok

19:28:08.0631 1548        Boot (0x1200)   (ab4fc60439735b5e605b431d684929ce) \Device\Harddisk0\DR0\Partition0

19:28:08.0631 1548        \Device\Harddisk0\DR0\Partition0 - ok

19:28:08.0662 1548        Boot (0x1200)   (08a5f8063296affba09d99ec332eaefa) \Device\Harddisk0\DR0\Partition1

19:28:08.0662 1548        \Device\Harddisk0\DR0\Partition1 - ok

19:28:08.0678 1548        Boot (0x1200)   (8596dc2f1ffbde405285adfb8f432d16) \Device\Harddisk1\DR1\Partition0

19:28:08.0678 1548        \Device\Harddisk1\DR1\Partition0 - ok

19:28:08.0694 1548        ============================================================

19:28:08.0694 1548        Scan finished

19:28:08.0694 1548        ============================================================

19:28:08.0834 2416        Detected object count: 7

19:28:08.0834 2416        Actual detected object count: 7

19:30:44.0490 2416        C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe - copied to quarantine

19:30:44.0490 2416        aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

19:30:44.0662 2416        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe - copied to quarantine

19:30:44.0662 2416        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

19:30:44.0772 2416        C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS - copied to quarantine

19:30:44.0772 2416        PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

19:30:44.0850 2416        C:\WINDOWS\system32\Drivers\PtbTalk.sys - copied to quarantine

19:30:44.0850 2416        PortTalk ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

19:30:44.0944 2416        C:\WINDOWS\system32\drivers\swmidi.sys - copied to quarantine

19:30:44.0944 2416        swmidi ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

19:30:44.0990 2416        C:\Programme\T-DSL SpeedManager\TNPACKET.SYS - copied to quarantine

19:30:44.0990 2416        TNPacket ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

19:30:45.0084 2416        C:\Programme\T-DSL SpeedManager\tsmsvc.exe - copied to quarantine

19:30:45.0084 2416        TSMService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

19:31:05.0037 4040        ============================================================

19:31:05.0037 4040        Scan started

19:31:05.0037 4040        Mode: Manual; SigCheck; TDLFS; 

19:31:05.0037 4040        ============================================================

19:31:05.0225 4040        Abiosdsk - ok

19:31:05.0240 4040        abp480n5 - ok

19:31:05.0319 4040        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:31:05.0600 4040        ACPI - ok

19:31:05.0647 4040        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

19:31:05.0850 4040        ACPIEC - ok

19:31:05.0865 4040        adpu160m - ok

19:31:05.0912 4040        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

19:31:06.0131 4040        aec - ok

19:31:06.0194 4040        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

19:31:06.0225 4040        AFD - ok

19:31:06.0256 4040        Aha154x - ok

19:31:06.0272 4040        aic78u2 - ok

19:31:06.0303 4040        aic78xx - ok

19:31:06.0459 4040        ALCXWDM         (35045a23957a71ba649740741e69408c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

19:31:06.0709 4040        ALCXWDM - ok

19:31:06.0819 4040        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

19:31:07.0037 4040        Alerter - ok

19:31:07.0069 4040        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

19:31:07.0162 4040        ALG - ok

19:31:07.0194 4040        AliIde - ok

19:31:07.0209 4040        amsint - ok

19:31:07.0272 4040        AN983           (e2ad6cc7d407f2b5cb2899775cf84f51) C:\WINDOWS\system32\DRIVERS\AN983.sys

19:31:07.0303 4040        AN983 - ok

19:31:07.0412 4040        AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Programme\Avira\AntiVir Desktop\sched.exe

19:31:07.0428 4040        AntiVirSchedulerService - ok

19:31:07.0490 4040        AntiVirService  (df5a3016052755c910a206058b4a1729) C:\Programme\Avira\AntiVir Desktop\avguard.exe

19:31:07.0506 4040        AntiVirService - ok

19:31:07.0522 4040        AppMgmt - ok

19:31:07.0553 4040        asc - ok

19:31:07.0553 4040        asc3350p - ok

19:31:07.0584 4040        asc3550 - ok

19:31:07.0678 4040        aspnet_state    (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

19:31:07.0709 4040        aspnet_state ( UnsignedFile.Multi.Generic ) - warning

19:31:07.0709 4040        aspnet_state - detected UnsignedFile.Multi.Generic (1)

19:31:07.0772 4040        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:31:07.0959 4040        AsyncMac - ok

19:31:08.0006 4040        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

19:31:08.0256 4040        atapi - ok

19:31:08.0272 4040        Atdisk - ok

19:31:08.0303 4040        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:31:08.0506 4040        Atmarpc - ok

19:31:08.0537 4040        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

19:31:08.0740 4040        AudioSrv - ok

19:31:08.0772 4040        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

19:31:08.0975 4040        audstub - ok

19:31:09.0022 4040        Automatisches LiveUpdate - Scheduler - ok

19:31:09.0069 4040        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys

19:31:09.0084 4040        avgio - ok

19:31:09.0131 4040        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

19:31:09.0162 4040        avgntflt - ok

19:31:09.0194 4040        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

19:31:09.0209 4040        avipbb - ok

19:31:09.0256 4040        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

19:31:09.0444 4040        Beep - ok

19:31:09.0522 4040        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

19:31:09.0725 4040        BITS - ok

19:31:09.0787 4040        Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\WINDOWS\system32\brsvc01a.exe

19:31:09.0819 4040        Brother XP spl Service - ok

19:31:09.0865 4040        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

19:31:10.0084 4040        Browser - ok

19:31:10.0147 4040        BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys

19:31:10.0178 4040        BrScnUsb - ok

19:31:10.0240 4040        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

19:31:10.0444 4040        cbidf2k - ok

19:31:10.0459 4040        cd20xrnt - ok

19:31:10.0506 4040        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

19:31:10.0709 4040        Cdaudio - ok

19:31:10.0756 4040        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

19:31:10.0959 4040        Cdfs - ok

19:31:10.0990 4040        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:31:11.0209 4040        Cdrom - ok

19:31:11.0225 4040        Changer - ok

19:31:11.0272 4040        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

19:31:11.0459 4040        CiSvc - ok

19:31:11.0490 4040        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

19:31:11.0709 4040        ClipSrv - ok

19:31:11.0725 4040        CmdIde - ok

19:31:11.0740 4040        COMSysApp - ok

19:31:11.0772 4040        Cpqarray - ok

19:31:11.0819 4040        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

19:31:12.0037 4040        CryptSvc - ok

19:31:12.0053 4040        dac2w2k - ok

19:31:12.0069 4040        dac960nt - ok

19:31:12.0147 4040        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

19:31:12.0209 4040        DcomLaunch - ok

19:31:12.0287 4040        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

19:31:12.0475 4040        Dhcp - ok

19:31:12.0537 4040        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

19:31:12.0756 4040        Disk - ok

19:31:12.0772 4040        dmadmin - ok

19:31:12.0865 4040        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

19:31:13.0069 4040        dmboot - ok

19:31:13.0131 4040        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

19:31:13.0350 4040        dmio - ok

19:31:13.0381 4040        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

19:31:13.0584 4040        dmload - ok

19:31:13.0631 4040        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

19:31:13.0834 4040        dmserver - ok

19:31:13.0881 4040        DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

19:31:14.0022 4040        DMusic - ok

19:31:14.0069 4040        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

19:31:14.0100 4040        Dnscache - ok

19:31:14.0162 4040        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

19:31:14.0365 4040        Dot3svc - ok

19:31:14.0428 4040        Dot4            (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

19:31:14.0631 4040        Dot4 - ok

19:31:14.0662 4040        Dot4Print       (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

19:31:14.0865 4040        Dot4Print - ok

19:31:14.0912 4040        Dot4Scan        (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys

19:31:15.0115 4040        Dot4Scan - ok

19:31:15.0131 4040        dpti2o - ok

19:31:15.0178 4040        drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

19:31:15.0319 4040        drmkaud - ok

19:31:15.0381 4040        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

19:31:15.0600 4040        EapHost - ok

19:31:15.0678 4040        EraserUtilRebootDrv - ok

19:31:15.0725 4040        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

19:31:15.0912 4040        ERSvc - ok

19:31:15.0959 4040        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

19:31:15.0990 4040        Eventlog - ok

19:31:16.0037 4040        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

19:31:16.0084 4040        EventSystem - ok

19:31:16.0131 4040        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

19:31:16.0334 4040        Fastfat - ok

19:31:16.0381 4040        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

19:31:16.0412 4040        FastUserSwitchingCompatibility - ok

19:31:16.0459 4040        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

19:31:16.0662 4040        Fdc - ok

19:31:16.0709 4040        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

19:31:16.0912 4040        Fips - ok

19:31:16.0944 4040        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

19:31:17.0162 4040        Flpydisk - ok

19:31:17.0209 4040        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

19:31:17.0381 4040        FltMgr - ok

19:31:17.0444 4040        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:31:17.0647 4040        Fs_Rec - ok

19:31:17.0678 4040        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:31:17.0881 4040        Ftdisk - ok

19:31:17.0928 4040        fwdrv           (1ff2eef447a177df2c544b80f8f7f879) C:\WINDOWS\system32\drivers\fwdrv.sys

19:31:17.0959 4040        fwdrv - ok

19:31:18.0006 4040        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:31:18.0209 4040        Gpc - ok

19:31:18.0334 4040        gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe

19:31:18.0365 4040        gupdate - ok

19:31:18.0381 4040        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe

19:31:18.0412 4040        gupdatem - ok

19:31:18.0475 4040        gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

19:31:18.0490 4040        gusvc - ok

19:31:18.0569 4040        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

19:31:18.0756 4040        helpsvc - ok

19:31:18.0772 4040        HidServ - ok

19:31:18.0819 4040        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

19:31:19.0022 4040        hkmsvc - ok

19:31:19.0037 4040        hpn - ok

19:31:19.0100 4040        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

19:31:19.0162 4040        HTTP - ok

19:31:19.0209 4040        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

19:31:19.0428 4040        HTTPFilter - ok

19:31:19.0444 4040        i2omgmt - ok

19:31:19.0475 4040        i2omp - ok

19:31:19.0506 4040        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

19:31:19.0694 4040        i8042prt - ok

19:31:19.0819 4040        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

19:31:19.0850 4040        IDriverT ( UnsignedFile.Multi.Generic ) - warning

19:31:19.0850 4040        IDriverT - detected UnsignedFile.Multi.Generic (1)

19:31:19.0881 4040        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

19:31:20.0084 4040        Imapi - ok

19:31:20.0131 4040        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

19:31:20.0319 4040        ImapiService - ok

19:31:20.0350 4040        ini910u - ok

19:31:20.0381 4040        IntelIde - ok

19:31:20.0428 4040        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

19:31:20.0615 4040        intelppm - ok

19:31:20.0662 4040        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

19:31:20.0865 4040        Ip6Fw - ok

19:31:20.0912 4040        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:31:21.0100 4040        IpFilterDriver - ok

19:31:21.0162 4040        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:31:21.0365 4040        IpInIp - ok

19:31:21.0412 4040        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:31:21.0600 4040        IpNat - ok

19:31:21.0647 4040        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

19:31:21.0850 4040        IPSec - ok

19:31:21.0881 4040        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

19:31:21.0990 4040        IRENUM - ok

19:31:22.0053 4040        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:31:22.0256 4040        isapnp - ok

19:31:22.0365 4040        JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe

19:31:22.0381 4040        JavaQuickStarterService - ok

19:31:22.0428 4040        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:31:22.0615 4040        Kbdclass - ok

19:31:22.0662 4040        khips           (304ce9fb3d64caa07b940bef4f8c2dcd) C:\WINDOWS\system32\drivers\khips.sys

19:31:22.0678 4040        khips - ok

19:31:22.0740 4040        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

19:31:22.0928 4040        kmixer - ok

19:31:23.0037 4040        KPF4            (9ef600c64435ccfdea01c991289e76ec) C:\Programme\Sunbelt Software\Personal Firewall\kpf4ss.exe

19:31:23.0147 4040        KPF4 - ok

19:31:23.0256 4040        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

19:31:23.0287 4040        KSecDD - ok

19:31:23.0350 4040        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

19:31:23.0381 4040        lanmanserver - ok

19:31:23.0444 4040        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

19:31:23.0475 4040        lanmanworkstation - ok

19:31:23.0490 4040        lbrtfdc - ok

19:31:23.0537 4040        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

19:31:23.0725 4040        LmHosts - ok

19:31:23.0772 4040        MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

19:31:23.0803 4040        MBAMSwissArmy - ok

19:31:23.0897 4040        McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe

19:31:23.0912 4040        McComponentHostService - ok

19:31:23.0959 4040        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

19:31:24.0147 4040        Messenger - ok

19:31:24.0194 4040        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

19:31:24.0397 4040        mnmdd - ok

19:31:24.0444 4040        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

19:31:24.0631 4040        mnmsrvc - ok

19:31:24.0662 4040        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

19:31:24.0865 4040        Modem - ok

19:31:24.0897 4040        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:31:25.0100 4040        Mouclass - ok

19:31:25.0131 4040        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

19:31:25.0350 4040        MountMgr - ok

19:31:25.0365 4040        mraid35x - ok

19:31:25.0412 4040        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:31:25.0584 4040        MRxDAV - ok

19:31:25.0647 4040        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

19:31:25.0694 4040        MRxSmb - ok

19:31:25.0725 4040        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

19:31:25.0912 4040        MSDTC - ok

19:31:25.0959 4040        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

19:31:26.0147 4040        Msfs - ok

19:31:26.0162 4040        MSIServer - ok

19:31:26.0194 4040        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:31:26.0397 4040        MSKSSRV - ok

19:31:26.0428 4040        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:31:26.0600 4040        MSPCLOCK - ok

19:31:26.0631 4040        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

19:31:26.0819 4040        MSPQM - ok

19:31:26.0865 4040        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:31:27.0022 4040        mssmbios - ok

19:31:27.0084 4040        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

19:31:27.0115 4040        Mup - ok

19:31:27.0209 4040        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

19:31:27.0397 4040        napagent - ok

19:31:27.0475 4040        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

19:31:27.0662 4040        NDIS - ok

19:31:27.0694 4040        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:31:27.0725 4040        NdisTapi - ok

19:31:27.0756 4040        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:31:27.0944 4040        Ndisuio - ok

19:31:27.0990 4040        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:31:28.0194 4040        NdisWan - ok

19:31:28.0240 4040        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

19:31:28.0272 4040        NDProxy - ok

19:31:28.0303 4040        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

19:31:28.0475 4040        NetBIOS - ok

19:31:28.0537 4040        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

19:31:28.0709 4040        NetBT - ok

19:31:28.0772 4040        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

19:31:28.0959 4040        NetDDE - ok

19:31:28.0959 4040        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

19:31:29.0178 4040        NetDDEdsdm - ok

19:31:29.0209 4040        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

19:31:29.0412 4040        Netlogon - ok

19:31:29.0459 4040        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

19:31:29.0647 4040        Netman - ok

19:31:29.0694 4040        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

19:31:29.0725 4040        Nla - ok

19:31:29.0772 4040        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

19:31:29.0959 4040        Npfs - ok

19:31:30.0037 4040        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

19:31:30.0256 4040        Ntfs - ok

19:31:30.0272 4040        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

19:31:30.0459 4040        NtLmSsp - ok

19:31:30.0506 4040        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

19:31:30.0709 4040        NtmsSvc - ok

19:31:30.0756 4040        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

19:31:30.0928 4040        Null - ok

19:31:30.0975 4040        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:31:31.0178 4040        NwlnkFlt - ok

19:31:31.0225 4040        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:31:31.0412 4040        NwlnkFwd - ok

19:31:31.0490 4040        ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

19:31:31.0506 4040        ose - ok

19:31:31.0569 4040        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

19:31:31.0756 4040        Parport - ok

19:31:31.0787 4040        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

19:31:32.0006 4040        PartMgr - ok

19:31:32.0053 4040        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

19:31:32.0225 4040        ParVdm - ok

19:31:32.0287 4040        PCANDIS5        (d0084a9ade989fe703e4f22171f4e4dc) C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS

19:31:32.0319 4040        PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning

19:31:32.0319 4040        PCANDIS5 - detected UnsignedFile.Multi.Generic (1)

19:31:32.0365 4040        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

19:31:32.0569 4040        PCI - ok

19:31:32.0584 4040        PCIDump - ok

19:31:32.0647 4040        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

19:31:32.0834 4040        PCIIde - ok

19:31:32.0881 4040        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

19:31:33.0069 4040        Pcmcia - ok

19:31:33.0084 4040        PDCOMP - ok

19:31:33.0115 4040        PDFRAME - ok

19:31:33.0131 4040        PDRELI - ok

19:31:33.0162 4040        PDRFRAME - ok

19:31:33.0194 4040        perc2 - ok

19:31:33.0209 4040        perc2hib - ok

19:31:33.0287 4040        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

19:31:33.0319 4040        PlugPlay - ok

19:31:33.0334 4040        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

19:31:33.0537 4040        PolicyAgent - ok

19:31:33.0569 4040        PortTalk        (7d5a2d755b6c6579f63657b527d6ff1b) C:\WINDOWS\system32\Drivers\PtbTalk.sys

19:31:33.0584 4040        PortTalk ( UnsignedFile.Multi.Generic ) - warning

19:31:33.0584 4040        PortTalk - detected UnsignedFile.Multi.Generic (1)

19:31:33.0631 4040        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:31:33.0819 4040        PptpMiniport - ok

19:31:33.0850 4040        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

19:31:34.0022 4040        ProtectedStorage - ok

19:31:34.0053 4040        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

19:31:34.0240 4040        PSched - ok

19:31:34.0287 4040        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:31:34.0475 4040        Ptilink - ok

19:31:34.0490 4040        ql1080 - ok

19:31:34.0522 4040        Ql10wnt - ok

19:31:34.0537 4040        ql12160 - ok

19:31:34.0569 4040        ql1240 - ok

19:31:34.0584 4040        ql1280 - ok

19:31:34.0615 4040        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:31:34.0803 4040        RasAcd - ok

19:31:34.0850 4040        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

19:31:35.0053 4040        RasAuto - ok

19:31:35.0069 4040        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:31:35.0272 4040        Rasl2tp - ok

19:31:35.0334 4040        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

19:31:35.0522 4040        RasMan - ok

19:31:35.0537 4040        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:31:35.0725 4040        RasPppoe - ok

19:31:35.0756 4040        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

19:31:35.0912 4040        Raspti - ok

19:31:35.0975 4040        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:31:36.0147 4040        Rdbss - ok

19:31:36.0194 4040        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:31:36.0365 4040        RDPCDD - ok

19:31:36.0412 4040        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

19:31:36.0459 4040        RDPWD - ok

19:31:36.0506 4040        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

19:31:36.0694 4040        RDSessMgr - ok

19:31:36.0756 4040        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

19:31:36.0944 4040        redbook - ok

19:31:36.0990 4040        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

19:31:37.0178 4040        RemoteAccess - ok

19:31:37.0225 4040        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

19:31:37.0412 4040        RpcLocator - ok

19:31:37.0475 4040        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

19:31:37.0522 4040        RpcSs - ok

19:31:37.0584 4040        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

19:31:37.0756 4040        RSVP - ok

19:31:37.0819 4040        rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

19:31:37.0975 4040        rtl8139 - ok

19:31:38.0037 4040        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

19:31:38.0225 4040        SamSs - ok

19:31:38.0272 4040        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

19:31:38.0444 4040        SCardSvr - ok

19:31:38.0490 4040        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

19:31:38.0662 4040        Schedule - ok

19:31:38.0709 4040        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:31:38.0787 4040        Secdrv - ok

19:31:38.0850 4040        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

19:31:39.0022 4040        seclogon - ok

19:31:39.0069 4040        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

19:31:39.0240 4040        SENS - ok

19:31:39.0287 4040        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

19:31:39.0506 4040        serenum - ok

19:31:39.0537 4040        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

19:31:39.0709 4040        Serial - ok

19:31:39.0740 4040        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

19:31:39.0928 4040        Sfloppy - ok

19:31:39.0990 4040        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

19:31:40.0209 4040        SharedAccess - ok

19:31:40.0256 4040        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

19:31:40.0272 4040        ShellHWDetection - ok

19:31:40.0287 4040        Simbad - ok

19:31:40.0350 4040        SiS315          (7469858341a5b6f22dedd2995f4d2ff2) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

19:31:40.0397 4040        SiS315 - ok

19:31:40.0412 4040        SiSkp           (9a0f86efa0ef99115a23c8624e2e6bc7) C:\WINDOWS\system32\DRIVERS\srvkp.sys

19:31:40.0444 4040        SiSkp - ok

19:31:40.0475 4040        Sparrow - ok

19:31:40.0506 4040        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

19:31:40.0694 4040        splitter - ok

19:31:40.0740 4040        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

19:31:40.0787 4040        Spooler - ok

19:31:40.0834 4040        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

19:31:40.0928 4040        sr - ok

19:31:40.0959 4040        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

19:31:41.0069 4040        srservice - ok

19:31:41.0115 4040        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

19:31:41.0178 4040        Srv - ok

19:31:41.0240 4040        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

19:31:41.0334 4040        SSDPSRV - ok

19:31:41.0365 4040        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

19:31:41.0381 4040        ssmdrv - ok

19:31:41.0459 4040        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

19:31:41.0662 4040        stisvc - ok

19:31:41.0709 4040        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

19:31:41.0912 4040        swenum - ok

19:31:41.0959 4040        swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

19:31:41.0975 4040        swmidi ( UnsignedFile.Multi.Generic ) - warning

19:31:41.0975 4040        swmidi - detected UnsignedFile.Multi.Generic (1)

19:31:41.0990 4040        SwPrv - ok

19:31:42.0022 4040        symc810 - ok

19:31:42.0053 4040        symc8xx - ok

19:31:42.0100 4040        symlcbrd        (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

19:31:42.0115 4040        symlcbrd - ok

19:31:42.0131 4040        sym_hi - ok

19:31:42.0162 4040        sym_u3 - ok

19:31:42.0209 4040        sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

19:31:42.0334 4040        sysaudio - ok

19:31:42.0397 4040        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

19:31:42.0584 4040        SysmonLog - ok

19:31:42.0631 4040        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

19:31:42.0819 4040        TapiSrv - ok

19:31:42.0897 4040        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:31:42.0944 4040        Tcpip - ok

19:31:43.0006 4040        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

19:31:43.0178 4040        TDPIPE - ok

19:31:43.0225 4040        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

19:31:43.0428 4040        TDTCP - ok

19:31:43.0475 4040        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

19:31:43.0662 4040        TermDD - ok

19:31:43.0740 4040        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

19:31:43.0912 4040        TermService - ok

19:31:43.0959 4040        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

19:31:43.0990 4040        Themes - ok

19:31:44.0084 4040        TNPacket        (52ab2f2b0d2fd7cc2fdb489c449feb8e) C:\Programme\T-DSL SpeedManager\TNPACKET.SYS

19:31:44.0100 4040        TNPacket ( UnsignedFile.Multi.Generic ) - warning

19:31:44.0100 4040        TNPacket - detected UnsignedFile.Multi.Generic (1)

19:31:44.0115 4040        TosIde - ok

19:31:44.0178 4040        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

19:31:44.0381 4040        TrkWks - ok

19:31:44.0428 4040        TSMService      (bf2236a5a39b21f694ccd7b5a6639e71) C:\Programme\T-DSL SpeedManager\tsmsvc.exe

19:31:44.0444 4040        TSMService ( UnsignedFile.Multi.Generic ) - warning

19:31:44.0444 4040        TSMService - detected UnsignedFile.Multi.Generic (1)

19:31:44.0506 4040        uagp35          (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys

19:31:44.0647 4040        uagp35 - ok

19:31:44.0694 4040        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

19:31:44.0850 4040        Udfs - ok

19:31:44.0865 4040        ultra - ok

19:31:44.0912 4040        UMWdf           (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe

19:31:44.0944 4040        UMWdf - ok

19:31:45.0006 4040        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

19:31:45.0225 4040        Update - ok

19:31:45.0272 4040        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

19:31:45.0381 4040        upnphost - ok

19:31:45.0428 4040        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

19:31:45.0600 4040        UPS - ok

19:31:45.0662 4040        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:31:45.0834 4040        usbccgp - ok

19:31:45.0881 4040        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:31:46.0069 4040        usbehci - ok

19:31:46.0115 4040        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:31:46.0303 4040        usbhub - ok

19:31:46.0350 4040        usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

19:31:46.0522 4040        usbohci - ok

19:31:46.0569 4040        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

19:31:46.0772 4040        usbprint - ok

19:31:46.0803 4040        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:31:46.0975 4040        USBSTOR - ok

19:31:47.0022 4040        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

19:31:47.0209 4040        VgaSave - ok

19:31:47.0240 4040        ViaIde - ok

19:31:47.0287 4040        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

19:31:47.0459 4040        VolSnap - ok

19:31:47.0522 4040        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

19:31:47.0615 4040        VSS - ok

19:31:47.0678 4040        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

19:31:47.0834 4040        W32Time - ok

19:31:47.0897 4040        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:31:48.0100 4040        Wanarp - ok

19:31:48.0115 4040        WDICA - ok

19:31:48.0162 4040        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

19:31:48.0334 4040        wdmaud - ok

19:31:48.0381 4040        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

19:31:48.0553 4040        WebClient - ok

19:31:48.0647 4040        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

19:31:48.0819 4040        winmgmt - ok

19:31:48.0881 4040        WmdmPmSN        (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll

19:31:48.0928 4040        WmdmPmSN - ok

19:31:48.0990 4040        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

19:31:49.0178 4040        WmiApSrv - ok

19:31:49.0240 4040        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

19:31:49.0412 4040        wscsvc - ok

19:31:49.0459 4040        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

19:31:49.0631 4040        wuauserv - ok

19:31:49.0694 4040        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

19:31:49.0897 4040        WZCSVC - ok

19:31:49.0928 4040        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

19:31:50.0115 4040        xmlprov - ok

19:31:50.0147 4040        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

19:31:50.0459 4040        \Device\Harddisk0\DR0 - ok

19:31:50.0475 4040        MBR (0x1B8)     (672d49b92adfa952c7ad0fb98d4ad10b) \Device\Harddisk1\DR1

19:31:52.0334 4040        \Device\Harddisk1\DR1 - ok

19:31:52.0365 4040        Boot (0x1200)   (ab4fc60439735b5e605b431d684929ce) \Device\Harddisk0\DR0\Partition0

19:31:52.0365 4040        \Device\Harddisk0\DR0\Partition0 - ok

19:31:52.0397 4040        Boot (0x1200)   (08a5f8063296affba09d99ec332eaefa) \Device\Harddisk0\DR0\Partition1

19:31:52.0397 4040        \Device\Harddisk0\DR0\Partition1 - ok

19:31:52.0428 4040        Boot (0x1200)   (8596dc2f1ffbde405285adfb8f432d16) \Device\Harddisk1\DR1\Partition0

19:31:52.0428 4040        \Device\Harddisk1\DR1\Partition0 - ok

19:31:52.0444 4040        ============================================================

19:31:52.0444 4040        Scan finished

19:31:52.0444 4040        ============================================================

19:31:52.0475 4068        Detected object count: 7

19:31:52.0475 4068        Actual detected object count: 7

19:32:06.0412 4068        C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe - copied to quarantine

19:32:06.0412 4068        aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

19:32:06.0553 4068        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe - copied to quarantine

19:32:06.0553 4068        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

19:32:06.0647 4068        C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS - copied to quarantine

19:32:06.0647 4068        PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

19:32:06.0725 4068        C:\WINDOWS\system32\Drivers\PtbTalk.sys - copied to quarantine

19:32:06.0725 4068        PortTalk ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

19:32:06.0834 4068        C:\WINDOWS\system32\drivers\swmidi.sys - copied to quarantine

19:32:06.0850 4068        swmidi ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

19:32:06.0881 4068        C:\Programme\T-DSL SpeedManager\TNPACKET.SYS - copied to quarantine

19:32:06.0881 4068        TNPacket ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

19:32:06.0959 4068        C:\Programme\T-DSL SpeedManager\tsmsvc.exe - copied to quarantine

19:32:06.0959 4068        TSMService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

19:32:22.0725 2176        Deinitialize success

Gruß
Harry

Was bitte hast du eigentlich an diesem Hinweis nicht verstanden?!

Zitat:

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Du solltest erstmal jeden Fund mit dem TDSS-Killer nur überspringen (skippen) und nichts anderes machen!!

Hallo Arne,
ich habe nichts gelöscht nur in Quarantie gelegt.
Hier ein neuer lauf vom TDSS

Code:

00:26:51.0878 2264        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18

00:26:53.0878 2264        ============================================================

00:26:53.0878 2264        Current date / time: 2012/05/05 00:26:53.0878

00:26:53.0878 2264        SystemInfo:

00:26:53.0878 2264        

00:26:53.0878 2264        OS Version: 5.1.2600 ServicePack: 3.0

00:26:53.0878 2264        Product type: Workstation

00:26:53.0878 2264        ComputerName: TUS

00:26:53.0878 2264        UserName: Admin

00:26:53.0878 2264        Windows directory: C:\WINDOWS

00:26:53.0878 2264        System windows directory: C:\WINDOWS

00:26:53.0878 2264        Processor architecture: Intel x86

00:26:53.0878 2264        Number of processors: 1

00:26:53.0878 2264        Page size: 0x1000

00:26:53.0878 2264        Boot type: Normal boot

00:26:53.0878 2264        ============================================================

00:27:07.0300 2264        Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

00:27:07.0316 2264        Drive \Device\Harddisk1\DR1 - Size: 0xC0720000 (3.01 Gb), SectorSize: 0x200, Cylinders: 0x30E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x80, Type 'K0', Flags 0x00000054

00:27:07.0425 2264        ============================================================

00:27:07.0425 2264        \Device\Harddisk0\DR0:

00:27:07.0503 2264        MBR partitions:

00:27:07.0503 2264        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1388AFC

00:27:07.0550 2264        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388B7A, BlocksNum 0x3700647

00:27:07.0550 2264        \Device\Harddisk1\DR1:

00:27:07.0597 2264        MBR partitions:

00:27:07.0597 2264        \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x6038C1

00:27:07.0597 2264        ============================================================

00:27:07.0769 2264        C: <-> \Device\Harddisk0\DR0\Partition0

00:27:07.0988 2264        D: <-> \Device\Harddisk0\DR0\Partition1

00:27:08.0082 2264        E: <-> \Device\Harddisk1\DR1\Partition0

00:27:08.0253 2264        ============================================================

00:27:08.0253 2264        Initialize success

00:27:08.0253 2264        ============================================================

00:27:15.0754 2716        ============================================================

00:27:15.0754 2716        Scan started

00:27:15.0754 2716        Mode: Manual; SigCheck; TDLFS; 

00:27:15.0754 2716        ============================================================

00:27:17.0394 2716        Abiosdsk - ok

00:27:17.0410 2716        abp480n5 - ok

00:27:17.0785 2716        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

00:27:22.0442 2716        ACPI - ok

00:27:22.0504 2716        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

00:27:22.0863 2716        ACPIEC - ok

00:27:22.0879 2716        adpu160m - ok

00:27:23.0238 2716        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

00:27:23.0535 2716        aec - ok

00:27:23.0848 2716        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

00:27:24.0004 2716        AFD - ok

00:27:24.0020 2716        Aha154x - ok

00:27:24.0035 2716        aic78u2 - ok

00:27:24.0067 2716        aic78xx - ok

00:27:28.0332 2716        ALCXWDM         (35045a23957a71ba649740741e69408c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

00:27:29.0848 2716        ALCXWDM - ok

00:27:32.0083 2716        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

00:27:32.0317 2716        Alerter - ok

00:27:32.0426 2716        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

00:27:32.0614 2716        ALG - ok

00:27:32.0770 2716        AliIde - ok

00:27:32.0786 2716        amsint - ok

00:27:32.0973 2716        AN983           (e2ad6cc7d407f2b5cb2899775cf84f51) C:\WINDOWS\system32\DRIVERS\AN983.sys

00:27:33.0223 2716        AN983 - ok

00:27:34.0255 2716        AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Programme\Avira\AntiVir Desktop\sched.exe

00:27:34.0411 2716        AntiVirSchedulerService - ok

00:27:34.0942 2716        AntiVirService  (df5a3016052755c910a206058b4a1729) C:\Programme\Avira\AntiVir Desktop\avguard.exe

00:27:35.0036 2716        AntiVirService - ok

00:27:35.0036 2716        AppMgmt - ok

00:27:35.0051 2716        asc - ok

00:27:35.0083 2716        asc3350p - ok

00:27:35.0098 2716        asc3550 - ok

00:27:35.0426 2716        aspnet_state    (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

00:27:35.0552 2716        aspnet_state ( UnsignedFile.Multi.Generic ) - warning

00:27:35.0552 2716        aspnet_state - detected UnsignedFile.Multi.Generic (1)

00:27:35.0708 2716        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

00:27:35.0958 2716        AsyncMac - ok

00:27:36.0114 2716        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

00:27:36.0348 2716        atapi - ok

00:27:36.0380 2716        Atdisk - ok

00:27:36.0911 2716        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

00:27:37.0192 2716        Atmarpc - ok

00:27:37.0286 2716        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

00:27:37.0520 2716        AudioSrv - ok

00:27:37.0630 2716        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

00:27:37.0880 2716        audstub - ok

00:27:38.0036 2716        Automatisches LiveUpdate - Scheduler - ok

00:27:38.0114 2716        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys

00:27:38.0145 2716        avgio - ok

00:27:38.0708 2716        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

00:27:38.0927 2716        avgntflt - ok

00:27:39.0364 2716        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

00:27:39.0458 2716        avipbb - ok

00:27:39.0536 2716        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

00:27:39.0770 2716        Beep - ok

00:27:40.0505 2716        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

00:27:41.0114 2716        BITS - ok

00:27:41.0224 2716        Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\WINDOWS\system32\brsvc01a.exe

00:27:41.0286 2716        Brother XP spl Service - ok

00:27:41.0614 2716        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

00:27:41.0911 2716        Browser - ok

00:27:41.0974 2716        BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys

00:27:42.0130 2716        BrScnUsb - ok

00:27:42.0255 2716        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

00:27:42.0646 2716        cbidf2k - ok

00:27:42.0661 2716        cd20xrnt - ok

00:27:42.0708 2716        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

00:27:42.0974 2716        Cdaudio - ok

00:27:43.0052 2716        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

00:27:43.0302 2716        Cdfs - ok

00:27:43.0411 2716        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

00:27:43.0692 2716        Cdrom - ok

00:27:43.0692 2716        Changer - ok

00:27:43.0802 2716        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

00:27:44.0021 2716        CiSvc - ok

00:27:44.0099 2716        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

00:27:44.0396 2716        ClipSrv - ok

00:27:44.0411 2716        CmdIde - ok

00:27:44.0443 2716        COMSysApp - ok

00:27:44.0474 2716        Cpqarray - ok

00:27:44.0864 2716        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

00:27:45.0114 2716        CryptSvc - ok

00:27:45.0114 2716        dac2w2k - ok

00:27:45.0146 2716        dac960nt - ok

00:27:46.0083 2716        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

00:27:46.0318 2716        DcomLaunch - ok

00:27:46.0646 2716        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

00:27:46.0896 2716        Dhcp - ok

00:27:47.0083 2716        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

00:27:47.0380 2716        Disk - ok

00:27:47.0396 2716        dmadmin - ok

00:27:48.0943 2716        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

00:27:49.0583 2716        dmboot - ok

00:27:49.0927 2716        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

00:27:50.0287 2716        dmio - ok

00:27:50.0412 2716        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

00:27:50.0662 2716        dmload - ok

00:27:50.0802 2716        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

00:27:51.0099 2716        dmserver - ok

00:27:51.0177 2716        DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

00:27:51.0349 2716        DMusic - ok

00:27:51.0583 2716        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

00:27:51.0740 2716        Dnscache - ok

00:27:52.0146 2716        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

00:27:52.0443 2716        Dot3svc - ok

00:27:52.0896 2716        Dot4            (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

00:27:53.0209 2716        Dot4 - ok

00:27:53.0287 2716        Dot4Print       (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

00:27:53.0537 2716        Dot4Print - ok

00:27:53.0787 2716        Dot4Scan        (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys

00:27:54.0037 2716        Dot4Scan - ok

00:27:54.0052 2716        dpti2o - ok

00:27:54.0099 2716        drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

00:27:54.0271 2716        drmkaud - ok

00:27:54.0505 2716        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

00:27:54.0787 2716        EapHost - ok

00:27:54.0990 2716        EraserUtilRebootDrv - ok

00:27:55.0146 2716        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

00:27:55.0381 2716        ERSvc - ok

00:27:56.0177 2716        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

00:27:56.0240 2716        Eventlog - ok

00:27:56.0677 2716        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

00:27:56.0865 2716        EventSystem - ok

00:27:57.0099 2716        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

00:27:57.0381 2716        Fastfat - ok

00:27:57.0896 2716        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

00:27:58.0146 2716        FastUserSwitchingCompatibility - ok

00:27:58.0349 2716        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

00:27:58.0709 2716        Fdc - ok

00:27:58.0943 2716        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

00:27:59.0240 2716        Fips - ok

00:27:59.0318 2716        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

00:27:59.0568 2716        Flpydisk - ok

00:27:59.0834 2716        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

00:28:00.0193 2716        FltMgr - ok

00:28:00.0365 2716        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

00:28:00.0615 2716        Fs_Rec - ok

00:28:01.0553 2716        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

00:28:01.0928 2716        Ftdisk - ok

00:28:02.0475 2716        fwdrv           (1ff2eef447a177df2c544b80f8f7f879) C:\WINDOWS\system32\drivers\fwdrv.sys

00:28:02.0646 2716        fwdrv - ok

00:28:02.0709 2716        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

00:28:02.0943 2716        Gpc - ok

00:28:03.0365 2716        gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe

00:28:03.0443 2716        gupdate - ok

00:28:03.0459 2716        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe

00:28:03.0490 2716        gupdatem - ok

00:28:03.0912 2716        gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

00:28:04.0100 2716        gusvc - ok

00:28:04.0162 2716        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

00:28:05.0303 2716        helpsvc - ok

00:28:05.0318 2716        HidServ - ok

00:28:05.0803 2716        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

00:28:09.0241 2716        hkmsvc - ok

00:28:09.0272 2716        hpn - ok

00:28:09.0350 2716        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

00:28:09.0522 2716        HTTP - ok

00:28:09.0584 2716        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

00:28:10.0787 2716        HTTPFilter - ok

00:28:10.0803 2716        i2omgmt - ok

00:28:10.0819 2716        i2omp - ok

00:28:10.0944 2716        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

00:28:11.0225 2716        i8042prt - ok

00:28:11.0553 2716        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

00:28:11.0725 2716        IDriverT ( UnsignedFile.Multi.Generic ) - warning

00:28:11.0756 2716        IDriverT - detected UnsignedFile.Multi.Generic (1)

00:28:11.0944 2716        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

00:28:12.0209 2716        Imapi - ok

00:28:12.0709 2716        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

00:28:19.0335 2716        ImapiService - ok

00:28:19.0366 2716        ini910u - ok

00:28:19.0397 2716        IntelIde - ok

00:28:19.0710 2716        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

00:28:20.0022 2716        intelppm - ok

00:28:20.0116 2716        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

00:28:20.0397 2716        Ip6Fw - ok

00:28:20.0475 2716        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

00:28:20.0741 2716        IpFilterDriver - ok

00:28:20.0975 2716        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

00:28:21.0288 2716        IpInIp - ok

00:28:21.0757 2716        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

00:28:22.0054 2716        IpNat - ok

00:28:22.0335 2716        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

00:28:22.0616 2716        IPSec - ok

00:28:22.0694 2716        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

00:28:22.0819 2716        IRENUM - ok

00:28:23.0116 2716        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

00:28:23.0366 2716        isapnp - ok

00:28:24.0491 2716        JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe

00:28:25.0116 2716        JavaQuickStarterService - ok

00:28:25.0647 2716        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

00:28:25.0944 2716        Kbdclass - ok

00:28:26.0585 2716        khips           (304ce9fb3d64caa07b940bef4f8c2dcd) C:\WINDOWS\system32\drivers\khips.sys

00:28:26.0710 2716        khips - ok

00:28:28.0069 2716        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

00:28:28.0491 2716        kmixer - ok

00:28:32.0023 2716        KPF4            (9ef600c64435ccfdea01c991289e76ec) C:\Programme\Sunbelt Software\Personal Firewall\kpf4ss.exe

00:28:33.0210 2716        KPF4 - ok

00:28:34.0617 2716        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

00:28:34.0929 2716        KSecDD - ok

00:28:35.0335 2716        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

00:28:35.0554 2716        lanmanserver - ok

00:28:35.0851 2716        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

00:28:36.0132 2716        lanmanworkstation - ok

00:28:36.0148 2716        lbrtfdc - ok

00:28:36.0226 2716        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

00:28:36.0507 2716        LmHosts - ok

00:28:36.0789 2716        MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

00:28:36.0898 2716        MBAMSwissArmy - ok

00:28:37.0382 2716        McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe

00:28:37.0507 2716        McComponentHostService - ok

00:28:37.0601 2716        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

00:28:37.0836 2716        Messenger - ok

00:28:37.0898 2716        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

00:28:38.0132 2716        mnmdd - ok

00:28:38.0414 2716        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

00:28:38.0711 2716        mnmsrvc - ok

00:28:38.0867 2716        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

00:28:39.0164 2716        Modem - ok

00:28:39.0289 2716        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

00:28:39.0539 2716        Mouclass - ok

00:28:39.0851 2716        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

00:28:40.0086 2716        MountMgr - ok

00:28:40.0117 2716        mraid35x - ok

00:28:40.0258 2716        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

00:28:40.0476 2716        MRxDAV - ok

00:28:40.0883 2716        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

00:28:41.0242 2716        MRxSmb - ok

00:28:41.0304 2716        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

00:28:41.0586 2716        MSDTC - ok

00:28:41.0664 2716        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

00:28:41.0898 2716        Msfs - ok

00:28:41.0914 2716        MSIServer - ok

00:28:41.0976 2716        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

00:28:42.0195 2716        MSKSSRV - ok

00:28:42.0258 2716        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

00:28:42.0523 2716        MSPCLOCK - ok

00:28:42.0586 2716        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

00:28:42.0820 2716        MSPQM - ok

00:28:42.0883 2716        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

00:28:43.0133 2716        mssmbios - ok

00:28:43.0226 2716        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

00:28:43.0398 2716        Mup - ok

00:28:43.0742 2716        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

00:28:43.0992 2716        napagent - ok

00:28:44.0101 2716        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

00:28:44.0351 2716        NDIS - ok

00:28:44.0430 2716        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

00:28:44.0539 2716        NdisTapi - ok

00:28:44.0570 2716        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

00:28:44.0789 2716        Ndisuio - ok

00:28:44.0867 2716        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

00:28:45.0133 2716        NdisWan - ok

00:28:45.0227 2716        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

00:28:45.0320 2716        NDProxy - ok

00:28:45.0398 2716        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

00:28:45.0617 2716        NetBIOS - ok

00:28:45.0742 2716        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

00:28:45.0977 2716        NetBT - ok

00:28:46.0055 2716        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

00:28:46.0289 2716        NetDDE - ok

00:28:46.0305 2716        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

00:28:46.0539 2716        NetDDEdsdm - ok

00:28:46.0586 2716        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

00:28:46.0852 2716        Netlogon - ok

00:28:47.0352 2716        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

00:28:47.0711 2716        Netman - ok

00:28:47.0961 2716        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

00:28:48.0133 2716        Nla - ok

00:28:48.0227 2716        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

00:28:48.0477 2716        Npfs - ok

00:28:48.0961 2716        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

00:28:49.0570 2716        Ntfs - ok

00:28:49.0586 2716        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

00:28:49.0820 2716        NtLmSsp - ok

00:28:50.0008 2716        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

00:28:50.0305 2716        NtmsSvc - ok

00:28:50.0336 2716        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

00:28:50.0586 2716        Null - ok

00:28:50.0633 2716        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

00:28:50.0867 2716        NwlnkFlt - ok

00:28:50.0992 2716        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

00:28:51.0289 2716        NwlnkFwd - ok

00:28:51.0508 2716        ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

00:28:51.0633 2716        ose - ok

00:28:51.0774 2716        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

00:28:52.0055 2716        Parport - ok

00:28:52.0086 2716        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

00:28:52.0336 2716        PartMgr - ok

00:28:52.0414 2716        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

00:28:52.0602 2716        ParVdm - ok

00:28:52.0727 2716        PCANDIS5        (d0084a9ade989fe703e4f22171f4e4dc) C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS

00:28:52.0805 2716        PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning

00:28:52.0805 2716        PCANDIS5 - detected UnsignedFile.Multi.Generic (1)

00:28:52.0883 2716        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

00:28:53.0117 2716        PCI - ok

00:28:53.0133 2716        PCIDump - ok

00:28:53.0164 2716        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

00:28:53.0399 2716        PCIIde - ok

00:28:53.0492 2716        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

00:28:53.0711 2716        Pcmcia - ok

00:28:53.0727 2716        PDCOMP - ok

00:28:53.0758 2716        PDFRAME - ok

00:28:53.0774 2716        PDRELI - ok

00:28:53.0805 2716        PDRFRAME - ok

00:28:53.0821 2716        perc2 - ok

00:28:53.0836 2716        perc2hib - ok

00:28:53.0993 2716        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

00:28:54.0071 2716        PlugPlay - ok

00:28:54.0086 2716        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

00:28:54.0305 2716        PolicyAgent - ok

00:28:54.0399 2716        PortTalk        (7d5a2d755b6c6579f63657b527d6ff1b) C:\WINDOWS\system32\Drivers\PtbTalk.sys

00:28:54.0446 2716        PortTalk ( UnsignedFile.Multi.Generic ) - warning

00:28:54.0446 2716        PortTalk - detected UnsignedFile.Multi.Generic (1)

00:28:54.0571 2716        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

00:28:54.0805 2716        PptpMiniport - ok

00:28:54.0836 2716        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

00:28:55.0008 2716        ProtectedStorage - ok

00:28:55.0227 2716        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

00:28:55.0477 2716        PSched - ok

00:28:55.0539 2716        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

00:28:55.0758 2716        Ptilink - ok

00:28:55.0774 2716        ql1080 - ok

00:28:55.0789 2716        Ql10wnt - ok

00:28:55.0821 2716        ql12160 - ok

00:28:55.0836 2716        ql1240 - ok

00:28:55.0852 2716        ql1280 - ok

00:28:55.0899 2716        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

00:28:56.0118 2716        RasAcd - ok

00:28:56.0211 2716        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

00:28:56.0446 2716        RasAuto - ok

00:28:56.0540 2716        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

00:28:56.0758 2716        Rasl2tp - ok

00:28:56.0993 2716        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

00:28:57.0243 2716        RasMan - ok

00:28:57.0321 2716        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

00:28:57.0555 2716        RasPppoe - ok

00:28:57.0586 2716        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

00:28:57.0805 2716        Raspti - ok

00:28:57.0977 2716        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

00:28:58.0227 2716        Rdbss - ok

00:28:58.0290 2716        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

00:28:58.0524 2716        RDPCDD - ok

00:28:58.0696 2716        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

00:28:58.0836 2716        RDPWD - ok

00:28:58.0930 2716        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

00:28:59.0133 2716        RDSessMgr - ok

00:28:59.0227 2716        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

00:28:59.0477 2716        redbook - ok

00:28:59.0555 2716        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

00:28:59.0774 2716        RemoteAccess - ok

00:28:59.0821 2716        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

00:29:00.0055 2716        RpcLocator - ok

00:29:00.0415 2716        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

00:29:00.0555 2716        RpcSs - ok

00:29:00.0696 2716        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

00:29:00.0930 2716        RSVP - ok

00:29:01.0118 2716        rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

00:29:01.0399 2716        rtl8139 - ok

00:29:01.0430 2716        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

00:29:01.0618 2716        SamSs - ok

00:29:01.0680 2716        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

00:29:01.0930 2716        SCardSvr - ok

00:29:02.0102 2716        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

00:29:02.0321 2716        Schedule - ok

00:29:02.0415 2716        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

00:29:02.0540 2716        Secdrv - ok

00:29:02.0634 2716        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

00:29:02.0868 2716        seclogon - ok

00:29:02.0930 2716        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

00:29:03.0134 2716        SENS - ok

00:29:03.0180 2716        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

00:29:03.0462 2716        serenum - ok

00:29:03.0602 2716        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

00:29:03.0852 2716        Serial - ok

00:29:03.0884 2716        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

00:29:04.0118 2716        Sfloppy - ok

00:29:04.0446 2716        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

00:29:04.0759 2716        SharedAccess - ok

00:29:04.0899 2716        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

00:29:05.0009 2716        ShellHWDetection - ok

00:29:05.0024 2716        Simbad - ok

00:29:05.0352 2716        SiS315          (7469858341a5b6f22dedd2995f4d2ff2) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

00:29:05.0477 2716        SiS315 - ok

00:29:05.0540 2716        SiSkp           (9a0f86efa0ef99115a23c8624e2e6bc7) C:\WINDOWS\system32\DRIVERS\srvkp.sys

00:29:05.0602 2716        SiSkp - ok

00:29:05.0602 2716        Sparrow - ok

00:29:05.0665 2716        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

00:29:05.0915 2716        splitter - ok

00:29:05.0977 2716        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

00:29:06.0040 2716        Spooler - ok

00:29:06.0165 2716        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

00:29:06.0274 2716        sr - ok

00:29:06.0524 2716        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

00:29:06.0649 2716        srservice - ok

00:29:07.0040 2716        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

00:29:07.0290 2716        Srv - ok

00:29:07.0415 2716        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

00:29:07.0524 2716        SSDPSRV - ok

00:29:07.0603 2716        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

00:29:07.0634 2716        ssmdrv - ok

00:29:07.0931 2716        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

00:29:08.0228 2716        stisvc - ok

00:29:08.0368 2716        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

00:29:08.0634 2716        swenum - ok

00:29:08.0728 2716        swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

00:29:08.0774 2716        swmidi ( UnsignedFile.Multi.Generic ) - warning

00:29:08.0774 2716        swmidi - detected UnsignedFile.Multi.Generic (1)

00:29:08.0790 2716        SwPrv - ok

00:29:08.0837 2716        symc810 - ok

00:29:08.0853 2716        symc8xx - ok

00:29:08.0931 2716        symlcbrd        (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

00:29:08.0962 2716        symlcbrd - ok

00:29:08.0978 2716        sym_hi - ok

00:29:08.0993 2716        sym_u3 - ok

00:29:09.0103 2716        sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

00:29:09.0290 2716        sysaudio - ok

00:29:09.0368 2716        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

00:29:09.0603 2716        SysmonLog - ok

00:29:09.0884 2716        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

00:29:10.0149 2716        TapiSrv - ok

00:29:10.0384 2716        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

00:29:10.0650 2716        Tcpip - ok

00:29:10.0712 2716        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

00:29:10.0946 2716        TDPIPE - ok

00:29:11.0009 2716        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

00:29:11.0243 2716        TDTCP - ok

00:29:11.0306 2716        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

00:29:11.0525 2716        TermDD - ok

00:29:11.0837 2716        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

00:29:12.0165 2716        TermService - ok

00:29:12.0337 2716        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

00:29:12.0400 2716        Themes - ok

00:29:12.0556 2716        TNPacket        (52ab2f2b0d2fd7cc2fdb489c449feb8e) C:\Programme\T-DSL SpeedManager\TNPACKET.SYS

00:29:12.0587 2716        TNPacket ( UnsignedFile.Multi.Generic ) - warning

00:29:12.0587 2716        TNPacket - detected UnsignedFile.Multi.Generic (1)

00:29:12.0618 2716        TosIde - ok

00:29:12.0696 2716        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

00:29:12.0915 2716        TrkWks - ok

00:29:13.0150 2716        TSMService      (bf2236a5a39b21f694ccd7b5a6639e71) C:\Programme\T-DSL SpeedManager\tsmsvc.exe

00:29:13.0228 2716        TSMService ( UnsignedFile.Multi.Generic ) - warning

00:29:13.0228 2716        TSMService - detected UnsignedFile.Multi.Generic (1)

00:29:13.0337 2716        uagp35          (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys

00:29:13.0525 2716        uagp35 - ok

00:29:13.0618 2716        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

00:29:13.0822 2716        Udfs - ok

00:29:13.0853 2716        ultra - ok

00:29:13.0947 2716        UMWdf           (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe

00:29:14.0009 2716        UMWdf - ok

00:29:14.0368 2716        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

00:29:14.0728 2716        Update - ok

00:29:14.0853 2716        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

00:29:14.0978 2716        upnphost - ok

00:29:15.0040 2716        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

00:29:15.0306 2716        UPS - ok

00:29:15.0431 2716        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

00:29:15.0665 2716        usbccgp - ok

00:29:15.0728 2716        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

00:29:15.0947 2716        usbehci - ok

00:29:16.0025 2716        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

00:29:16.0259 2716        usbhub - ok

00:29:16.0337 2716        usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

00:29:16.0540 2716        usbohci - ok

00:29:16.0650 2716        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

00:29:16.0900 2716        usbprint - ok

00:29:16.0978 2716        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

00:29:17.0197 2716        USBSTOR - ok

00:29:17.0337 2716        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

00:29:17.0540 2716        VgaSave - ok

00:29:17.0556 2716        ViaIde - ok

00:29:17.0665 2716        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

00:29:17.0900 2716        VolSnap - ok

00:29:18.0197 2716        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

00:29:18.0415 2716        VSS - ok

00:29:18.0603 2716        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

00:29:18.0806 2716        W32Time - ok

00:29:18.0978 2716        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

00:29:19.0244 2716        Wanarp - ok

00:29:19.0275 2716        WDICA - ok

00:29:19.0384 2716        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

00:29:19.0603 2716        wdmaud - ok

00:29:19.0759 2716        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

00:29:19.0978 2716        WebClient - ok

00:29:20.0228 2716        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

00:29:20.0431 2716        winmgmt - ok

00:29:20.0494 2716        WmdmPmSN        (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll

00:29:20.0603 2716        WmdmPmSN - ok

00:29:20.0744 2716        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

00:29:20.0978 2716        WmiApSrv - ok

00:29:21.0166 2716        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

00:29:21.0431 2716        wscsvc - ok

00:29:21.0494 2716        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

00:29:21.0775 2716        wuauserv - ok

00:29:22.0228 2716        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

00:29:22.0572 2716        WZCSVC - ok

00:29:22.0666 2716        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

00:29:22.0916 2716        xmlprov - ok

00:29:22.0978 2716        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

00:29:24.0134 2716        \Device\Harddisk0\DR0 - ok

00:29:24.0166 2716        MBR (0x1B8)     (672d49b92adfa952c7ad0fb98d4ad10b) \Device\Harddisk1\DR1

00:29:26.0150 2716        \Device\Harddisk1\DR1 - ok

00:29:26.0166 2716        Boot (0x1200)   (ab4fc60439735b5e605b431d684929ce) \Device\Harddisk0\DR0\Partition0

00:29:26.0166 2716        \Device\Harddisk0\DR0\Partition0 - ok

00:29:26.0213 2716        Boot (0x1200)   (08a5f8063296affba09d99ec332eaefa) \Device\Harddisk0\DR0\Partition1

00:29:26.0228 2716        \Device\Harddisk0\DR0\Partition1 - ok

00:29:26.0260 2716        Boot (0x1200)   (8596dc2f1ffbde405285adfb8f432d16) \Device\Harddisk1\DR1\Partition0

00:29:26.0260 2716        \Device\Harddisk1\DR1\Partition0 - ok

00:29:26.0275 2716        ============================================================

00:29:26.0275 2716        Scan finished

00:29:26.0275 2716        ============================================================

00:29:26.0681 0348        Detected object count: 7

00:29:26.0681 0348        Actual detected object count: 7

00:30:06.0465 0348        aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user

00:30:06.0465 0348        aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip 

00:30:06.0465 0348        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

00:30:06.0465 0348        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 

00:30:06.0480 0348        PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

00:30:06.0480 0348        PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

00:30:06.0480 0348        PortTalk ( UnsignedFile.Multi.Generic ) - skipped by user

00:30:06.0480 0348        PortTalk ( UnsignedFile.Multi.Generic ) - User select action: Skip 

00:30:06.0496 0348        swmidi ( UnsignedFile.Multi.Generic ) - skipped by user

00:30:06.0496 0348        swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip 

00:30:06.0511 0348        TNPacket ( UnsignedFile.Multi.Generic ) - skipped by user

00:30:06.0511 0348        TNPacket ( UnsignedFile.Multi.Generic ) - User select action: Skip 

00:30:06.0511 0348        TSMService ( UnsignedFile.Multi.Generic ) - skipped by user

00:30:06.0511 0348        TSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

00:30:18.0715 1076        Deinitialize success

ich hoffe das ist besser.
Gruß
Harry

Na gut ok, sry für den Rüffel :o
Ich habs jetzt aber schon ein paar mal erlebt, dass sich manche dann trotzdem was weggefixt haben und man den Kram nicht mehr wiederhergestellt bekam :killpc:

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hallo Arne,
hier der Text.

Code:

ComboFix 12-05-05.05 - Admin 05.05.2012  16:47:33.1.1 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.479.137 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Admin\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security 2006 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FW: Sunbelt Kerio Personal Firewall *Enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\Admin\4.0

c:\dokumente und einstellungen\Admin\Favoriten\locked-DFBnet - Das Servicenetz des deutschen Fußballs.url.geky

c:\dokumente und einstellungen\Admin\Favoriten\locked-Hördter Auwald-Lauf 2011 (20 km), Deutschland - Termine & Ergebnisse.url.sfxn

c:\dokumente und einstellungen\Admin\Favoriten\locked-KiK Textilien & Non-Food GmbH.url.qtkc

c:\dokumente und einstellungen\Admin\Favoriten\locked-Verlag + Druck Linus Wittich - Ihr Mitteilungsblatt online lesen & bestellen.url.rehz

c:\windows\system\comdlg32.ocx

c:\windows\system\dbgrid32.ocx

c:\windows\system\dblist32.ocx

c:\windows\system\msrdc32.ocx

c:\windows\system\richtx32.ocx

c:\windows\system\tabctl32.ocx

c:\windows\system\threed32.ocx

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-04-05 bis 2012-05-05  ))))))))))))))))))))))))))))))

.

.

2012-05-04 22:12 . 2012-05-04 22:12        --------        d-----w-        c:\windows\system32\wbem\Repository

2012-05-04 17:30 . 2012-05-04 17:30        --------        dc----w-        C:\TDSSKiller_Quarantine

2012-05-02 18:23 . 2012-05-03 18:39        --------        dc----w-        C:\_OTL

2012-04-28 17:24 . 2012-04-28 17:24        --------        d-----w-        c:\programme\ESET

2012-04-28 17:14 . 2012-04-28 17:14        40776        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2012-04-28 16:29 . 2012-04-28 16:29        --------        dc----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Malwarebytes

2012-04-28 16:29 . 2012-04-28 16:29        --------        dc----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2012-04-25 09:22 . 2012-04-25 09:26        --------        dc----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\MFAData

2012-04-25 08:59 . 2012-04-25 08:59        --------        dcsh--w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-04-25 08:59 . 2012-04-25 08:59        --------        dc-h--w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Common Files

2012-04-24 19:37 . 2012-04-28 16:19        --------        dc----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Realtec

2012-04-17 18:50 . 2012-04-17 18:50        --------        d-----w-        c:\programme\Microsoft

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-29 14:09 . 2004-08-04 12:00        177664        ----a-w-        c:\windows\system32\wintrust.dll

2012-02-29 14:09 . 2004-08-04 12:00        148480        ----a-w-        c:\windows\system32\imagehlp.dll

2012-02-28 18:49 . 2004-08-04 12:00        672768        ----a-w-        c:\windows\system32\wininet.dll

2012-02-28 18:49 . 2004-08-04 12:00        61952        ----a-w-        c:\windows\system32\tdc.ocx

2012-02-28 18:49 . 2004-08-04 12:00        81920        ----a-w-        c:\windows\system32\ieencode.dll

2012-02-28 18:47 . 2004-08-04 12:00        371200        ----a-w-        c:\windows\system32\html.iec

2012-02-22 19:34 . 2007-04-10 17:30        73728        ----a-w-        c:\windows\system32\javacpl.cpl

2012-02-22 19:34 . 2010-05-22 08:03        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2012-03-22 22:21 . 2012-02-17 21:24        97208        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]

"SiSPower"="SiSPower.dll" [2005-08-25 49152]

"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]

"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]

"SetDefPrt"="c:\programme\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]

"ControlCenter2.0"="c:\programme\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

OnlineControl.lnk - c:\programme\OnlineControl\ocontrol.exe [2004-7-19 94208]

Status Monitor.lnk - c:\programme\Brother\Brmfcmon\BrMfcWnd.exe [2007-8-6 802816]

Zahlungserinnerung.lnk - c:\programme\Profi cash\wzed.exe [2007-7-10 147456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:22        1695232        ----a-w-        c:\programme\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTBSync]

2006-11-15 16:57        318976        ----a-w-        c:\programme\PTBSync\PTBSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-DSL SpeedMgr]

2004-07-14 14:01        397312        ----a-w-        c:\progra~1\T-DSLS~1\SpeedMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

.

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18.07.2006 12:02 284184]

R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18.07.2006 12:02 91672]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\Avira\AntiVir Desktop\sched.exe [22.08.2010 17:42 136360]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [01.07.2011 18:43 428200]

R2 PortTalk;PortTalk;c:\windows\system32\drivers\ptbtalk.sys [15.11.2006 18:57 3567]

S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [30.03.2012 17:33 135664]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [30.03.2012 17:33 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [28.04.2012 19:14 40776]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232]

S3 TNPacket;T-Systems Nova Packet Capture Driver;c:\programme\T-DSL SpeedManager\TNPACKET.SYS [11.03.2004 17:44 9696]

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - ANTIVIRWEBSERVICE

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2012-03-30 15:31]

.

2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2012-03-30 15:31]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\iyyti28e.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-05-05 17:00

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Zeit der Fertigstellung: 2012-05-05  17:05:40

ComboFix-quarantined-files.txt  2012-05-05 15:05

.

Vor Suchlauf: 1.196.625.920 Bytes frei

Nach Suchlauf: 1.164.247.040 Bytes frei

.

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - DCC2F0AA8C950FD2BE4B4245FF0CAAD3

ich hoffe zu deiner Zufriedenheit!
Gruß
Harry

Zitat:

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Sunbelt Kerio Personal Firewall *Enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.

Ist das tatsächlich noch alles installiert oder sind das nur Überbleibst und wie werden fälschlicherweise als aktiv im System noch angezeigt?
Ich würde die Finger von jeder Suite und PersonalFirewall lassen! Nimm immer nur einen reinen Virenscanner plus Windows-Firewall!

Hallo Arne,
wie schon zu anfang gesagt das ist ein Vereins PC
und ich habe den erst im Novembert 2010 übernommen.
Ich denke das das alles noch drauf ist!
ist alles noch von meinem Vorgänger.
Soll ich den ganzen Kram runter schmeißen?
wie soll ich jetzt vorgehen?
wenn der Gram weg ist soll ich dann ComboFix
nochmal Starten?
Gruß
Harry

Ja deinstalliere bitte alles, meintwegen kann aber AntiVir draufbleiben

Und dann ComboFix
nochmal Starten?
Gruß
Harry

Nein, erstmal nur die Programme deinstallieren

Mach ich Morgen
dann melde ich mich wieder.
Gruß
Harry

Hallo Arne,
habe diese Programme deinstalliert
AntiVir Desktop
Norton Internet Security 2006
Norton Internet Security 2006
Norton Internet Worm Protection
Sunbelt Kerio Personal Firewall
Gruß
Harry