Trojaner-Board - GVU Virus/Trojaner auf Windows XP Rechner

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - GVU Virus/Trojaner auf Windows XP Rechner (https://www.trojaner-board.de/130557-gvu-virus-trojaner-windows-xp-rechner.html)

GVU Virus/Trojaner auf Windows XP Rechner

Hallo liebe Trojaner-Boarf-Gemeinde,

vor mir habe ich einen Windows XP Rechner der leider nicht mehr richtig startet. Es kommt nur eine Anzeige von der "GVU": "Ihr Computer ist gesperrt" liest man dort. Man soll innerhalb von 48 Stunden hundert euro Zahlen, etc...

Ich habe bereits im Forum folgendes Thema gefunden:

http://www.trojaner-board.de/128498-...ter-modus.html

Das sieht genau so aus, wie es bei meinem Rechner der Fall ist.

Ich habe nun eine OTLPE-CD erstellt und wie im obigen genannten Thema einen Scan durchgeführt.

Folgendes Habe ich erhalten:
OTL.TXT:

Code:

OTL logfile created on: 2/3/2013 2:27:31 PM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,015.00 Mb Total Physical Memory | 756.00 Mb Available Physical Memory | 74.00% Memory free

903.00 Mb Paging File | 792.00 Mb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 104.17 Gb Total Space | 9.29 Gb Free Space | 8.92% Space Free | Partition Type: NTFS

Drive D: | 7.61 Gb Total Space | 0.49 Gb Free Space | 6.47% Space Free | Partition Type: FAT32

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled] --  -- (HidServ)

SRV - [2013/02/02 16:55:47 | 000,229,376 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\wpbt0.dll -- (winmgmt)

SRV - [2012/01/05 10:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto] -- C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)

SRV - [2011/08/07 15:35:04 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/05/13 12:57:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2006/06/20 14:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)

SRV - [2005/04/03 17:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2004/08/10 17:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)

SRV - [2004/08/10 14:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Windows Media Connect\mswmcls.exe -- (WmcCdsLs)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)

DRV - File not found [Kernel | System] --  -- (PCIDump)

DRV - File not found [Kernel | System] --  -- (lbrtfdc)

DRV - File not found [Kernel | System] --  -- (i2omgmt)

DRV - File not found [Kernel | System] --  -- (Changer)

DRV - [2013/01/28 14:12:53 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2011/09/05 14:18:33 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011/08/07 15:35:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/08/07 15:35:05 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/06/24 07:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\appliand.sys -- (appliandMP)

DRV - [2010/06/24 07:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\appliand.sys -- (appliand)

DRV - [2010/06/17 09:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/17 09:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/06/22 06:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mqac.sys -- (MQAC)

DRV - [2009/05/21 08:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)

DRV - [2008/05/08 07:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rmcast.sys -- (RMCAST)

DRV - [2006/07/30 20:00:08 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/02/15 08:56:58 | 001,342,570 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2006/02/15 08:54:10 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2006/02/05 21:00:06 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006/01/19 08:50:40 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\w39n51.sys -- (w39n51) Intel(R)

DRV - [2005/09/19 06:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\EabUsb.sys -- (eabusb)

DRV - [2005/09/19 06:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\CPQBttn.sys -- (HBtnKey)

DRV - [2005/09/19 06:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System] -- C:\Windows\system32\drivers\eabfiltr.sys -- (eabfiltr)

DRV - [2005/08/30 22:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\Windows\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2005/08/30 22:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\Windows\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2005/08/30 22:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\Windows\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2005/08/30 22:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\Windows\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2005/08/30 22:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\Windows\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2005/08/30 22:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\Windows\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2005/08/30 22:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\Windows\system32\DLA\DLADResN.SYS -- (DLADResN)

DRV - [2005/08/25 05:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\Windows\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2005/08/25 05:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\Windows\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

DRV - [2004/04/01 20:07:44 | 000,163,390 | R--- | M] (Roland Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rdwm1046.sys -- (RDID1046)

DRV - [2002/04/17 13:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)

DRV - [2001/08/17 21:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (SMCIRDA)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={6471F80D-6A4F-11E2-93C1-0017A4CD3B4B}

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={6471F80D-6A4F-11E2-93C1-0017A4CD3B4B}

IE - HKU\Administrator_ON_C\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"

FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={6471F80D-6A4F-11E2-93C1-0017A4CD3B4B}"

FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0

FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={6471F80D-6A4F-11E2-93C1-0017A4CD3B4B}&src=2&crg=3.1010000.10011&q="

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""

FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""

FF - prefs.js..browser.startup.homepage: ""

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/05/12 11:20:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/05/12 11:20:38 | 000,000,000 | ---D | M]

 

[2010/11/17 15:41:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions

[2013/01/29 16:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\i3nx4lhy.default\extensions

[2011/09/05 17:45:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\i3nx4lhy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2013/01/29 15:06:56 | 000,000,000 | ---D | M] (SweetPacks Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\i3nx4lhy.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

[2013/01/29 15:07:22 | 000,003,998 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\i3nx4lhy.default\searchplugins\sweetim.xml

[2010/11/17 15:41:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011/09/18 16:04:55 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011/09/18 16:04:55 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2011/09/18 16:04:56 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2011/09/18 16:04:56 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2011/09/18 16:04:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,820 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\Windows\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG)

O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.

O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.

O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CognizanceTS] C:\Programme\HPQ\IAM\Bin\AsTsVcc.dll (Cognizance Corporation)

O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\Cpqset.exe ()

O4 - HKLM..\Run: [DLA] C:\Windows\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Nikon Message Center 2] C:\Programme\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)

O4 - HKLM..\Run: [PTHOSTTR] C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [Recguard] C:\Windows\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe ()

O4 - HKLM..\Run: [Scheduler] C:\Windows\SMINST\Scheduler.exe ()

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)

O4 - HKU\Administrator_ON_C..\Run: [AlcoholAutomount] C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)

O4 - HKU\Administrator_ON_C..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DVD Check.lnk = C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\OneCard: DllName - C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll - C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001/07/27 23:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2004/04/30 15:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013/01/29 15:06:36 | 000,000,000 | ---D | C] -- C:\Programme\SweetIM

[2013/01/29 15:06:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM

[2013/01/29 15:06:26 | 000,000,000 | ---D | C] -- C:\Programme\sweetpacks bundle uninstaller

[2013/01/29 15:05:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PutLockerDownloader

[2013/01/29 15:04:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer

[2013/01/29 15:04:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Movie2KDownloader.com

[2013/01/29 15:04:48 | 000,000,000 | ---D | C] -- C:\Programme\Movie2KDownloader.com

[2013/01/29 14:56:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\FOLDER01

[2013/01/28 16:00:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\VST3 Presets

[2013/01/28 14:42:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\UA25_WinXPDrv203

[2013/01/28 14:38:39 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\VST3

[2013/01/28 14:34:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VST3 Presets

[2013/01/28 14:23:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Steinberg HALionOne

[2013/01/28 14:23:35 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Steinberg

[2013/01/28 14:23:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Steinberg

[2013/01/28 14:21:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Steinberg Cubase 5

[2013/01/28 14:15:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Alcohol 120%

[2013/01/28 14:15:18 | 000,000,000 | ---D | C] -- C:\Programme\Alcohol Soft

[2013/01/28 14:12:53 | 000,477,240 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013/02/03 07:48:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/02/03 07:48:21 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad

[2013/02/03 07:41:55 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/02/02 17:00:23 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/02/02 16:58:22 | 000,003,160 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.js

[2013/02/02 16:58:20 | 000,000,802 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk

[2013/02/02 16:10:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/01/31 11:00:32 | 000,002,235 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk

[2013/01/29 17:29:07 | 000,000,251 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\ax_files.xml

[2013/01/29 15:04:49 | 000,000,611 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Movie2KDownloader.lnk

[2013/01/29 14:21:14 | 000,472,398 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2013/01/29 14:21:14 | 000,452,178 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/01/29 14:21:14 | 000,088,294 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2013/01/29 14:21:14 | 000,074,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/01/28 15:01:30 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk

[2013/01/28 14:15:38 | 000,000,805 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Alcohol 120%.lnk

[2013/01/28 14:15:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Alcohol 120%

[2013/01/17 19:10:21 | 000,001,795 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/01/16 16:33:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome

[2013/01/16 16:17:15 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013/02/02 16:58:22 | 000,003,160 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.js

[2013/02/02 16:58:13 | 000,000,802 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk

[2013/02/02 16:55:59 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad

[2013/01/29 15:04:48 | 000,000,611 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Movie2KDownloader.lnk

[2013/01/28 14:40:20 | 000,000,251 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\ax_files.xml

[2013/01/28 14:15:38 | 000,000,805 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Alcohol 120%.lnk

[2011/10/14 15:18:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2011/10/07 18:42:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI

[2011/10/07 17:08:20 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\String Comparison

[2011/10/07 17:08:20 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\StartupItems

[2011/10/07 17:08:20 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLes.DAT

[2011/10/07 17:08:20 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Techno Kit

[2011/10/07 17:07:36 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\String Ensemble

[2011/10/07 17:07:36 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Stingers

[2011/10/07 17:07:36 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Static Library

[2011/10/07 17:07:36 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Standard Tool

[2011/10/07 17:07:36 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT

[2011/10/07 17:07:36 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLet.DAT

[2011/10/07 17:07:36 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Textures

[2011/10/07 17:07:36 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SystemConfiguration

[2011/04/04 12:59:26 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\IWUninstall.exe

[2010/11/17 15:41:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/11/13 08:18:40 | 000,068,096 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/13 08:16:02 | 000,000,171 | ---- | C] () -- C:\WINDOWS\AutoScreenRecorder.INI

[2010/10/29 10:55:20 | 000,038,401 | R--- | C] () -- C:\WINDOWS\System32\RdCi1046.dll

[2010/10/29 10:55:18 | 000,004,088 | R--- | C] () -- C:\WINDOWS\System32\Rd4t1046.DAT

[2010/10/16 11:47:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2010/10/16 11:47:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2010/10/16 11:47:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2010/10/16 11:47:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2010/10/16 11:47:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2010/10/16 11:47:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2006/08/20 13:53:54 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/08/20 13:52:31 | 000,030,064 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2006/08/20 13:40:11 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2006/02/15 09:04:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2005/12/01 14:11:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/08/07 01:08:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/07 01:08:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/08/07 01:04:28 | 000,472,398 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2004/08/07 01:04:28 | 000,452,178 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/07 01:04:28 | 000,088,294 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2004/08/07 01:04:28 | 000,074,352 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/07 01:02:10 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/07 00:57:28 | 000,110,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/07 00:52:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/07 00:49:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 03:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 03:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 03:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/06/01 04:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

[2002/05/28 03:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2002/05/28 03:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001/11/14 05:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[1998/05/06 21:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

 
 ========== LOP Check ==========

 

[2011/11/11 08:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Antares

[2011/02/24 14:35:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BSplayer

[2011/02/24 14:24:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BSplayer Pro

[2011/09/05 14:21:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite

[2010/11/11 04:40:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GrabPro

[2010/12/16 12:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterVideo

[2011/09/05 14:20:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech

[2010/11/13 14:16:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NCH Swift Sound

[2011/10/07 17:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nikon

[2010/11/11 04:40:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenCandy

[2010/11/15 16:21:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Orbit

[2011/11/11 08:27:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PACE Anti-Piracy

[2010/11/11 04:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ProgSense

[2010/11/25 12:16:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Replay Media Catcher 4

[2006/08/21 00:12:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView

[2013/01/28 14:49:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Steinberg

[2013/01/28 16:00:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\VST3 Presets

[2011/09/05 14:17:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

[2011/10/07 17:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp

[2010/11/13 14:16:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound

[2011/10/08 05:04:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon

[2011/11/11 08:27:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PACE Anti-Piracy

[2010/11/11 04:40:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ReviverSoft

[2013/01/28 14:23:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Steinberg

[2013/01/30 19:40:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM

[2013/01/29 15:04:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer

[2010/11/13 09:43:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith

[2011/10/07 17:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15

[2013/01/28 14:34:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VST3 Presets

[2011/09/05 15:03:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{261FD3E7-AC6C-4785-8405-DCF2100A3A46}

[2011/09/05 15:00:17 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3EE98DDF-8EFF-4760-88EB-D666A839217F}

[2011/09/05 17:41:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{4275E5EA-6E30-48EB-A209-F964539CBE1C}

[2011/09/05 17:41:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}

[2011/09/05 14:59:13 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}

[2011/09/05 15:10:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A6CBE6A2-B738-440D-B19A-60D7C36810C7}

[2011/09/05 15:02:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D69A48BF-7653-4AA8-94BC-5847522A4573}

[2011/09/05 14:48:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}

[2010/11/20 17:34:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\expressShakeIcon.job

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 1275 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:KAJrxLoRHqktJTFrNu

@Alternate Data Stream - 1262 bytes -> C:\Programme\Outlook Express:ErxHQz6glKYYzzKjzYM7N1oY

@Alternate Data Stream - 1262 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:maX2ghsVETd1N7JXD5FH4dPYpLgc

< End of report >

EXTRAS.TXT

Code:

OTL Extras logfile created on: 2/3/2013 2:27:32 PM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,015.00 Mb Total Physical Memory | 756.00 Mb Available Physical Memory | 74.00% Memory free

903.00 Mb Paging File | 792.00 Mb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 104.17 Gb Total Space | 9.29 Gb Free Space | 8.92% Space Free | Partition Type: NTFS

Drive D: | 7.61 Gb Total Space | 0.49 Gb Free Space | 6.47% Space Free | Partition Type: FAT32

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler  -- ()

"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager -- (SweetIM Technologies Ltd.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module

"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

"{22C28506-B1E0-4050-B0B7-B97AEB061381}" = HP User Guides 0029

"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 D2

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5

"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology

"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme

"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1

"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4

"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01

"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive

"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5

"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content

"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2

"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor

"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set

"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver

"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 2.00 C3

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU

"{96E2E493-C484-43E3-9B95-D62EE7D40D3A}" = Toolbar 4.7 by SweetPacks

"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe  1.4.105.1

"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7

"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}" = HP Notebook Accessories Product Tour

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module

"{AC76BA86-7AD7-1031-7B44-A70500000002}" = Adobe Reader 7.0.5 - Deutsch

"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set

"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 C3

"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module

"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8

"{B9F4C05D-E42F-4E9A-A73F-FDD9355319FB}" = HP Credential Manager for ProtectTools

"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update

"{BC27061D-FFCE-4931-A05F-AC964CC026CA}" = Registry Reviver

"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set

"{D799CC16-F3B5-468D-AC67-6F77AAA98173}" = Native Instruments Komplete 6

"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7

"{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}" = Application Installer 4.00.B5

"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set

"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2

"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5

"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1

"{EE1D761D-5715-4F63-8027-A61881B71CA7}" = Replay Media Catcher 4

"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01

"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect

"{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST

"1ClickDownload" = Movie2KDownloader

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"ASAPI Update" = ASAPI Update

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BSPlayerf" = BS.Player FREE

"DAEMON Tools Lite" = DAEMON Tools Lite

"Express" = Express Dictate

"FinalData Enterprise 2.0" = FinalData Enterprise 2.0

"Google Chrome" = Google Chrome

"ie8" = Windows Internet Explorer 8

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.21)" = Mozilla Firefox (3.6.21)

"Native Instruments Absynth 5" = Native Instruments Absynth 5

"Native Instruments FM8" = Native Instruments FM8

"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4

"Native Instruments Komplete 6" = Native Instruments Komplete 6

"Native Instruments Kontakt 4" = Native Instruments Kontakt 4

"Native Instruments Massive" = Native Instruments Massive

"Native Instruments Reaktor 5" = Native Instruments Reaktor 5

"Native Instruments Service Center" = Native Instruments Service Center

"RegistryReviver" = Registry Reviver

"Scribe" = Express Scribe

"Steinberg Cubase SX 3" = Steinberg Cubase SX 3

"Steinberg The Grand VSTi DXi_is1" = Steinberg The Grand VSTi DXi v2.1.0

"Steinberg WaveLab 5.01b" = Steinberg WaveLab 5.01b

"SweetIM Bundle by SweetPacks" = SweetIM Bundle by SweetPacks

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Transcribe!_is1" = Transcribe! 8.00

"Trilogy_is1" = Trilogy

"UndeletePlus_is1" = Undelete Plus 2.98

"VLC media player" = VLC media player 0.9.9

"WGA" = Windows Genuine Advantage Validation Tool

"WIC" = Windows Imaging Component

"Windows Media Connect" = Windows Media Connect

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"WinRAR archiver" = WinRAR 4.01 (32-Bit)

"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 

< End of report >

Könnte jemand von euch mir bitte weiterhelfen. Wie fixe ich dies? Braucht ihr noch mehr Infos? Sagt mir bitte, was ich tun soll.

Vielen Dank
Narf

hi
Wer illegale Quellen nutzt, wie movie2k, und das tut der besitzer laut movie2k downloader der instaliert ist, und dann nicht mal sein Windows + Programme aktuell hält, muss sich echt nicht wundern.

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

:OTL

O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)

[2013/02/03 07:48:21 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad

[2013/02/02 16:58:22 | 000,003,160 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.js

:Files

C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\wpbt0.dll

:Commands

[EMPTYFLASH] 

[emptytemp]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Vielen Dank für die Antwort. Du hast natürlich Recht mit dem illegalen Zeug + Windows SP 2, etc...
Naja, das ist halt ein Rechner von meinem Nachbarn. Er hat mir nicht gesagt, wie er den Trojaner bekommen hat. Ich werde ihm das Teil, wenn der Trojaner besiegt ist, auf den neusten Stand setzten. UND IHM SAGEN, DASS ER REGELMÄßIG SEIN SYSTEM UPDATEN SOLL und kein illegalen Sch*** machen soll!!

Also weiter geht's:

Hier der Inhalt von der Datei, die jetzt nicht OTL.txt heißt sondern 02032013_175443.txt. Windows hat dies zum Systemstart mir angezeigt:

Code:

========== OTL ==========

C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk moved successfully.

File move failed. X:\I386\SYSTEM32\RUNDLL32.EXE scheduled to be moved on reboot.

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad moved successfully.

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.js moved successfully.

========== FILES ==========

C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\wpbt0.dll moved successfully.

========== COMMANDS ==========

 

[EMPTYFLASH]

 

User: Administrator

->Temp folder emptied: 3303066429 bytes

->Temporary Internet Files folder emptied: 857576081 bytes

->FireFox cache emptied: 83200034 bytes

->Google Chrome cache emptied: 252639546 bytes

->Flash cache emptied: 6264 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33338 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33472 bytes

 

Total Flash Files Cleaned = 4,288.00 mb

 

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2951 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 28680559 bytes

 

Total Files Cleaned = 27.00 mb

 

 

OTLPE by OldTimer - Version 3.1.48.0 log created on 02032013_175443
 

Files\Folders moved on Reboot...

File\Folder X:\I386\SYSTEM32\RUNDLL32.EXE not found!
 

Registry entries deleted on Reboot...

Gleich kommt noch die "movedfiles.zip"

Vielen Dank nochmal

PS. ich habe die datei per Uploadchannel hochgeladen. Ich hoffe, ihr habt die datei erhalten.

danke
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

So, scan ausgeführt. Hier die log:

Code:

23:41:20.0062 2576  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

23:41:20.0265 2576  ============================================================

23:41:20.0265 2576  Current date / time: 2013/02/03 23:41:20.0265

23:41:20.0265 2576  SystemInfo:

23:41:20.0265 2576  

23:41:20.0265 2576  OS Version: 5.1.2600 ServicePack: 2.0

23:41:20.0265 2576  Product type: Workstation

23:41:20.0265 2576  ComputerName: PC834640339160

23:41:20.0265 2576  UserName: Administrator

23:41:20.0265 2576  Windows directory: C:\WINDOWS

23:41:20.0265 2576  System windows directory: C:\WINDOWS

23:41:20.0265 2576  Processor architecture: Intel x86

23:41:20.0265 2576  Number of processors: 2

23:41:20.0265 2576  Page size: 0x1000

23:41:20.0265 2576  Boot type: Normal boot

23:41:20.0265 2576  ============================================================

23:41:21.0296 2576  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

23:41:21.0296 2576  ============================================================

23:41:21.0296 2576  \Device\Harddisk0\DR0:

23:41:21.0296 2576  MBR partitions:

23:41:21.0296 2576  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xD0556C1

23:41:21.0296 2576  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0xD055700, BlocksNum 0xF3DD10

23:41:21.0296 2576  ============================================================

23:41:21.0343 2576  C: <-> \Device\Harddisk0\DR0\Partition1

23:41:21.0359 2576  D: <-> \Device\Harddisk0\DR0\Partition2

23:41:21.0359 2576  ============================================================

23:41:21.0359 2576  Initialize success

23:41:21.0359 2576  ============================================================

23:42:09.0109 3664  ============================================================

23:42:09.0109 3664  Scan started

23:42:09.0109 3664  Mode: Manual; SigCheck; TDLFS; 

23:42:09.0109 3664  ============================================================

23:42:09.0218 3664  ================ Scan system memory ========================

23:42:09.0218 3664  System memory - ok

23:42:09.0218 3664  ================ Scan services =============================

23:42:09.0375 3664  Abiosdsk - ok

23:42:09.0375 3664  abp480n5 - ok

23:42:09.0421 3664  [ 94B4741D2CF9ED38140B831293D1601A ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys

23:42:11.0000 3664  ACPI - ok

23:42:11.0046 3664  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

23:42:11.0171 3664  ACPIEC - ok

23:42:11.0187 3664  [ 761D5BBDB6A5867C9F8EBBB545AF7B34 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys

23:42:11.0265 3664  ADIHdAudAddService - ok

23:42:11.0281 3664  adpu160m - ok

23:42:11.0296 3664  [ C984DE22ED71414ABC42C1E03D412E33 ] AEAudioService  C:\WINDOWS\system32\drivers\AEAudio.sys

23:42:11.0359 3664  AEAudioService - ok

23:42:11.0375 3664  [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec             C:\WINDOWS\system32\drivers\aec.sys

23:42:11.0484 3664  aec - ok

23:42:11.0531 3664  [ 55E6E1C51B6D30E54335750955453702 ] AFD             C:\WINDOWS\System32\drivers\afd.sys

23:42:11.0578 3664  AFD - ok

23:42:11.0671 3664  [ 4458FCB8A00DA31FDCC086449274C40D ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys

23:42:11.0843 3664  AgereSoftModem - ok

23:42:11.0859 3664  Aha154x - ok

23:42:11.0859 3664  aic78u2 - ok

23:42:11.0859 3664  aic78xx - ok

23:42:11.0906 3664  [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter         C:\WINDOWS\system32\alrsvc.dll

23:42:12.0062 3664  Alerter - ok

23:42:12.0078 3664  [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG             C:\WINDOWS\System32\alg.exe

23:42:12.0218 3664  ALG - ok

23:42:12.0250 3664  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys

23:42:12.0421 3664  AliIde - ok

23:42:12.0421 3664  amsint - ok

23:42:12.0578 3664  [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe

23:42:12.0625 3664  AntiVirSchedulerService - ok

23:42:12.0671 3664  [ 72D90E56563165984224493069C69ED4 ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe

23:42:12.0703 3664  AntiVirService - ok

23:42:12.0750 3664  [ 05EDA44C080EBAF758F8A318488FFD75 ] appliand        C:\WINDOWS\system32\DRIVERS\appliand.sys

23:42:12.0781 3664  appliand - ok

23:42:12.0796 3664  [ 05EDA44C080EBAF758F8A318488FFD75 ] appliandMP      C:\WINDOWS\system32\DRIVERS\appliand.sys

23:42:12.0796 3664  appliandMP - ok

23:42:12.0843 3664  [ BECD5328E7869807D6557BE4FE60C72F ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll

23:42:12.0937 3664  AppMgmt - ok

23:42:12.0984 3664  [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys

23:42:13.0156 3664  Arp1394 - ok

23:42:13.0203 3664  [ 875F9079CABEE679D34B49E466B61701 ] Asapi           C:\WINDOWS\system32\drivers\Asapi.sys

23:42:13.0234 3664  Asapi ( UnsignedFile.Multi.Generic ) - warning

23:42:13.0234 3664  Asapi - detected UnsignedFile.Multi.Generic (1)

23:42:13.0234 3664  asc - ok

23:42:13.0234 3664  asc3350p - ok

23:42:13.0234 3664  asc3550 - ok

23:42:13.0328 3664  [ 47589CC135E28532AFC39394BBF87F0D ] ASChannel       C:\Programme\HPQ\IAM\Bin\ASChnl.dll

23:42:13.0343 3664  ASChannel ( UnsignedFile.Multi.Generic ) - warning

23:42:13.0343 3664  ASChannel - detected UnsignedFile.Multi.Generic (1)

23:42:13.0484 3664  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

23:42:13.0500 3664  aspnet_state - ok

23:42:13.0531 3664  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys

23:42:13.0640 3664  AsyncMac - ok

23:42:13.0703 3664  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys

23:42:13.0875 3664  atapi - ok

23:42:13.0890 3664  Atdisk - ok

23:42:13.0906 3664  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys

23:42:14.0031 3664  Atmarpc - ok

23:42:14.0062 3664  [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll

23:42:14.0171 3664  AudioSrv - ok

23:42:14.0187 3664  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys

23:42:14.0296 3664  audstub - ok

23:42:14.0343 3664  [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio           C:\Programme\Avira\AntiVir Desktop\avgio.sys

23:42:14.0359 3664  avgio - ok

23:42:14.0359 3664  [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys

23:42:14.0375 3664  avgntflt - ok

23:42:14.0375 3664  [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys

23:42:14.0406 3664  avipbb - ok

23:42:14.0468 3664  [ 7692F4B242E45870873CAF4CB85CF769 ] AxAutoMntSrv    C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe

23:42:14.0500 3664  AxAutoMntSrv - ok

23:42:14.0546 3664  [ C768C8A463D32C219CE291645A0621A4 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

23:42:14.0593 3664  bcm4sbxp - ok

23:42:14.0609 3664  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys

23:42:14.0734 3664  Beep - ok

23:42:14.0781 3664  [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS            C:\WINDOWS\system32\qmgr.dll

23:42:14.0953 3664  BITS - ok

23:42:15.0031 3664  [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser         C:\WINDOWS\System32\browser.dll

23:42:15.0187 3664  Browser - ok

23:42:15.0250 3664  [ 6B6AD8CBF3984C3B39D4D06C38F52010 ] BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys

23:42:15.0343 3664  BTKRNL ( UnsignedFile.Multi.Generic ) - warning

23:42:15.0343 3664  BTKRNL - detected UnsignedFile.Multi.Generic (1)

23:42:15.0453 3664  [ 8A03AAD8AFAA0E5DDEC3D319EC5029AA ] btwdins         C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe

23:42:15.0468 3664  btwdins ( UnsignedFile.Multi.Generic ) - warning

23:42:15.0468 3664  btwdins - detected UnsignedFile.Multi.Generic (1)

23:42:15.0484 3664  [ 00C8988DA469E4AC087539BD77420123 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys

23:42:15.0515 3664  BTWUSB ( UnsignedFile.Multi.Generic ) - warning

23:42:15.0515 3664  BTWUSB - detected UnsignedFile.Multi.Generic (1)

23:42:15.0546 3664  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys

23:42:15.0734 3664  cbidf2k - ok

23:42:15.0750 3664  cd20xrnt - ok

23:42:15.0765 3664  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys

23:42:15.0859 3664  Cdaudio - ok

23:42:15.0875 3664  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys

23:42:15.0968 3664  Cdfs - ok

23:42:15.0984 3664  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys

23:42:16.0093 3664  Cdrom - ok

23:42:16.0093 3664  Changer - ok

23:42:16.0140 3664  [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc           C:\WINDOWS\system32\cisvc.exe

23:42:16.0250 3664  CiSvc - ok

23:42:16.0281 3664  [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe

23:42:16.0375 3664  ClipSrv - ok

23:42:16.0406 3664  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:42:16.0437 3664  clr_optimization_v2.0.50727_32 - ok

23:42:16.0437 3664  [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys

23:42:16.0562 3664  CmBatt - ok

23:42:16.0562 3664  CmdIde - ok

23:42:16.0562 3664  [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys

23:42:16.0656 3664  Compbatt - ok

23:42:16.0671 3664  COMSysApp - ok

23:42:16.0671 3664  Cpqarray - ok

23:42:16.0703 3664  [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll

23:42:16.0812 3664  CryptSvc - ok

23:42:16.0828 3664  dac2w2k - ok

23:42:16.0828 3664  dac960nt - ok

23:42:16.0875 3664  [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll

23:42:16.0984 3664  DcomLaunch - ok

23:42:17.0031 3664  [ 69F986B2688BA95A0D9362B0E233D5FF ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll

23:42:17.0125 3664  Dhcp - ok

23:42:17.0156 3664  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys

23:42:17.0296 3664  Disk - ok

23:42:17.0343 3664  [ 244B6285B14E06A9BA81B3ED9B9A3B38 ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS

23:42:17.0359 3664  DLABOIOM ( UnsignedFile.Multi.Generic ) - warning

23:42:17.0359 3664  DLABOIOM - detected UnsignedFile.Multi.Generic (1)

23:42:17.0359 3664  [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

23:42:17.0375 3664  DLACDBHM ( UnsignedFile.Multi.Generic ) - warning

23:42:17.0375 3664  DLACDBHM - detected UnsignedFile.Multi.Generic (1)

23:42:17.0390 3664  [ BE6FA594AA49EFA8D5EF032DFE0A678D ] DLADResN        C:\WINDOWS\system32\DLA\DLADResN.SYS

23:42:17.0406 3664  DLADResN ( UnsignedFile.Multi.Generic ) - warning

23:42:17.0406 3664  DLADResN - detected UnsignedFile.Multi.Generic (1)

23:42:17.0421 3664  [ 46CDF41AB0F616168F2C03EDB590643A ] DLAIFS_M        C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

23:42:17.0453 3664  DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning

23:42:17.0453 3664  DLAIFS_M - detected UnsignedFile.Multi.Generic (1)

23:42:17.0468 3664  [ 94F39387819A9AE05C788CFD7EA4E16B ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

23:42:17.0500 3664  DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning

23:42:17.0500 3664  DLAOPIOM - detected UnsignedFile.Multi.Generic (1)

23:42:17.0500 3664  [ F4DCC4DF6B27EE4E3D08258ECDDECB1F ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS

23:42:17.0515 3664  DLAPoolM ( UnsignedFile.Multi.Generic ) - warning

23:42:17.0515 3664  DLAPoolM - detected UnsignedFile.Multi.Generic (1)

23:42:17.0515 3664  [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N        C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

23:42:17.0531 3664  DLARTL_N ( UnsignedFile.Multi.Generic ) - warning

23:42:17.0531 3664  DLARTL_N - detected UnsignedFile.Multi.Generic (1)

23:42:17.0546 3664  [ BDE11A8C697C5E22AEDF34CA3FDB5940 ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

23:42:17.0578 3664  DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning

23:42:17.0578 3664  DLAUDFAM - detected UnsignedFile.Multi.Generic (1)

23:42:17.0578 3664  [ 069D67EED1CEC572DC28CB5582B5AA96 ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

23:42:17.0609 3664  DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning

23:42:17.0609 3664  DLAUDF_M - detected UnsignedFile.Multi.Generic (1)

23:42:17.0609 3664  dmadmin - ok

23:42:17.0687 3664  [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys

23:42:17.0937 3664  dmboot - ok

23:42:17.0968 3664  [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys

23:42:18.0140 3664  dmio - ok

23:42:18.0171 3664  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys

23:42:18.0359 3664  dmload - ok

23:42:18.0421 3664  [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver        C:\WINDOWS\System32\dmserver.dll

23:42:18.0531 3664  dmserver - ok

23:42:18.0546 3664  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys

23:42:18.0640 3664  DMusic - ok

23:42:18.0671 3664  [ D1F5B71BBAEEE07B78980DBD878C0BC7 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll

23:42:18.0781 3664  Dnscache - ok

23:42:18.0781 3664  dpti2o - ok

23:42:18.0796 3664  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys

23:42:18.0906 3664  drmkaud - ok

23:42:18.0906 3664  [ FE923D5529144D47B907663D2838C032 ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

23:42:18.0921 3664  DRVMCDB ( UnsignedFile.Multi.Generic ) - warning

23:42:18.0921 3664  DRVMCDB - detected UnsignedFile.Multi.Generic (1)

23:42:18.0921 3664  [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

23:42:18.0937 3664  DRVNDDM ( UnsignedFile.Multi.Generic ) - warning

23:42:18.0937 3664  DRVNDDM - detected UnsignedFile.Multi.Generic (1)

23:42:18.0984 3664  [ C0C7CECCB6C85994C2BC92D58E52D3F2 ] dtsoftbus01     C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

23:42:19.0015 3664  dtsoftbus01 - ok

23:42:19.0031 3664  [ B5CB3084046146FD2587D8C9B219FEB4 ] eabfiltr        C:\WINDOWS\system32\DRIVERS\eabfiltr.sys

23:42:19.0078 3664  eabfiltr - ok

23:42:19.0093 3664  [ 231F4547AE1E4B3E60ECA66C3A96D218 ] eabusb          C:\WINDOWS\system32\DRIVERS\eabusb.sys

23:42:19.0109 3664  eabusb - ok

23:42:19.0125 3664  [ 877A4512CC9074D6954776AF47021766 ] ERSvc           C:\WINDOWS\System32\ersvc.dll

23:42:19.0250 3664  ERSvc - ok

23:42:19.0296 3664  [ A07CA23EA361A01E627D911CF139B950 ] Eventlog        C:\WINDOWS\system32\services.exe

23:42:19.0359 3664  Eventlog - ok

23:42:19.0406 3664  [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem     C:\WINDOWS\system32\es.dll

23:42:19.0468 3664  EventSystem - ok

23:42:19.0500 3664  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys

23:42:19.0625 3664  Fastfat - ok

23:42:19.0656 3664  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

23:42:19.0781 3664  FastUserSwitchingCompatibility - ok

23:42:19.0796 3664  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys

23:42:19.0953 3664  Fdc - ok

23:42:19.0968 3664  [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys

23:42:20.0109 3664  Fips - ok

23:42:20.0125 3664  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys

23:42:20.0234 3664  Flpydisk - ok

23:42:20.0250 3664  [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys

23:42:20.0359 3664  FltMgr - ok

23:42:20.0421 3664  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

23:42:20.0437 3664  FontCache3.0.0.0 - ok

23:42:20.0468 3664  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys

23:42:20.0562 3664  Fs_Rec - ok

23:42:20.0562 3664  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys

23:42:20.0671 3664  Ftdisk - ok

23:42:20.0703 3664  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys

23:42:20.0812 3664  Gpc - ok

23:42:20.0890 3664  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Programme\Google\Update\GoogleUpdate.exe

23:42:20.0921 3664  gupdate - ok

23:42:20.0921 3664  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe

23:42:20.0937 3664  gupdatem - ok

23:42:20.0937 3664  [ 4D4D97671C63C3AF869B3518E6054204 ] HBtnKey         C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

23:42:20.0953 3664  HBtnKey - ok

23:42:20.0953 3664  [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

23:42:21.0015 3664  HDAudBus - ok

23:42:21.0125 3664  [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

23:42:21.0250 3664  helpsvc - ok

23:42:21.0265 3664  HidServ - ok

23:42:21.0296 3664  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys

23:42:21.0437 3664  HidUsb - ok

23:42:21.0437 3664  hpn - ok

23:42:21.0484 3664  [ A56D9D6B31A648CD5D3ACE7E09757600 ] hpqwmiex        C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe

23:42:21.0531 3664  hpqwmiex ( UnsignedFile.Multi.Generic ) - warning

23:42:21.0531 3664  hpqwmiex - detected UnsignedFile.Multi.Generic (1)

23:42:21.0578 3664  [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys

23:42:21.0656 3664  HTTP - ok

23:42:21.0671 3664  [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll

23:42:21.0843 3664  HTTPFilter - ok

23:42:21.0843 3664  i2omgmt - ok

23:42:21.0859 3664  i2omp - ok

23:42:21.0906 3664  [ 7C575018D0413440D75432A78B88C899 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys

23:42:22.0031 3664  i8042prt - ok

23:42:22.0078 3664  [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

23:42:22.0203 3664  ialm - ok

23:42:22.0234 3664  [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys

23:42:22.0343 3664  iaStor - ok

23:42:22.0515 3664  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

23:42:22.0546 3664  IDriverT ( UnsignedFile.Multi.Generic ) - warning

23:42:22.0546 3664  IDriverT - detected UnsignedFile.Multi.Generic (1)

23:42:22.0640 3664  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

23:42:22.0750 3664  idsvc - ok

23:42:22.0796 3664  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys

23:42:22.0906 3664  Imapi - ok

23:42:22.0953 3664  [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService    C:\WINDOWS\system32\imapi.exe

23:42:23.0062 3664  ImapiService - ok

23:42:23.0078 3664  ini910u - ok

23:42:23.0109 3664  [ D63C33F65F6EBC732116403D88883B2D ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys

23:42:23.0203 3664  IntelIde - ok

23:42:23.0218 3664  [ AE7511ADA0D951D50CEF95D7ECBACE99 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys

23:42:23.0468 3664  intelppm - ok

23:42:23.0515 3664  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

23:42:23.0625 3664  Ip6Fw - ok

23:42:23.0625 3664  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

23:42:23.0765 3664  IpFilterDriver - ok

23:42:23.0765 3664  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys

23:42:23.0859 3664  IpInIp - ok

23:42:23.0890 3664  [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys

23:42:24.0156 3664  IpNat - ok

23:42:24.0171 3664  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys

23:42:24.0265 3664  IPSec - ok

23:42:24.0281 3664  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys

23:42:24.0343 3664  IRENUM - ok

23:42:24.0343 3664  [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys

23:42:24.0453 3664  isapnp - ok

23:42:24.0468 3664  [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys

23:42:24.0562 3664  Kbdclass - ok

23:42:24.0593 3664  [ 7EC877AA899323B92874FE62C7DDCDE7 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys

23:42:24.0687 3664  kbdhid - ok

23:42:24.0703 3664  [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys

23:42:24.0828 3664  kmixer - ok

23:42:24.0859 3664  [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys

23:42:24.0968 3664  KSecDD - ok

23:42:25.0015 3664  [ F8170AA51CD202BC062B8A0983F361B7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll

23:42:25.0125 3664  lanmanserver - ok

23:42:25.0171 3664  [ F716A6F5BABB6DA60C0532510AB52245 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

23:42:25.0218 3664  lanmanworkstation - ok

23:42:25.0218 3664  lbrtfdc - ok

23:42:25.0265 3664  [ 5D4B38A8D8525356798F5E560C3A3090 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

23:42:25.0281 3664  LightScribeService ( UnsignedFile.Multi.Generic ) - warning

23:42:25.0281 3664  LightScribeService - detected UnsignedFile.Multi.Generic (1)

23:42:25.0328 3664  [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll

23:42:25.0421 3664  LmHosts - ok

23:42:25.0453 3664  [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger       C:\WINDOWS\System32\msgsvc.dll

23:42:25.0562 3664  Messenger - ok

23:42:25.0609 3664  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys

23:42:25.0703 3664  mnmdd - ok

23:42:25.0750 3664  [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe

23:42:25.0859 3664  mnmsrvc - ok

23:42:25.0875 3664  [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys

23:42:25.0968 3664  Modem - ok

23:42:25.0984 3664  [ 71E15CA47FD947552054AFB28536268F ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys

23:42:26.0078 3664  Mouclass - ok

23:42:26.0140 3664  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys

23:42:26.0218 3664  mouhid - ok

23:42:26.0234 3664  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys

23:42:26.0343 3664  MountMgr - ok

23:42:26.0390 3664  [ EEE50BF24CAEEDB515A8F3B22756D3BB ] MQAC            C:\WINDOWS\system32\drivers\mqac.sys

23:42:26.0437 3664  MQAC - ok

23:42:26.0437 3664  mraid35x - ok

23:42:26.0453 3664  [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys

23:42:26.0562 3664  MRxDAV - ok

23:42:26.0625 3664  [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

23:42:26.0703 3664  MRxSmb - ok

23:42:26.0734 3664  [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC           C:\WINDOWS\system32\msdtc.exe

23:42:26.0843 3664  MSDTC - ok

23:42:26.0859 3664  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys

23:42:26.0937 3664  Msfs - ok

23:42:26.0953 3664  MSIServer - ok

23:42:26.0968 3664  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys

23:42:27.0078 3664  MSKSSRV - ok

23:42:27.0093 3664  [ E9B5F354AE80325283FD5C1C05217B01 ] MSMQ            C:\WINDOWS\system32\mqsvc.exe

23:42:27.0109 3664  MSMQ - ok

23:42:27.0125 3664  [ 10E6B9022B0A5C9C41E2DA6AEAE5D404 ] MSMQTriggers    C:\WINDOWS\system32\mqtgsvc.exe

23:42:27.0156 3664  MSMQTriggers - ok

23:42:27.0187 3664  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys

23:42:27.0312 3664  MSPCLOCK - ok

23:42:27.0328 3664  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys

23:42:27.0437 3664  MSPQM - ok

23:42:27.0437 3664  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys

23:42:27.0562 3664  mssmbios - ok

23:42:27.0578 3664  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys

23:42:27.0703 3664  Mup - ok

23:42:27.0734 3664  [ AA898F84D2B59129FB92E143A2C73434 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys

23:42:28.0046 3664  NDIS - ok

23:42:28.0093 3664  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys

23:42:28.0203 3664  NdisTapi - ok

23:42:28.0218 3664  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys

23:42:28.0312 3664  Ndisuio - ok

23:42:28.0328 3664  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys

23:42:28.0468 3664  NdisWan - ok

23:42:28.0515 3664  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys

23:42:28.0609 3664  NDProxy - ok

23:42:28.0609 3664  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys

23:42:28.0734 3664  NetBIOS - ok

23:42:28.0750 3664  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys

23:42:28.0859 3664  NetBT - ok

23:42:28.0906 3664  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE          C:\WINDOWS\system32\netdde.exe

23:42:29.0031 3664  NetDDE - ok

23:42:29.0046 3664  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe

23:42:29.0125 3664  NetDDEdsdm - ok

23:42:29.0156 3664  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon        C:\WINDOWS\system32\lsass.exe

23:42:29.0265 3664  Netlogon - ok

23:42:29.0281 3664  [ CDF4DA6B518105343FE9E8AFBBF8FBF4 ] Netman          C:\WINDOWS\System32\netman.dll

23:42:29.0375 3664  Netman - ok

23:42:29.0421 3664  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:42:29.0437 3664  NetTcpPortSharing - ok

23:42:29.0484 3664  [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys

23:42:29.0609 3664  NIC1394 - ok

23:42:29.0671 3664  [ 774274C487493452DF3B0126DBE7FF3B ] Nla             C:\WINDOWS\System32\mswsock.dll

23:42:29.0718 3664  Nla - ok

23:42:29.0734 3664  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys

23:42:29.0828 3664  Npfs - ok

23:42:29.0859 3664  [ B78BE402C3F63DD55521F73876951CDD ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys

23:42:30.0015 3664  Ntfs - ok

23:42:30.0046 3664  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe

23:42:30.0171 3664  NtLmSsp - ok

23:42:30.0234 3664  [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll

23:42:30.0437 3664  NtmsSvc - ok

23:42:30.0468 3664  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys

23:42:30.0640 3664  Null - ok

23:42:30.0656 3664  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

23:42:30.0812 3664  NwlnkFlt - ok

23:42:30.0828 3664  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

23:42:30.0968 3664  NwlnkFwd - ok

23:42:30.0984 3664  [ 197DDF60B254A84D8656850397B5F923 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys

23:42:31.0328 3664  ohci1394 - ok

23:42:31.0343 3664  [ B2F17A2EDB5450E61973A037F63A595B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys

23:42:31.0437 3664  Parport - ok

23:42:31.0453 3664  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys

23:42:31.0546 3664  PartMgr - ok

23:42:31.0578 3664  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys

23:42:31.0703 3664  ParVdm - ok

23:42:31.0812 3664  [ 5EEB45F500E3E97153CB75723F8CA185 ] PCA             C:\WINDOWS\SMINST\PCAngel.exe

23:42:31.0843 3664  PCA ( UnsignedFile.Multi.Generic ) - warning

23:42:31.0843 3664  PCA - detected UnsignedFile.Multi.Generic (1)

23:42:31.0859 3664  [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys

23:42:31.0953 3664  PCI - ok

23:42:31.0953 3664  PCIDump - ok

23:42:31.0984 3664  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys

23:42:32.0093 3664  PCIIde - ok

23:42:32.0093 3664  [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys

23:42:32.0234 3664  Pcmcia - ok

23:42:32.0234 3664  PDCOMP - ok

23:42:32.0234 3664  PDFRAME - ok

23:42:32.0234 3664  PDRELI - ok

23:42:32.0250 3664  PDRFRAME - ok

23:42:32.0250 3664  perc2 - ok

23:42:32.0250 3664  perc2hib - ok

23:42:32.0281 3664  [ A07CA23EA361A01E627D911CF139B950 ] PlugPlay        C:\WINDOWS\system32\services.exe

23:42:32.0328 3664  PlugPlay - ok

23:42:32.0343 3664  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe

23:42:32.0421 3664  PolicyAgent - ok

23:42:32.0453 3664  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys

23:42:32.0578 3664  PptpMiniport - ok

23:42:32.0578 3664  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

23:42:32.0671 3664  ProtectedStorage - ok

23:42:32.0671 3664  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys

23:42:32.0796 3664  PSched - ok

23:42:32.0796 3664  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys

23:42:32.0890 3664  Ptilink - ok

23:42:32.0937 3664  [ 86724469CD077901706854974CD13C3E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys

23:42:32.0953 3664  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

23:42:32.0953 3664  PxHelp20 - detected UnsignedFile.Multi.Generic (1)

23:42:32.0953 3664  ql1080 - ok

23:42:32.0953 3664  Ql10wnt - ok

23:42:32.0968 3664  ql12160 - ok

23:42:32.0968 3664  ql1240 - ok

23:42:32.0968 3664  ql1280 - ok

23:42:32.0968 3664  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys

23:42:33.0078 3664  RasAcd - ok

23:42:33.0125 3664  [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto         C:\WINDOWS\System32\rasauto.dll

23:42:33.0250 3664  RasAuto - ok

23:42:33.0281 3664  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys

23:42:33.0343 3664  Rasirda - ok

23:42:33.0359 3664  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

23:42:33.0453 3664  Rasl2tp - ok

23:42:33.0500 3664  [ A5D2D745A2AEFA327DCA6DA317B5FD70 ] RasMan          C:\WINDOWS\System32\rasmans.dll

23:42:33.0609 3664  RasMan - ok

23:42:33.0640 3664  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys

23:42:33.0765 3664  RasPppoe - ok

23:42:33.0796 3664  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys

23:42:33.0906 3664  Raspti - ok

23:42:33.0937 3664  [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys

23:42:34.0062 3664  Rdbss - ok

23:42:34.0109 3664  [ 5192866EA2E156E7617E425E41E0D6F7 ] RDID1046        C:\WINDOWS\system32\Drivers\rdwm1046.sys

23:42:34.0156 3664  RDID1046 ( UnsignedFile.Multi.Generic ) - warning

23:42:34.0156 3664  RDID1046 - detected UnsignedFile.Multi.Generic (1)

23:42:34.0156 3664  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

23:42:34.0281 3664  RDPCDD - ok

23:42:34.0296 3664  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys

23:42:34.0421 3664  rdpdr - ok

23:42:34.0453 3664  [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys

23:42:34.0562 3664  RDPWD - ok

23:42:34.0593 3664  [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe

23:42:34.0765 3664  RDSessMgr - ok

23:42:34.0796 3664  [ 0447ABB4D7CEFA12EF0D570226870B2E ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys

23:42:35.0125 3664  redbook - ok

23:42:35.0171 3664  [ EBA80CDF25E02084857957E820004934 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll

23:42:35.0296 3664  RemoteAccess - ok

23:42:35.0312 3664  [ AE81CF7D7CFA79CD03E8FB99788A7E09 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll

23:42:35.0406 3664  RemoteRegistry - ok

23:42:35.0468 3664  [ D18208ED6C768663B08C972EAA7A8B60 ] RMCAST          C:\WINDOWS\system32\drivers\RMCast.sys

23:42:35.0515 3664  RMCAST - ok

23:42:35.0546 3664  [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator      C:\WINDOWS\system32\locator.exe

23:42:35.0656 3664  RpcLocator - ok

23:42:35.0703 3664  [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] RpcSs           C:\WINDOWS\system32\rpcss.dll

23:42:35.0750 3664  RpcSs - ok

23:42:35.0796 3664  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe

23:42:35.0921 3664  RSVP - ok

23:42:35.0937 3664  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs           C:\WINDOWS\system32\lsass.exe

23:42:36.0046 3664  SamSs - ok

23:42:36.0062 3664  [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe

23:42:36.0171 3664  SCardSvr - ok

23:42:36.0203 3664  [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule        C:\WINDOWS\system32\schedsvc.dll

23:42:36.0312 3664  Schedule - ok

23:42:36.0359 3664  [ D26E26EA516450AF9D072635C60387F4 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys

23:42:36.0421 3664  Secdrv - ok

23:42:36.0437 3664  [ FED544B43903FB801B106F062110358A ] seclogon        C:\WINDOWS\System32\seclogon.dll

23:42:36.0562 3664  seclogon - ok

23:42:36.0562 3664  [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS            C:\WINDOWS\system32\sens.dll

23:42:36.0687 3664  SENS - ok

23:42:36.0718 3664  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys

23:42:36.0828 3664  serenum - ok

23:42:36.0843 3664  [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys

23:42:36.0953 3664  Serial - ok

23:42:36.0968 3664  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys

23:42:37.0078 3664  Sfloppy - ok

23:42:37.0125 3664  [ 9245420422E409A25C1410ACB4244060 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll

23:42:37.0234 3664  SharedAccess - ok

23:42:37.0265 3664  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

23:42:37.0359 3664  ShellHWDetection - ok

23:42:37.0375 3664  Simbad - ok

23:42:37.0390 3664  [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA         C:\WINDOWS\system32\DRIVERS\smcirda.sys

23:42:37.0484 3664  SMCIRDA - ok

23:42:37.0484 3664  Sparrow - ok

23:42:37.0515 3664  [ 8E186B8F23295D1E42C573B82B80D548 ] splitter        C:\WINDOWS\system32\drivers\splitter.sys

23:42:37.0609 3664  splitter - ok

23:42:37.0656 3664  [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler         C:\WINDOWS\system32\spoolsv.exe

23:42:37.0968 3664  Spooler - ok

23:42:38.0046 3664  [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd            C:\WINDOWS\System32\Drivers\sptd.sys

23:42:38.0093 3664  sptd - ok

23:42:38.0109 3664  [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys

23:42:38.0203 3664  sr - ok

23:42:38.0250 3664  [ E150E7618328562598F4CE0B5851B5CD ] srservice       C:\WINDOWS\system32\srsvc.dll

23:42:38.0562 3664  srservice - ok

23:42:38.0609 3664  [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys

23:42:38.0656 3664  Srv - ok

23:42:38.0687 3664  [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll

23:42:38.0765 3664  SSDPSRV - ok

23:42:38.0828 3664  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

23:42:38.0843 3664  ssmdrv - ok

23:42:38.0906 3664  [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

23:42:38.0968 3664  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning

23:42:38.0968 3664  StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)

23:42:39.0031 3664  [ 7E751068ADA60FC77638622E86A7CD9E ] stisvc          C:\WINDOWS\system32\wiaservc.dll

23:42:39.0250 3664  stisvc - ok

23:42:39.0281 3664  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys

23:42:39.0453 3664  swenum - ok

23:42:39.0468 3664  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys

23:42:39.0562 3664  swmidi - ok

23:42:39.0578 3664  SwPrv - ok

23:42:39.0578 3664  symc810 - ok

23:42:39.0578 3664  symc8xx - ok

23:42:39.0578 3664  sym_hi - ok

23:42:39.0593 3664  sym_u3 - ok

23:42:39.0625 3664  [ FD5010A627D2A7BBD1C44A488E3A8FE5 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys

23:42:39.0687 3664  SynTP - ok

23:42:39.0703 3664  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys

23:42:39.0812 3664  sysaudio - ok

23:42:39.0859 3664  [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe

23:42:40.0000 3664  SysmonLog - ok

23:42:40.0046 3664  [ 4584E2A5FE662AB3E7C32936E1449043 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll

23:42:40.0171 3664  TapiSrv - ok

23:42:40.0218 3664  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys

23:42:40.0281 3664  Tcpip - ok

23:42:40.0312 3664  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys

23:42:40.0421 3664  TDPIPE - ok

23:42:40.0437 3664  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys

23:42:40.0546 3664  TDTCP - ok

23:42:40.0578 3664  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys

23:42:40.0671 3664  TermDD - ok

23:42:40.0718 3664  [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService     C:\WINDOWS\System32\termsrv.dll

23:42:40.0859 3664  TermService - ok

23:42:40.0875 3664  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] Themes          C:\WINDOWS\System32\shsvcs.dll

23:42:40.0968 3664  Themes - ok

23:42:40.0984 3664  [ 58708746B8267033E5CF2B29659E7F74 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe

23:42:41.0078 3664  TlntSvr - ok

23:42:41.0078 3664  TosIde - ok

23:42:41.0125 3664  [ 5815AE5EF8519066F19E575D67F6F191 ] TPkd            C:\WINDOWS\system32\drivers\TPkd.sys

23:42:41.0171 3664  TPkd ( UnsignedFile.Multi.Generic ) - warning

23:42:41.0171 3664  TPkd - detected UnsignedFile.Multi.Generic (1)

23:42:41.0187 3664  [ A34E894201D66E380E1FA96FE11B587E ] TrkWks          C:\WINDOWS\system32\trkwks.dll

23:42:41.0281 3664  TrkWks - ok

23:42:41.0312 3664  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys

23:42:41.0406 3664  Udfs - ok

23:42:41.0421 3664  ultra - ok

23:42:41.0453 3664  [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe

23:42:41.0515 3664  UMWdf - ok

23:42:41.0562 3664  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys

23:42:41.0656 3664  Update - ok

23:42:41.0703 3664  [ 09D4A2D7C5A8ABEC227D118765FAADDF ] upnphost        C:\WINDOWS\System32\upnphost.dll

23:42:41.0781 3664  upnphost - ok

23:42:41.0796 3664  [ A99F867E76CFDAA28EE305B93F70E84F ] UPS             C:\WINDOWS\System32\ups.exe

23:42:41.0906 3664  UPS - ok

23:42:41.0953 3664  [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys

23:42:42.0093 3664  usbaudio - ok

23:42:42.0125 3664  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys

23:42:42.0281 3664  usbccgp - ok

23:42:42.0312 3664  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys

23:42:42.0453 3664  usbehci - ok

23:42:42.0468 3664  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys

23:42:42.0609 3664  usbhub - ok

23:42:42.0625 3664  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys

23:42:42.0765 3664  usbprint - ok

23:42:42.0812 3664  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

23:42:42.0937 3664  USBSTOR - ok

23:42:42.0953 3664  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys

23:42:43.0093 3664  usbuhci - ok

23:42:43.0109 3664  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys

23:42:43.0234 3664  VgaSave - ok

23:42:43.0250 3664  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys

23:42:43.0375 3664  ViaIde - ok

23:42:43.0375 3664  [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys

23:42:43.0468 3664  VolSnap - ok

23:42:43.0515 3664  [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS             C:\WINDOWS\System32\vssvc.exe

23:42:43.0640 3664  VSS - ok

23:42:43.0671 3664  [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time         C:\WINDOWS\system32\w32time.dll

23:42:43.0781 3664  W32Time - ok

23:42:43.0859 3664  [ B1F126E7E28877106D60E6FF3998D033 ] w39n51          C:\WINDOWS\system32\DRIVERS\w39n51.sys

23:42:44.0093 3664  w39n51 - ok

23:42:44.0125 3664  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys

23:42:44.0328 3664  Wanarp - ok

23:42:44.0328 3664  WDICA - ok

23:42:44.0359 3664  [ 2797F33EBF50466020C430EE4F037933 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys

23:42:44.0468 3664  wdmaud - ok

23:42:44.0500 3664  [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient       C:\WINDOWS\System32\webclnt.dll

23:42:44.0781 3664  WebClient - ok

23:42:44.0890 3664  winmgmt - ok

23:42:45.0000 3664  [ 20263DAFD033D30F151BB87568386769 ] WmcCds          c:\programme\windows media connect\mswmccds.exe

23:42:45.0062 3664  WmcCds ( UnsignedFile.Multi.Generic ) - warning

23:42:45.0062 3664  WmcCds - detected UnsignedFile.Multi.Generic (1)

23:42:45.0093 3664  [ 1DD015A69235DCFAE18B5F98FB50BE23 ] WmcCdsLs        C:\Programme\Windows Media Connect\mswmcls.exe

23:42:45.0109 3664  WmcCdsLs ( UnsignedFile.Multi.Generic ) - warning

23:42:45.0109 3664  WmcCdsLs - detected UnsignedFile.Multi.Generic (1)

23:42:45.0156 3664  [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll

23:42:45.0250 3664  WmdmPmSN - ok

23:42:45.0312 3664  [ C8FC9889A70E775B7C5A0BB297D6F845 ] Wmi             C:\WINDOWS\System32\advapi32.dll

23:42:45.0453 3664  Wmi - ok

23:42:45.0515 3664  [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

23:42:45.0734 3664  WmiAcpi - ok

23:42:45.0843 3664  [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe

23:42:45.0953 3664  WmiApSrv - ok

23:42:46.0000 3664  [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll

23:42:46.0109 3664  wscsvc - ok

23:42:46.0125 3664  [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll

23:42:46.0250 3664  wuauserv - ok

23:42:46.0281 3664  [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll

23:42:46.0421 3664  WZCSVC - ok

23:42:46.0453 3664  [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov         C:\WINDOWS\System32\xmlprov.dll

23:42:46.0609 3664  xmlprov - ok

23:42:46.0609 3664  ================ Scan global ===============================

23:42:46.0640 3664  [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll

23:42:46.0734 3664  [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll

23:42:46.0781 3664  [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll

23:42:46.0812 3664  [ A07CA23EA361A01E627D911CF139B950 ] C:\WINDOWS\system32\services.exe

23:42:46.0812 3664  [Global] - ok

23:42:46.0812 3664  ================ Scan MBR ==================================

23:42:46.0843 3664  [ 14C6601BDCC8A8484143829F2700ED2C ] \Device\Harddisk0\DR0

23:42:47.0687 3664  \Device\Harddisk0\DR0 - ok

23:42:47.0687 3664  ================ Scan VBR ==================================

23:42:47.0703 3664  [ E6960B42172B40ED6066A84CC02EDFFA ] \Device\Harddisk0\DR0\Partition1

23:42:47.0703 3664  \Device\Harddisk0\DR0\Partition1 - ok

23:42:47.0703 3664  [ 43AE955F9ADDAC81E98C7B634F213872 ] \Device\Harddisk0\DR0\Partition2

23:42:47.0703 3664  \Device\Harddisk0\DR0\Partition2 - ok

23:42:47.0703 3664  ============================================================

23:42:47.0703 3664  Scan finished

23:42:47.0703 3664  ============================================================

23:42:47.0812 1936  Detected object count: 26

23:42:47.0812 1936  Actual detected object count: 26

23:43:06.0171 1936  Asapi ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0171 1936  Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0187 1936  ASChannel ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0187 1936  ASChannel ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0187 1936  BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0187 1936  BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0187 1936  btwdins ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0187 1936  btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0187 1936  BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0187 1936  BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0187 1936  DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0187 1936  DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0187 1936  DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0187 1936  DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0187 1936  DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0187 1936  DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0187 1936  DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0187 1936  DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0187 1936  DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0187 1936  DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0187 1936  DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0187 1936  DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0203 1936  DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0203 1936  DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0203 1936  DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0203 1936  DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0203 1936  DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0203 1936  DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0203 1936  DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0203 1936  DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0203 1936  DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0203 1936  DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0203 1936  hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0203 1936  hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0203 1936  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0203 1936  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0203 1936  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0203 1936  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0203 1936  PCA ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0203 1936  PCA ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0218 1936  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0218 1936  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0218 1936  RDID1046 ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0218 1936  RDID1046 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0218 1936  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0218 1936  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0218 1936  TPkd ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0218 1936  TPkd ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0218 1936  WmcCds ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0218 1936  WmcCds ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:06.0218 1936  WmcCdsLs ( UnsignedFile.Multi.Generic ) - skipped by user

23:43:06.0218 1936  WmcCdsLs ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:43:16.0984 2460  Deinitialize success

OMG

Vielen Dank

hi
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hi,
hier die logfile von combofix:

Code:

ComboFix 13-02-03.03 - Administrator 04.02.2013  16:33:46.1.2 - x86

ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\Administrator\WINDOWS

c:\windows\IsUn0407.exe

c:\windows\system\Pncrt.dll

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\wininit.ini

D:\Autorun.inf

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Asapi

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-01-04 bis 2013-02-04  ))))))))))))))))))))))))))))))

.

.

2013-02-04 15:27 . 2013-02-04 15:27        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory

2013-02-04 15:27 . 2004-08-04 08:00        25600        ----a-w-        c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2013-02-03 22:54 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe

2013-02-03 22:54 . 2013-02-03 17:35        --------        d-----w-        C:\_OTL

2013-01-29 20:06 . 2013-02-03 22:51        --------        d-----w-        c:\programme\SweetIM

2013-01-29 20:05 . 2013-01-29 20:05        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PutLockerDownloader

2013-01-29 20:04 . 2013-01-29 20:04        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer

2013-01-29 20:04 . 2013-01-29 20:04        --------        d-----w-        c:\programme\Movie2KDownloader.com

2013-01-28 21:00 . 2013-01-28 21:00        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\VST3 Presets

2013-01-28 19:38 . 2013-01-28 19:38        --------        d-----w-        c:\programme\Gemeinsame Dateien\VST3

2013-01-28 19:34 . 2013-01-28 19:34        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\VST3 Presets

2013-01-28 19:23 . 2013-01-28 19:23        --------        d-----w-        c:\programme\Gemeinsame Dateien\Steinberg

2013-01-28 19:23 . 2013-01-28 19:23        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Steinberg

2013-01-28 19:15 . 2013-01-28 19:15        --------        d-----w-        c:\programme\Alcohol Soft

2013-01-28 19:12 . 2013-01-28 19:12        477240        ----a-w-        c:\windows\system32\drivers\sptd.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"AlcoholAutomount"="c:\programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]

"Skype"="c:\programme\Skype\Phone\Skype.exe" [2007-05-07 23395368]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]

"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"SunJavaUpdateSched"="c:\programme\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"PTHOSTTR"="c:\programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]

"HP Software Update"="c:\programme\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]

"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"hpWirelessAssistant"="c:\programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]

"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]

"QlbCtrl"="c:\programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]

"Cpqset"="c:\programme\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-23 802816]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]

"WatchDog"="c:\programme\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

"Nikon Message Center 2"="c:\programme\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]

"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-10-24 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]

DVD Check.lnk - c:\programme\InterVideo\DVD Check\DVDCheck.exe [2010-10-16 184320]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

2005-07-25 18:41        40960        ----a-w-        c:\programme\HPQ\IAM\Bin\AsWlnPkg.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"wave1"=rddv1046.dll

"midi1"=rddv1046.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Windows\\system32\\msiexec.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

.

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [05.09.2011 20:18 232512]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [20.11.2010 22:21 136360]

R2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe -k Cognizance [04.08.2004 09:00 14336]

R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [24.06.2010 13:46 28256]

S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [05.01.2012 16:42 75624]

S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [24.06.2010 13:46 28256]

S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [29.10.2010 16:55 163390]

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance        REG_MULTI_SZ           ASChannel

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-02-03 22:58        1607120        ----a-w-        c:\programme\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2013-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]

.

2010-11-20 c:\windows\Tasks\expressShakeIcon.job

- c:\programme\NCH Swift Sound\Express\express.exe [2010-11-13 19:16]

.

2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2011-04-07 19:51]

.

2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2011-04-07 19:51]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={6471F80D-6A4F-11E2-93C1-0017A4CD3B4B}

mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={6471F80D-6A4F-11E2-93C1-0017A4CD3B4B}

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

IE: Senden an &Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\i3nx4lhy.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - SweetIM Search

FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={6471F80D-6A4F-11E2-93C1-0017A4CD3B4B}

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={6471F80D-6A4F-11E2-93C1-0017A4CD3B4B}&src=2&crg=3.1010000.10011&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: SweetPacks Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2013-02-04 16:40

Windows 5.1.2600 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  Cpqset = c:\programme\HPQ\Default Settings\cpqset.exe?????????? ???@???????????????@?????XW??????(?@???????@ 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2854527535-1575105176-2467903655-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,52,2e,1f,4f,41,60,40,be,7d,f0,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,a5,23,2c,2f,5c,73,47,98,bb,e7,\

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(1284)

c:\programme\HPQ\IAM\Bin\AsWlnPkg.dll

c:\windows\system32\msi.dll

.

- - - - - - - > 'lsass.exe'(1340)

c:\windows\system32\rddv1046.dll

.

- - - - - - - > 'explorer.exe'(1304)

c:\programme\HPQ\IAM\Bin\SFSShell.dll

c:\programme\HPQ\IAM\bin\ItMsg.dll

c:\programme\HPQ\IAM\bin\1031\SFSShell.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\DllHost.exe

c:\programme\HPQ\IAM\bin\asghost.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\msdtc.exe

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\programme\Avira\AntiVir Desktop\avshadow.exe

c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

c:\programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\windows\system32\wdfmgr.exe

c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

c:\windows\system32\mqsvc.exe

c:\programme\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\system32\mqtgsvc.exe

c:\windows\system32\wscntfy.exe

c:\programme\Skype\Plugin Manager\skypePM.exe

c:\progra~1\HPQ\Shared\HPQTOA~1.EXE

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-02-04  16:44:51 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-02-04 15:44

.

Vor Suchlauf: 23 Verzeichnis(se), 13.167.476.736 Bytes frei

Nach Suchlauf: 25 Verzeichnis(se), 13.336.924.160 Bytes frei

.

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - A0BB030517BCDE8E4CBF550723BC4C21

Danke!

hi,
1.
http://download.bleepingcomputer.com...xp/winmgmt.reg
laden, doppelklicken, Nachfrage bestätigen, neustarten
2.
- servicepack3:
Download: Windows XP Service Pack 3-Netzwerkinstallationspaket für IT-Spezialisten und Entwickler - Microsoft Download Center - Download Details

- automatische updates so konfigurieren, das sie automatisch geladen/instaliert werden:
Konfigurieren und Verwenden des Features "Automatische Updates" in Windows
melden, wenn fertig

Hi,

vielen Dank für die Unterstützung und Anweisungen. Der Rechner funktioniert ganz gut. Ich sehe aber, dass bei Firefox noch eine Toolbar installiert ist. Ich denke aber, dass ich die auch wegbekomme.

Soll ich noch irgendwelche Scans durchführen?

Vielen Dank nochmal

sind die Anweisungen von oben ausgeführt?

Ja, das sind sie.

- reg-datei heruntergeladen und ausgeführt.
- WIN XP SP3 installiert
- automatische Updates eingestellt.

Danke

sehr gut.
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Hallo,

hier die Logdatei von Malwarebytes Anti-Malware:

Code:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org
 

Datenbank Version: v2013.02.05.07
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: PC834640339160 [Administrator]
 

05.02.2013 16:50:09

mbam-log-2013-02-05 (16-50-09).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 342683

Laufzeit: 1 Stunde(n), 46 Minute(n), 46 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

C:\all stuff  noch 7,7 GB\System Volume Information\_restore{B32AEE6A-215A-4A68-95FC-9CABBF245D43}\RP456\A0090418.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\_OTL\MovedFiles\02032013_175443\C_Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\wpbt0.dll (Trojan.Ransom.NUM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Danke

hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Hi,
wie schon erwähnt ist das nicht mein Rechner, sonder der Rechner von meinem Nachbarn. Ich weiß daher nicht, welche Programme wirklich notwendig sind und welche unnötig bzw. unbekannt.
Ich habe es so weit es geht versucht zu benennen.

Code:

Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated                        11.5.502.146 notwendig

Adobe Flash Player 11 Plugin        Adobe Systems Incorporated                        11.5.502.146 notwendig

Adobe Reader XI (11.0.01) - Deutsch        Adobe Systems Incorporated        07.02.2013        135,00MB        11.0.01 notwendig

Agere Systems HDA Modem        unbekannt                        

Antares Auto-Tune Evo VST        Antares Audio Technologies        11.11.2011        33,48MB        6.00.0009 notwendig

Apple Application Support        Apple Inc.        12.05.2012        62,92MB        2.1.5 notwendig

Apple Software Update        Apple Inc.        12.05.2012        2,38MB        2.1.3.127 notwendig

Application Installer 4.00.B5        Hewlett-Packard Company                        4.00.B5 notwendig

ASAPI Update        notwendig                        

Avira Free Antivirus        Avira                        13.0.0.2890 notwendig

BS.Player FREE        Webteh, d.o.o.                        2.57.1051 unnögig

Camtasia Studio 7        TechSmith Corporation        13.11.2010        218,00MB        7.0.1 notwendig

CCleaner        Piriform        23.01.2013                3.27 notwendig

DAEMON Tools Lite        DT Soft Ltd                        4.41.3.0173 unnötig

Express Dictate        NCH Software        notwendig                

Express Scribe        NCH Software        notwendig                

FinalData Enterprise 2.0        notwendig                

Google Chrome        Google Inc.        07.04.2011                24.0.1312.57 notwendig

Google Earth        Google        02.12.2011        92,77MB        6.1.0.5001 notwendig

HP BIOS Configuration for ProtectTools 2.00 C3        Hewlett-Packard Company                        2.00 C3 notwendig

HP Credential Manager for ProtectTools        Hewlett-Packard Development Company, L.P.        20.08.2006        20,86MB        1.5.0.631.36.E notwendig

HP Help and Support        HPQ        20.08.2006                4.2.0009 notwendig

HP Integrated Module with Bluetooth wireless technology        HP        16.10.2010        30,95MB        4.0.1.3301 notwendig

HP Notebook Accessories Product Tour        Hewlett-Packard        20.08.2006                12.00.0000 notwendig

HP ProtectTools Security Manager 2.00 C3        Hewlett-Packard Company        20.08.2006                2.00 C3 notwendig

HP Quick Launch Buttons 6.00 D2        Hewlett-Packard Company        20.08.2006                6.00 D2 notwendig

HP Software Update        Hewlett-Packard        20.08.2006        3,42MB        3.0.7.014 notwendig

HP User Guides 0029        HP        20.08.2006                1.01.0001 notwendig

HP Wireless Assistant 2.00 E1        Hewlett-Packard Company                        2.00 E1 notwendig 

Intel(R) Graphics Media Accelerator Driver                                6.14.10.4543 notwendig

Interlok driver setup x32        PACE Anti-Piracy        11.11.2011        0,12MB        5.8.10 wahrscheinlich notwendig

InterVideo DVD Check notwendig                                

InterVideo WinDVD        InterVideo Inc.                        5.0-B11.676 notwendig

J2SE Runtime Environment 5.0 Update 6        Sun Microsystems, Inc.        20.08.2006        152,00MB        1.5.0.60 notwendig

Malwarebytes Anti-Malware Version 1.70.0.1100        Malwarebytes Corporation        05.02.2013                1.70.0.1100 notwendig

Microsoft .NET Framework 1.1                24.10.2010 notwendig                

Microsoft .NET Framework 1.1 German Language Pack        Microsoft        07.08.2004        3,02MB        1.1.4322 notwendig

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU        Microsoft Corporation        15.11.2010        6,18MB        2.1.21022 notwendig

Microsoft .NET Framework 2.0 Service Pack 2        Microsoft Corporation        05.02.2013        185,00MB        2.2.30729 notwendig

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU        Microsoft Corporation        15.11.2010        16,81MB        3.1.21022 notwendig

Microsoft .NET Framework 3.0 Service Pack 2        Microsoft Corporation        05.02.2013        251,00MB        3.2.30729 notwendig

Microsoft .NET Framework 3.5 Language Pack - DEU        Microsoft Corporation        notwendig

Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        05.02.2013        notwendig

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        20.11.2010        10,19MB        9.0.30729.4148 notwendig

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        06.02.2013        11,13MB        10.0.40219        notwendig

Movie2KDownloader        Movie2KDownloader.com                        2.1 Build 26473 unnötig!

Mozilla Firefox 18.0.2 (x86 de)        Mozilla                        18.0.2 notwendig

Mozilla Maintenance Service        Mozilla                        18.0.2 wahrscheinlich notwendig

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        23.10.2011        1,42MB        4.20.9870.0 unbekannt

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        23.10.2011        2,77MB        4.20.9876.0 unbekannt

MSXML 6 Service Pack 2 (KB973686)        Microsoft Corporation        17.11.2010        1,40MB        6.20.2003.0 unbekannt

Native Instruments Absynth 5        Native Instruments        05.09.2011                notwendig

Native Instruments FM8        Native Instruments        05.09.2011                notwendig

Native Instruments Guitar Rig 4        Native Instruments        05.09.2011                notwendig

Native Instruments Komplete 6        Native Instruments        06.09.2011                notwendig

Native Instruments Kontakt 4        Native Instruments        06.09.2011                notwendig

Native Instruments Massive        Native Instruments        05.09.2011                notwendig

Native Instruments Reaktor 5        Native Instruments        05.09.2011                notwendig

Native Instruments Service Center        Native Instruments        05.09.2011                notwendig

Nikon Message Center 2        Nikon        08.10.2011        5,20MB        2.0.1                        notwendig

Nikon Movie Editor        Nikon        08.10.2011        26,99MB        2.2.1                        notwendig

Picture Control Utility        Nikon        08.10.2011        27,16MB        1.3.0                        notwendig

QuickTime        Apple Inc.        12.05.2012        73,28MB        7.71.80.42                notwendig

Registry Reviver        ReviverSoft LLC.        11.11.2010                1.2.39        unnötig

Replay Media Catcher 4        Applian Technologies        15.11.2010        25,19MB        4.0.4        notwendig

Skype™ 3.2        Skype Technologies S.A.        19.10.2010        34,76MB        3.2.145                notwendig

Sonic Audio Module        Sonic Solutions        20.08.2006        17,02MB        2.0.4                notwendig

Sonic Copy Module        Sonic Solutions        20.08.2006        16,72MB        2.0.4                notwendig

Sonic Data Module        Sonic Solutions        20.08.2006        16,24MB        2.0.4                notwendig

Sonic DLA        Sonic Solutions        20.08.2006        2,77MB        5.2.0                        notwendig

Sonic Express Labeler        Sonic Solutions        20.08.2006        13,29MB        2.0.0                notwendig

Sonic MyDVD Plus        Sonic Solutions        20.08.2006        266,00MB        6.2.0        notwendig

Sonic Update Manager        Sonic Solutions        20.08.2006        2,39MB        3.0.0                notwendig

SoundMAX        Analog Devices        20.08.2006                5.10.01.4321                notwendig

ST Wiederherstellungs- & Sicherungsprogramme        Hewlett-Packard Company         20.08.2006                2.1K notwendig

Steinberg Cubase 5        Steinberg Media Technologies GmbH        28.01.2013        291,00MB        5.1.0 notwendig

Steinberg Cubase SX 3        Steinberg Media Technologies GmbH                        notwendig

Steinberg Drum Loop Expansion 01        Steinberg Media Technologies GmbH        28.01.2013        424,00MB        1.0.0.1 notwendig

Steinberg Groove Agent ONE Content        Steinberg Media Technologies GmbH        28.01.2013        142,00MB        1.0.0.003 notwendig

Steinberg HALionOne        Steinberg Media Technologies GmbH        28.01.2013        387,00MB        1.1.0.457                notwendig

Steinberg HALionOne Additional Content Set 01        Steinberg Media Technologies GmbH        28.01.2013        940,00MB        1.0.0.001 notwendig

Steinberg HALionOne Expression Set        Steinberg Media Technologies GmbH        28.01.2013        231,00MB        1.0.1.0        notwendig

Steinberg HALionOne GM Drum Set        Steinberg Media Technologies GmbH        28.01.2013        23,95MB        1.0.1.457 notwendig

Steinberg HALionOne GM Set        Steinberg Media Technologies GmbH        28.01.2013        63,62MB        1.0.1.457 notwendig

Steinberg HALionOne Pro Set        Steinberg Media Technologies GmbH        28.01.2013        123,00MB        1.0.1.457 notwendig

Steinberg HALionOne Studio Drum Set        Steinberg Media Technologies GmbH        28.01.2013        48,07MB        1.0.1.457 notwendig

Steinberg HALionOne Studio Set        Steinberg Media Technologies GmbH        28.01.2013        112,00MB        1.0.1.457 notwendig

Steinberg LoopMash Content        Steinberg Media Technologies GmbH        28.01.2013        612,00MB        1.0.0.005 notwendig

Steinberg REVerence Content 01        Steinberg Media Technologies GmbH        28.01.2013        169,00MB        1.0.0.006 notwendig

Steinberg The Grand VSTi DXi v2.1.0                10.08.2011                notwendig

Steinberg WaveLab 5.01b                                notwendig

Synaptics Pointing Device Driver        Synaptics                        8.2.4.0 

Transcribe! 8.00        Seventh String Software        20.11.2010                8.00 notwendig

Trilogy        Spectrasonics, Inc.                        notwendig

Undelete Plus 2.98        Copyright © 2008 Phoenix Technologies • All Rights Reserved        24.10.2010 notwendig                

ViewNX 2        Nikon        08.10.2011        51,63MB        2.2.1 notwendig

VLC media player 0.9.9        VideoLAN Team                        0.9.9 notwendig

Windows Internet Explorer 8        Microsoft Corporation        22.02.2011                20090308.140743 notwendig

Windows Media Connect                20.08.2006                notwendig

Windows XP Service Pack 3        Microsoft Corporation        04.02.2013                20080414.031514 notwendig

WinRAR 4.01 (32-Bit)        win.rar GmbH                        4.01.0notwendig

Wisdom-soft Set up ASR 3.1 Free        Wisdom Software Inc.                        notwendig

danke!