Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner (https://www.trojaner-board.de/134963-weisser-bildschirm-anmeldung-windows-xp-gvu-trojaner.html)

hansdoll 15.05.2013 00:27
Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner
 
Hallo,

auch ich habe mir den GVU-Trojaner eingefangen.
Nachdem ich die Internetverbindung gekappt habe, ist der Bildschirm nur noch weiss.
Betriebssystem: Windows XP SP3, Vers. 5.1.2600
Ich habe im abgesicherten Modus FRST.EXE laufen lassen. Die beiden logs im folgenden.
Kann mir jemand helfen ?! Im voraus vielen Dank !

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-05-2013
Ran by Administrator (administrator) on 15-05-2013 00:52:51
Running from F:\
Microsoft Windows XP Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 6
Boot Mode: Safe Mode (minimal)
==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Farbar) f:\FRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [8466432 2007-09-04] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-09-04] (NVIDIA Corporation)
HKLM\...\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2007-07-23] (AMD)
HKLM\...\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe [318488 2008-04-07] (PDF Complete Inc)
HKLM\...\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe [525824 2003-11-20] (Hewlett-Packard Company)
HKLM\...\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe [1138688 2006-05-12] ()
HKLM\...\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe [761856 2006-03-31] ()
HKLM\...\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe [872448 2006-07-10] ()
HKLM\...\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe [955976 2008-10-29] (G DATA Software AG)
HKLM\...\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305) [53248 2005-02-28] (Vimicro)
HKLM\...\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup [229376 2006-06-15] (Nokia)
HKLM\...\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe [283136 2007-02-02] (AVM Berlin)
HKLM\...\Run: [APSDaemon] "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [innoplus_update] C:\Programme\innoPlus\innoplus_bad\bin\dataupdate.exe -b [2983088 2012-07-25] (INNOVA-engineering GmbH Dresden)
HKLM\...\Run: [CDAServer] C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] ()
HKLM\...\Run: [] [x]
HKLM\...\Run: [ApnUpdater] "C:\Programme\Ask.com\Updater\Updater.exe" [1644680 2013-02-08] (Ask)
HKLM\...\Run: [Device Detector] DevDetect.exe -autorun [x]
HKLM\...\Run: [NPSStartup] [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\RunOnce: [(4) HWRestore] "C:\Sage\KHK\Handwerk\HWRESTORE.EXE" -Server: COMPUTERHANS -Benutzer: sa -Backup: "C:\Sage\KHK\Handwerk\Daten\Vorlagen\HW_LEER.KHK" -Daten: "C:\Sage\KHK\Handwerk\Daten\HANDWERK.MDF" -Log: "C:\Sage\KHK\Handwerk\Daten\HANDWERK.LDF" -Datenbank: HW_Database -Auto [1048576 2013-05-12] ()
HKLM Groop Policy restriction on software: %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* <====== ATTENTION
HKLM\...\Winlogon: [System]
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [1449984 2006-06-27] (Time Information Services Ltd.)
HKCU\...\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe [x]
HKCU\...\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat <==== ATTENTION
MountPoints2: {1ba73a2b-60fb-11df-bb73-002264278107} - F:\pushinst.exe
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: (No Name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No File
SearchScopes: HKLM - DefaultScope value is missing.
HKCU SearchScopes: DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=51D33A1B-5494-4753-BB99-A16A296559A6&apn_sauid=EAABA731-5486-4EA9-BE11-A5DC56130D49
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=51D33A1B-5494-4753-BB99-A16A296559A6&apn_sauid=EAABA731-5486-4EA9-BE11-A5DC56130D49
BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
PDF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
PDF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 04 C:\Programme\FRITZ!DSL\\sarah.dll [247296] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Programme\Bonjour\mdnsNSP.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Programme\FRITZ!DSL\\sarah.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Programme\FRITZ!DSL\\sarah.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Programme\FRITZ!DSL\\sarah.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Programme\FRITZ!DSL\\sarah.dll [92672] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default
FF SearchEngine: Yahoo
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: wtxpcom - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default\Extensions\wtxpcom@mybrowserbar.com
FF Extension: youtubedownloader - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default\Extensions\youtubedownloader@mybrowserbar.com

========================== Services (Whitelisted) =================

S2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008 2012-12-21] (Apple Inc.)
S2 AVKProxy; C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [1089608 2008-10-29] (G DATA Software AG)
S2 AVKService; C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe [386120 2008-08-19] (G DATA Software AG)
S2 AVKWCtl; C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe [1185496 2008-09-08] (G DATA Software AG)
S2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [390504 2011-08-31] (Apple Inc.)
S2 CCALib8; C:\Programme\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2011-04-24] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2011-04-24] (Google Inc.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation)
S2 IGDCTRL; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
S3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [553288 2013-02-20] (Apple Inc.)
S2 LiveUpdateInstaller; C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe [516096 2003-07-02] (Sage KHK Software)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [115608 2013-04-13] (Mozilla Foundation)
S2 MSSQLSERVER; C:\Programme\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [364544 2006-06-13] (SoftThinks)
S2 pdfcDispatcher; C:\Programme\PDF Complete\pdfsvc.exe [576024 2008-04-07] (PDF Complete Inc)
S2 Samsung Network Fax Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe [175104 2011-06-20] (Samsung Electronics Co., Ltd.)
S3 ServiceLayer; C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.)
S3 SQLSERVERAGENT; C:\Programme\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
S2 UleadBurningHelper; C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-02-26] (Ulead Systems, Inc.)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
S2 SENS; C:\DOKUME~1\ALLUSE~1\ANWEND~1\wi3232exe.dat [x]

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
S1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [43520 2006-07-01] (Advanced Micro Devices)
R3 AmdLLD; C:\Windows\System32\DRIVERS\AmdLLD.sys [34304 2007-06-29] (AMD, Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S1 FSLX; C:\WINDOWS\system32\drivers\fslx.sys [191872 2008-07-11] (Altiris, Inc.)
S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S3 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [48712 2009-05-21] (G DATA Software AG)
S2 GDTdiInterceptor; C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [51016 2009-05-21] (G DATA Software AG)
S1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [68424 2009-05-27] (G DATA Software)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
S3 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [32328 2009-05-21] (G DATA Software AG)
S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-04] (Intel(R) Corporation)
S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-04] (Intel(R) Corporation)
S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-04] (Intel(R) Corporation)
S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-04] (Intel(R) Corporation)
S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-04] (Intel(R) Corporation)
S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-04] (Intel(R) Corporation)
S3 iAimFP5; C:\Windows\System32\DRIVERS\wADV07nt.sys [11807 2004-08-04] (Intel(R) Corporation)
S3 iAimFP6; C:\Windows\System32\DRIVERS\wADV08nt.sys [11295 2004-08-04] (Intel(R) Corporation)
S3 iAimFP7; C:\Windows\System32\DRIVERS\wADV09nt.sys [11871 2004-08-04] (Intel(R) Corporation)
S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-04] (Intel(R) Corporation)
S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-04] (Intel(R) Corporation)
S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-04] (Intel(R) Corporation)
S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-04] (Intel(R) Corporation)
S3 iAimTV5; C:\Windows\System32\DRIVERS\wATV10nt.sys [25471 2004-08-04] (Intel(R) Corporation)
S3 iAimTV6; C:\Windows\System32\DRIVERS\wATV06nt.sys [22271 2004-08-04] (Intel(R) Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 Nokia USB Generic; C:\Windows\System32\drivers\nmwcdc.sys [8704 2006-05-29] (Nokia)
S3 Nokia USB Modem; C:\Windows\System32\drivers\nmwcdcm.sys [13312 2006-05-29] (Nokia)
S3 Nokia USB Phone Parent; C:\Windows\System32\drivers\nmwcd.sys [127488 2006-05-29] (Nokia)
S3 Nokia USB Port; C:\Windows\System32\drivers\nmwcdcj.sys [13312 2006-05-29] (Nokia)
S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54400 2007-07-30] (NVIDIA Corporation)
S3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2007-07-30] (NVIDIA Corporation)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [46848 2008-04-14] (Microsoft Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [215040 2007-05-04] (Realtek Semiconductor Corporation )
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2011-04-05] (Samsung Electronics)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S4 Symmpi; C:\Windows\system32\DRIVERS\symmpi.sys [28416 2002-04-04] (LSI Logic)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [91263 2004-08-17] (VM)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 Aha154x; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
S3 cpuz132; \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys [x]
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S3 SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [x]
S4 Sparrow; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S3 WDICA; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-15 00:52 - 2013-05-15 00:52 - 00000000 ____D C:\FRST
2013-05-14 01:23 - 2013-05-14 01:27 - 00000000 ____D C:\Wiederhergestellte Dateien 13-05-13
2013-05-12 21:53 - 2013-05-12 21:53 - 00000000 ____D C:\Windows\CSC

==================== One Month Modified Files and Folders ========

2013-05-15 00:52 - 2013-05-15 00:52 - 00000000 ____D C:\FRST
2013-05-15 00:48 - 2009-05-20 14:19 - 00001158 ____A C:\Windows\System32\wpa.dbl
2013-05-15 00:38 - 2013-02-20 23:33 - 00000242 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job
2013-05-15 00:38 - 2009-05-20 14:19 - 00000275 ____A C:\Windows\wiadebug.log
2013-05-15 00:38 - 2009-05-20 14:19 - 00000050 ____A C:\Windows\wiaservc.log
2013-05-15 00:38 - 2009-05-20 14:18 - 00032532 ____A C:\Windows\SchedLgU.Txt
2013-05-15 00:38 - 2006-05-16 16:27 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-15 00:38 - 2006-05-05 06:14 - 01995707 ____A C:\Windows\WindowsUpdate.log
2013-05-15 00:29 - 2006-05-05 06:14 - 00983975 ____A C:\Windows\setupapi.log
2013-05-15 00:28 - 2011-04-24 23:13 - 00001100 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-15 00:28 - 2009-05-20 17:56 - 00000000 ____D C:\Windows\SMINST
2013-05-15 00:28 - 2009-05-20 14:26 - 00000000 ____D C:\Windows\Registration
2013-05-14 01:27 - 2013-05-14 01:23 - 00000000 ____D C:\Wiederhergestellte Dateien 13-05-13
2013-05-14 00:43 - 2011-04-24 23:13 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-13 00:54 - 2010-10-04 15:06 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-05-12 21:53 - 2013-05-12 21:53 - 00000000 ____D C:\Windows\CSC
2013-05-12 18:03 - 2012-10-15 21:34 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-12 01:06 - 2009-05-21 22:39 - 00013030 ____A C:\PDOXUSRS.NET
2013-05-12 01:06 - 2009-05-21 20:49 - 00000000 ____A C:\Windows\System32\Kein Protokoll
2013-05-12 00:06 - 2009-05-21 17:14 - 00000000 ____D C:\Firma Doll
2013-05-07 10:36 - 2009-05-20 14:26 - 00000000 ___RD C:\Programme
2013-05-04 20:17 - 2009-09-01 20:59 - 00000276 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2013-04-28 16:50 - 2011-03-09 23:35 - 00000000 ____D C:\Private Dokumente Hans
2013-04-25 23:24 - 2006-05-05 05:53 - 01103492 ____A C:\Windows\System32\PerfStringBackup.INI

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-08-04 09:57] - [2008-04-14 04:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e

C:\Windows\System32\winlogon.exe
[2004-08-04 09:58] - [2008-04-14 04:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a

C:\Windows\System32\svchost.exe
[2004-08-04 09:58] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366

C:\Windows\System32\services.exe
[2004-08-04 09:58] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc

C:\Windows\System32\User32.dll
[2004-08-04 09:57] - [2008-04-14 04:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd

C:\Windows\System32\userinit.exe
[2004-08-04 09:58] - [2008-04-14 04:23] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-04 09:44] - [2008-04-14 03:52] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d


==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-05-2013
Ran by Administrator at 2013-05-15 00:53:20 Run:
Running from F:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Installed Programs =======================

ACDSee Foto-Manager 12 (Version: 12.0.344)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader XI (11.0.02) - Deutsch (Version: 11.0.02)
Altiris Software Virtualization Agent (Version: 2.1.2096)
AMD Processor Driver (Version: 1.3.2.0053)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.15.15.0)
Ask Toolbar Updater (Version: 1.2.4.36191)
AVM FRITZ!DSL (Version: 2.04.02)
AVM FRITZ!fax für FRITZ!Box
Bonjour (Version: 3.0.0.10)
Canon Camera Access Library (Version: 8.4.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera WIA Driver (Version: 5.7)
Canon EOS 5D WIA-Treiber (Version: 5.7)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.5.0.3)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.1.6)
Canon RAW Image Task for ZoomBrowser EX (Version: 3.3.0.5)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Digital Photo Professional 3.4 (Version: 3.4.0.0)
Canon Utilities EOS Utility (Version: 2.4.0.1)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities Original Data Security Tools (Version: 1.4.0.1)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities Picture Style Editor (Version: 1.3.0.0)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities WFT-E1/E2/E3 Utility (Version: 3.2.1.1)
Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
Common Desktop Agent (Version: 1.53.0)
Dual-Core Optimizer (Version: 1.1.3.0161)
ElsterFormular (Version: 14.1.20130301)
ElsterFormular 2008/2009 (Version: 10.2.1.0)
G DATA AntiVirus (Version: 19.0.0.4)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
HandBrake 0.9.5 (Version: 0.9.5)
Handwerk
High Definition Audio - KB888111 (Version: 20040219.000000)
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB2443685) (Version: 1)
Hotfix für Windows XP (KB2570791) (Version: 1)
Hotfix für Windows XP (KB2633952) (Version: 1)
Hotfix für Windows XP (KB2756822) (Version: 1)
Hotfix für Windows XP (KB2779562) (Version: 1)
Hotfix für Windows XP (KB952117-v2) (Version: 2)
Hotfix für Windows XP (KB952287) (Version: 1)
Hotfix für Windows XP (KB961118) (Version: 1)
Hotfix für Windows XP (KB970653-v3) (Version: 3)
Hotfix für Windows XP (KB976098-v2) (Version: 2)
Hotfix für Windows XP (KB979306) (Version: 1)
Hotfix für Windows XP (KB981793) (Version: 1)
HP Backup and Recovery Manager (Version: 2.5C)
HP Help and Support (Version: 4.2.0010)
innoPlus bad (Version: 13.00.0100)
iTunes (Version: 11.0.2.26)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 2.0 Language Pack - DEU (Version: 1.1.50727.42)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft SQL Server Desktop Engine (Version: 8.00.760)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 20.0.1 (x86 de) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
Mozilla Thunderbird 17.0.5 (x86 de) (Version: 17.0.5)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Nero Suite
Nokia Connectivity Cable Driver (Version: 6.81.1.2)
Nokia Lifeblog 2.1 (Version: 2.1.131)
Nokia MTP driver (Version: 1.0.0)
Nokia N73 highlights (Version: 1.0.6)
Nokia Nseries Skin for Microsoft Windows Media Player (Version: 1.0.4)
Nokia PC Connectivity Solution (Version: 6.23.9.0)
Nokia PC Suite (Version: 6.81.13.0)
Nokia themes for your device (Version: 1.0.5)
NVIDIA Drivers
OpenOffice.org 3.4.1 (Version: 3.41.9593)
PDF Complete (Version: 3.5.22)
QLink
Ravensburger tiptoi
Realtek High Definition Audio Driver (Version: 5.10.0.5508)
Samsung Easy Printer Manager (Version: 1.01.16.02)
Samsung Network PC Fax (Version: 1.05.23.04)
Samsung New PC Studio (Version: 1.00.0000)
Samsung Printer Live Update
Samsung Scan Assistant (Version: 1.04.26.00)
Samsung SCX-472x Series
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0)
Sicherheitsupdate für Microsoft Windows (KB2564958)
Sicherheitsupdate für Windows Media Encoder (KB2447961)
Sicherheitsupdate für Windows Media Player (KB2378111)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player (KB975558)
Sicherheitsupdate für Windows Media Player (KB978695)
Sicherheitsupdate für Windows Media Player (KB979402)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows XP (KB2079403) (Version: 1)
Sicherheitsupdate für Windows XP (KB2115168) (Version: 1)
Sicherheitsupdate für Windows XP (KB2121546) (Version: 1)
Sicherheitsupdate für Windows XP (KB2229593) (Version: 1)
Sicherheitsupdate für Windows XP (KB2259922) (Version: 1)
Sicherheitsupdate für Windows XP (KB2296011) (Version: 1)
Sicherheitsupdate für Windows XP (KB2347290) (Version: 1)
Sicherheitsupdate für Windows XP (KB2360937) (Version: 1)
Sicherheitsupdate für Windows XP (KB2387149) (Version: 1)
Sicherheitsupdate für Windows XP (KB2393802) (Version: 1)
Sicherheitsupdate für Windows XP (KB2412687) (Version: 1)
Sicherheitsupdate für Windows XP (KB2419632) (Version: 1)
Sicherheitsupdate für Windows XP (KB2423089) (Version: 1)
Sicherheitsupdate für Windows XP (KB2440591) (Version: 1)
Sicherheitsupdate für Windows XP (KB2443105) (Version: 1)
Sicherheitsupdate für Windows XP (KB2476490) (Version: 1)
Sicherheitsupdate für Windows XP (KB2476687) (Version: 1)
Sicherheitsupdate für Windows XP (KB2478960) (Version: 1)
Sicherheitsupdate für Windows XP (KB2478971) (Version: 1)
Sicherheitsupdate für Windows XP (KB2479628) (Version: 1)
Sicherheitsupdate für Windows XP (KB2479943) (Version: 1)
Sicherheitsupdate für Windows XP (KB2481109) (Version: 1)
Sicherheitsupdate für Windows XP (KB2482017) (Version: 1)
Sicherheitsupdate für Windows XP (KB2483185) (Version: 1)
Sicherheitsupdate für Windows XP (KB2485376) (Version: 1)
Sicherheitsupdate für Windows XP (KB2485663) (Version: 1)
Sicherheitsupdate für Windows XP (KB2497640) (Version: 1)
Sicherheitsupdate für Windows XP (KB2503658) (Version: 1)
Sicherheitsupdate für Windows XP (KB2503665) (Version: 1)
Sicherheitsupdate für Windows XP (KB2506212) (Version: 1)
Sicherheitsupdate für Windows XP (KB2506223) (Version: 1)
Sicherheitsupdate für Windows XP (KB2507618) (Version: 1)
Sicherheitsupdate für Windows XP (KB2507938) (Version: 1)
Sicherheitsupdate für Windows XP (KB2508272) (Version: 1)
Sicherheitsupdate für Windows XP (KB2508429) (Version: 1)
Sicherheitsupdate für Windows XP (KB2509553) (Version: 1)
Sicherheitsupdate für Windows XP (KB2510581) (Version: 1)
Sicherheitsupdate für Windows XP (KB2511455) (Version: 1)
Sicherheitsupdate für Windows XP (KB2524375) (Version: 1)
Sicherheitsupdate für Windows XP (KB2530548) (Version: 1)
Sicherheitsupdate für Windows XP (KB2535512) (Version: 1)
Sicherheitsupdate für Windows XP (KB2536276) (Version: 1)
Sicherheitsupdate für Windows XP (KB2536276-v2) (Version: 2)
Sicherheitsupdate für Windows XP (KB2544521) (Version: 1)
Sicherheitsupdate für Windows XP (KB2544893) (Version: 1)
Sicherheitsupdate für Windows XP (KB2544893-v2) (Version: 2)
Sicherheitsupdate für Windows XP (KB2555917) (Version: 1)
Sicherheitsupdate für Windows XP (KB2559049) (Version: 1)
Sicherheitsupdate für Windows XP (KB2562937) (Version: 1)
Sicherheitsupdate für Windows XP (KB2566454) (Version: 1)
Sicherheitsupdate für Windows XP (KB2567053) (Version: 1)
Sicherheitsupdate für Windows XP (KB2567680) (Version: 1)
Sicherheitsupdate für Windows XP (KB2570222) (Version: 1)
Sicherheitsupdate für Windows XP (KB2570947) (Version: 1)
Sicherheitsupdate für Windows XP (KB2584146) (Version: 1)
Sicherheitsupdate für Windows XP (KB2585542) (Version: 1)
Sicherheitsupdate für Windows XP (KB2586448) (Version: 1)
Sicherheitsupdate für Windows XP (KB2592799) (Version: 1)
Sicherheitsupdate für Windows XP (KB2598479) (Version: 1)
Sicherheitsupdate für Windows XP (KB2603381) (Version: 1)
Sicherheitsupdate für Windows XP (KB2618444) (Version: 1)
Sicherheitsupdate für Windows XP (KB2618451) (Version: 1)
Sicherheitsupdate für Windows XP (KB2619339) (Version: 1)
Sicherheitsupdate für Windows XP (KB2620712) (Version: 1)
Sicherheitsupdate für Windows XP (KB2621440) (Version: 1)
Sicherheitsupdate für Windows XP (KB2624667) (Version: 1)
Sicherheitsupdate für Windows XP (KB2631813) (Version: 1)
Sicherheitsupdate für Windows XP (KB2633171) (Version: 1)
Sicherheitsupdate für Windows XP (KB2639417) (Version: 1)
Sicherheitsupdate für Windows XP (KB2641653) (Version: 1)
Sicherheitsupdate für Windows XP (KB2646524) (Version: 1)
Sicherheitsupdate für Windows XP (KB2647516) (Version: 1)
Sicherheitsupdate für Windows XP (KB2647518) (Version: 1)
Sicherheitsupdate für Windows XP (KB2653956) (Version: 1)
Sicherheitsupdate für Windows XP (KB2655992) (Version: 1)
Sicherheitsupdate für Windows XP (KB2659262) (Version: 1)
Sicherheitsupdate für Windows XP (KB2660465) (Version: 1)
Sicherheitsupdate für Windows XP (KB2661637) (Version: 1)
Sicherheitsupdate für Windows XP (KB2675157) (Version: 1)
Sicherheitsupdate für Windows XP (KB2676562) (Version: 1)
Sicherheitsupdate für Windows XP (KB2685939) (Version: 1)
Sicherheitsupdate für Windows XP (KB2686509) (Version: 1)
Sicherheitsupdate für Windows XP (KB2691442) (Version: 1)
Sicherheitsupdate für Windows XP (KB2695962) (Version: 1)
Sicherheitsupdate für Windows XP (KB2698365) (Version: 1)
Sicherheitsupdate für Windows XP (KB2699988) (Version: 1)
Sicherheitsupdate für Windows XP (KB2705219) (Version: 1)
Sicherheitsupdate für Windows XP (KB2707511) (Version: 1)
Sicherheitsupdate für Windows XP (KB2709162) (Version: 1)
Sicherheitsupdate für Windows XP (KB2712808) (Version: 1)
Sicherheitsupdate für Windows XP (KB2718523) (Version: 1)
Sicherheitsupdate für Windows XP (KB2719985) (Version: 1)
Sicherheitsupdate für Windows XP (KB2722913) (Version: 1)
Sicherheitsupdate für Windows XP (KB2723135) (Version: 1)
Sicherheitsupdate für Windows XP (KB2724197) (Version: 1)
Sicherheitsupdate für Windows XP (KB2727528) (Version: 1)
Sicherheitsupdate für Windows XP (KB2731847) (Version: 1)
Sicherheitsupdate für Windows XP (KB2744842) (Version: 1)
Sicherheitsupdate für Windows XP (KB2753842) (Version: 1)
Sicherheitsupdate für Windows XP (KB2753842-v2) (Version: 2)
Sicherheitsupdate für Windows XP (KB2757638) (Version: 1)
Sicherheitsupdate für Windows XP (KB2758857) (Version: 1)
Sicherheitsupdate für Windows XP (KB2761226) (Version: 1)
Sicherheitsupdate für Windows XP (KB2761465) (Version: 1)
Sicherheitsupdate für Windows XP (KB2770660) (Version: 1)
Sicherheitsupdate für Windows XP (KB2778344) (Version: 1)
Sicherheitsupdate für Windows XP (KB2779030) (Version: 1)
Sicherheitsupdate für Windows XP (KB2780091) (Version: 1)
Sicherheitsupdate für Windows XP (KB2792100) (Version: 1)
Sicherheitsupdate für Windows XP (KB2797052) (Version: 1)
Sicherheitsupdate für Windows XP (KB2799329) (Version: 1)
Sicherheitsupdate für Windows XP (KB2799494) (Version: 1)
Sicherheitsupdate für Windows XP (KB2802968) (Version: 1)
Sicherheitsupdate für Windows XP (KB2807986) (Version: 1)
Sicherheitsupdate für Windows XP (KB2808735) (Version: 1)
Sicherheitsupdate für Windows XP (KB2809289) (Version: 1)
Sicherheitsupdate für Windows XP (KB2813170) (Version: 1)
Sicherheitsupdate für Windows XP (KB2813345) (Version: 1)
Sicherheitsupdate für Windows XP (KB2817183) (Version: 1)
Sicherheitsupdate für Windows XP (KB2820917) (Version: 1)
Sicherheitsupdate für Windows XP (KB923561) (Version: 1)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB938464-v2) (Version: 2)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648) (Version: 1)
Sicherheitsupdate für Windows XP (KB950760) (Version: 1)
Sicherheitsupdate für Windows XP (KB950762) (Version: 1)
Sicherheitsupdate für Windows XP (KB950974) (Version: 1)
Sicherheitsupdate für Windows XP (KB951066) (Version: 1)
Sicherheitsupdate für Windows XP (KB951376-v2) (Version: 2)
Sicherheitsupdate für Windows XP (KB951748) (Version: 1)
Sicherheitsupdate für Windows XP (KB952004) (Version: 1)
Sicherheitsupdate für Windows XP (KB952954) (Version: 1)
Sicherheitsupdate für Windows XP (KB954600) (Version: 1)
Sicherheitsupdate für Windows XP (KB955069) (Version: 1)
Sicherheitsupdate für Windows XP (KB956572) (Version: 1)
Sicherheitsupdate für Windows XP (KB956744) (Version: 1)
Sicherheitsupdate für Windows XP (KB956802) (Version: 1)
Sicherheitsupdate für Windows XP (KB956803) (Version: 1)
Sicherheitsupdate für Windows XP (KB956844) (Version: 1)
Sicherheitsupdate für Windows XP (KB957097) (Version: 1)
Sicherheitsupdate für Windows XP (KB958644) (Version: 1)
Sicherheitsupdate für Windows XP (KB958687) (Version: 1)
Sicherheitsupdate für Windows XP (KB958690) (Version: 1)
Sicherheitsupdate für Windows XP (KB958869) (Version: 1)
Sicherheitsupdate für Windows XP (KB959426) (Version: 1)
Sicherheitsupdate für Windows XP (KB960225) (Version: 1)
Sicherheitsupdate für Windows XP (KB960715) (Version: 1)
Sicherheitsupdate für Windows XP (KB960803) (Version: 1)
Sicherheitsupdate für Windows XP (KB960859) (Version: 1)
Sicherheitsupdate für Windows XP (KB961371) (Version: 1)
Sicherheitsupdate für Windows XP (KB961373) (Version: 1)
Sicherheitsupdate für Windows XP (KB961501) (Version: 1)
Sicherheitsupdate für Windows XP (KB963027) (Version: 1)
Sicherheitsupdate für Windows XP (KB968537) (Version: 1)
Sicherheitsupdate für Windows XP (KB969059) (Version: 1)
Sicherheitsupdate für Windows XP (KB969897) (Version: 1)
Sicherheitsupdate für Windows XP (KB969898) (Version: 1)
Sicherheitsupdate für Windows XP (KB969947) (Version: 1)
Sicherheitsupdate für Windows XP (KB970238) (Version: 1)
Sicherheitsupdate für Windows XP (KB970430) (Version: 1)
Sicherheitsupdate für Windows XP (KB971468) (Version: 1)
Sicherheitsupdate für Windows XP (KB971486) (Version: 1)
Sicherheitsupdate für Windows XP (KB971557) (Version: 1)
Sicherheitsupdate für Windows XP (KB971633) (Version: 1)
Sicherheitsupdate für Windows XP (KB971657) (Version: 1)
Sicherheitsupdate für Windows XP (KB971961) (Version: 1)
Sicherheitsupdate für Windows XP (KB972260) (Version: 1)
Sicherheitsupdate für Windows XP (KB972270) (Version: 1)
Sicherheitsupdate für Windows XP (KB973346) (Version: 1)
Sicherheitsupdate für Windows XP (KB973354) (Version: 1)
Sicherheitsupdate für Windows XP (KB973507) (Version: 1)
Sicherheitsupdate für Windows XP (KB973525) (Version: 1)
Sicherheitsupdate für Windows XP (KB973869) (Version: 1)
Sicherheitsupdate für Windows XP (KB973904) (Version: 1)
Sicherheitsupdate für Windows XP (KB974112) (Version: 1)
Sicherheitsupdate für Windows XP (KB974318) (Version: 1)
Sicherheitsupdate für Windows XP (KB974392) (Version: 1)
Sicherheitsupdate für Windows XP (KB974455) (Version: 1)
Sicherheitsupdate für Windows XP (KB974571) (Version: 1)
Sicherheitsupdate für Windows XP (KB975025) (Version: 1)
Sicherheitsupdate für Windows XP (KB975467) (Version: 1)
Sicherheitsupdate für Windows XP (KB975560) (Version: 1)
Sicherheitsupdate für Windows XP (KB975561) (Version: 1)
Sicherheitsupdate für Windows XP (KB975562) (Version: 1)
Sicherheitsupdate für Windows XP (KB975713) (Version: 1)
Sicherheitsupdate für Windows XP (KB976325) (Version: 1)
Sicherheitsupdate für Windows XP (KB977165) (Version: 1)
Sicherheitsupdate für Windows XP (KB977816) (Version: 1)
Sicherheitsupdate für Windows XP (KB977914) (Version: 1)
Sicherheitsupdate für Windows XP (KB978037) (Version: 1)
Sicherheitsupdate für Windows XP (KB978251) (Version: 1)
Sicherheitsupdate für Windows XP (KB978262) (Version: 1)
Sicherheitsupdate für Windows XP (KB978338) (Version: 1)
Sicherheitsupdate für Windows XP (KB978542) (Version: 1)
Sicherheitsupdate für Windows XP (KB978601) (Version: 1)
Sicherheitsupdate für Windows XP (KB978706) (Version: 1)
Sicherheitsupdate für Windows XP (KB979309) (Version: 1)
Sicherheitsupdate für Windows XP (KB979482) (Version: 1)
Sicherheitsupdate für Windows XP (KB979559) (Version: 1)
Sicherheitsupdate für Windows XP (KB979683) (Version: 1)
Sicherheitsupdate für Windows XP (KB979687) (Version: 1)
Sicherheitsupdate für Windows XP (KB980195) (Version: 1)
Sicherheitsupdate für Windows XP (KB980218) (Version: 1)
Sicherheitsupdate für Windows XP (KB980232) (Version: 1)
Sicherheitsupdate für Windows XP (KB980436) (Version: 1)
Sicherheitsupdate für Windows XP (KB981322) (Version: 1)
Sicherheitsupdate für Windows XP (KB981349) (Version: 1)
Sicherheitsupdate für Windows XP (KB981997) (Version: 1)
Sicherheitsupdate für Windows XP (KB982132) (Version: 1)
Sicherheitsupdate für Windows XP (KB982214) (Version: 1)
Sicherheitsupdate für Windows XP (KB982381) (Version: 1)
Sicherheitsupdate für Windows XP (KB982665) (Version: 1)
Skype™ 4.0 (Version: 4.0.226)
SmartSound Quicktracks Plugin (Version: 3.0.0.26)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
sv.net (Version: 12.1)
Ulead VideoStudio 8.0 (Version: 8.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update für Windows XP (KB2141007) (Version: 1)
Update für Windows XP (KB2345886) (Version: 1)
Update für Windows XP (KB2541763) (Version: 1)
Update für Windows XP (KB2607712) (Version: 1)
Update für Windows XP (KB2616676) (Version: 1)
Update für Windows XP (KB2641690) (Version: 1)
Update für Windows XP (KB2661254-v2) (Version: 2)
Update für Windows XP (KB2718704) (Version: 1)
Update für Windows XP (KB2736233) (Version: 1)
Update für Windows XP (KB2749655) (Version: 1)
Update für Windows XP (KB951978) (Version: 1)
Update für Windows XP (KB955759) (Version: 1)
Update für Windows XP (KB955839) (Version: 1)
Update für Windows XP (KB967715) (Version: 1)
Update für Windows XP (KB968389) (Version: 1)
Update für Windows XP (KB971029) (Version: 1)
Update für Windows XP (KB971737) (Version: 1)
Update für Windows XP (KB973687) (Version: 1)
Update für Windows XP (KB973815) (Version: 1)
Update für Windows XP (KB976749) (Version: 1)
Update für Windows XP (KB978207) (Version: 1)
Update für Windows XP (KB980182) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Win-CASA 6
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) (Version: 06/12/2006 6.81.0.21)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031514)
YouTube Downloader 3.5

==================== Restore Points =========================

12-02-2013 09:16:08 Systemprüfpunkt
13-02-2013 17:00:46 Systemprüfpunkt
13-02-2013 23:32:11 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
13-02-2013 23:36:42 OpenOffice.org 3.1 wird entfernt
13-02-2013 23:39:23 OpenOffice.org 3.4.1 wird installiert
14-02-2013 00:28:34 Software Distribution Service 3.0
15-02-2013 07:36:23 Java 7 Update 9 wird entfernt
15-02-2013 07:37:00 Java 7 Update 13 wird installiert
17-02-2013 09:50:15 Systemprüfpunkt
18-02-2013 16:48:15 Systemprüfpunkt
20-02-2013 09:22:40 Systemprüfpunkt
20-02-2013 21:13:22 Java 7 Update 13 wird entfernt
20-02-2013 21:13:53 Java 7 Update 15 wird installiert
22-02-2013 09:05:00 Systemprüfpunkt
23-02-2013 19:54:48 Systemprüfpunkt
25-02-2013 16:04:57 Systemprüfpunkt
25-02-2013 23:29:13 Installiert Samsung New PC Studio
27-02-2013 09:40:41 Systemprüfpunkt
28-02-2013 09:55:26 Systemprüfpunkt
02-03-2013 07:42:04 Systemprüfpunkt
03-03-2013 08:37:46 Systemprüfpunkt
04-03-2013 09:35:40 Systemprüfpunkt
05-03-2013 10:33:32 Systemprüfpunkt
05-03-2013 22:19:21 Java 7 Update 15 wird entfernt
05-03-2013 22:19:53 Java 7 Update 17 wird installiert
07-03-2013 14:15:58 Systemprüfpunkt
07-03-2013 22:34:21 Java 7 Update 17 wird entfernt
07-03-2013 22:35:10 Java 7 Update 17 wird installiert
07-03-2013 22:45:36 JavaFX 2.1.1 wird entfernt
11-03-2013 14:17:14 Systemprüfpunkt
11-03-2013 22:26:05 Java 7 Update 17 wird entfernt
11-03-2013 22:36:21 Java(TM) 7 wird installiert
11-03-2013 22:39:53 Java(TM) 7 wird entfernt
13-03-2013 06:31:54 Systemprüfpunkt
13-03-2013 23:59:11 Software Distribution Service 3.0
14-03-2013 17:12:33 Software Distribution Service 3.0
14-03-2013 22:50:06 Java 7 Update 17 wird installiert
17-03-2013 16:35:15 Systemprüfpunkt
19-03-2013 09:01:36 Systemprüfpunkt
20-03-2013 09:40:26 Systemprüfpunkt
21-03-2013 16:09:37 Systemprüfpunkt
24-03-2013 07:45:05 Systemprüfpunkt
25-03-2013 14:38:59 Systemprüfpunkt
26-03-2013 16:12:27 Systemprüfpunkt
01-04-2013 11:05:13 Systemprüfpunkt
02-04-2013 15:21:55 Systemprüfpunkt
03-04-2013 23:07:03 Systemprüfpunkt
05-04-2013 06:58:38 Systemprüfpunkt
07-04-2013 15:54:49 Systemprüfpunkt
09-04-2013 06:51:43 Systemprüfpunkt
10-04-2013 08:52:52 Systemprüfpunkt
10-04-2013 22:29:50 Software Distribution Service 3.0
12-04-2013 15:55:09 Systemprüfpunkt
14-04-2013 08:05:34 Systemprüfpunkt
15-04-2013 21:53:24 Systemprüfpunkt
17-04-2013 08:16:12 Systemprüfpunkt
18-04-2013 12:43:23 Systemprüfpunkt
19-04-2013 15:53:41 Systemprüfpunkt
21-04-2013 08:26:07 Systemprüfpunkt
22-04-2013 12:15:21 Systemprüfpunkt
24-04-2013 08:33:53 Systemprüfpunkt
25-04-2013 17:57:35 Systemprüfpunkt
27-04-2013 15:12:38 Systemprüfpunkt
28-04-2013 16:51:07 Systemprüfpunkt
29-04-2013 17:07:16 Systemprüfpunkt
01-05-2013 09:06:21 Systemprüfpunkt
02-05-2013 16:10:24 Systemprüfpunkt
04-05-2013 16:06:12 Systemprüfpunkt
05-05-2013 17:24:29 Systemprüfpunkt
07-05-2013 09:12:05 Systemprüfpunkt
09-05-2013 09:54:40 Systemprüfpunkt
10-05-2013 18:33:50 Systemprüfpunkt
11-05-2013 22:52:47 Systemprüfpunkt

==================== Faulty Device Manager Devices =============

Name: Standardtastatur (101/102 Tasten) oder Microsoft Natural Keyboard (PS/2)
Description: Standardtastatur (101/102 Tasten) oder Microsoft Natural Keyboard (PS/2)
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2013 00:29:00 AM) (Source: MSSQLSERVER) (User: )
Description: 19012 :
SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433.

Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32812

Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32812

Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/15/2013 00:17:13 AM) (Source: MSSQLSERVER) (User: )
Description: 19012 :
SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433.

Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37578

Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37578

Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/15/2013 00:11:28 AM) (Source: MSSQLSERVER) (User: )
Description: 19012 :
SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433.

Error: (05/15/2013 00:06:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31891


System errors:
=============
Error: (05/15/2013 00:51:06 AM) (Source: DCOM) (User: COMPUTERHANS)
Description: Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD
AmdK8
Fips
i8042prt
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
WS2IFSL

Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31

Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31

Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31

Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31

Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31

Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31

Error: (05/15/2013 00:49:11 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/15/2013 00:38:15 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Systemereignisbenachrichtigung" wurde mit folgendem Fehler beendet:
%%126


Microsoft Office Sessions:
=========================
Error: (05/15/2013 00:29:00 AM) (Source: MSSQLSERVER)(User: )
Description: 19012SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433.

Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32812

Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32812

Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/15/2013 00:17:13 AM) (Source: MSSQLSERVER)(User: )
Description: 19012SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433.

Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37578

Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37578

Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/15/2013 00:11:28 AM) (Source: MSSQLSERVER)(User: )
Description: 19012SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433.

Error: (05/15/2013 00:06:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31891


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 1918.42 MB
Available physical RAM: 1667.48 MB
Total Pagefile: 3815.59 MB
Available Pagefile: 3753.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:137.04 GB) (Free:1.92 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12 GB) (Free:1.64 GB) NTFS
Drive f: () (Removable) (Total:3.71 GB) (Free:3.71 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 2DAF2DAF)
Partition 1: (Active) - (Size=137 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 6606B857)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

markusg 15.05.2013 00:29
hi,
im abges. Modus noch folgenes:

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

hansdoll 15.05.2013 01:31
Hallo markusg,

hier die otl.txt und extra.txt:OTL Logfile:
Code:
OTL logfile created on: 15.05.2013 02:17:44 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = f:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 84,65% Memory free
3,73 Gb Paging File | 3,64 Gb Available in Paging File | 97,82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 4,51 Gb Free Space | 3,29% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
Drive F: | 3,71 Gb Total Space | 3,71 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
 
Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.15 01:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- f:\OTL.exe
PRC - [2008.04.14 04:22:38 | 000,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\wi3232exe.dat -- (SENS)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013.04.13 10:20:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.15 00:50:23 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.03.13 10:03:30 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.06.20 09:19:11 | 000,175,104 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.10.29 09:03:16 | 001,089,608 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2008.09.08 09:46:56 | 001,185,496 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2008.08.19 16:20:50 | 000,386,120 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2008.04.07 07:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Programme\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006.06.05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.07.02 09:36:54 | 000,516,096 | ---- | M] (Sage KHK Software) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe -- (LiveUpdateInstaller)
SRV - [2002.12.17 16:55:12 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2002.12.17 16:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2011.04.05 13:31:50 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.05.27 07:29:56 | 000,068,424 | ---- | M] (G DATA Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2009.05.21 20:36:48 | 000,051,016 | ---- | M] (G DATA Software AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2009.05.21 12:43:53 | 000,048,712 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2009.05.21 12:43:47 | 000,032,328 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2008.07.11 14:44:00 | 000,191,872 | ---- | M] (Altiris, Inc.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
DRV - [2007.11.06 19:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.07.30 14:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.07.30 14:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.05.04 14:40:22 | 000,215,040 | R--- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.05.29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006.05.29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2004.08.17 05:44:22 | 000,091,263 | R--- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004.08.04 01:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004.08.04 01:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004.08.04 01:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004.08.04 01:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004.08.04 01:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004.08.04 01:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004.08.04 01:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004.08.04 01:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004.08.04 01:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004.08.04 01:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004.08.04 01:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004.08.04 01:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004.08.04 01:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004.08.04 01:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004.08.04 01:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002.04.04 07:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=51D33A1B-5494-4753-BB99-A16A296559A6&apn_sauid=EAABA731-5486-4EA9-BE11-A5DC56130D49
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.13 10:20:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.16 08:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.04.03 11:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.21 23:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default\extensions
[2013.04.26 07:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions
[2013.04.26 07:06:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\support@lastpass.com
[2013.02.20 23:33:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\toolbar@ask.com
[2012.02.17 22:21:04 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.04.13 10:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.13 10:20:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.04.13 10:20:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.17 09:55:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 20:16:49 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.17 09:55:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 09:55:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 09:55:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 09:55:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.28 09:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (Vimicro)
O4 - HKLM..\Run: [CDAServer] C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe ()
O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe (G DATA Software AG)
O4 - HKLM..\Run: [innoplus_update] C:\Programme\innoPlus\innoplus_bad\bin\dataupdate.exe (INNOVA-engineering GmbH Dresden)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKLM..\RunOnce: [(4) HWRestore] C:\Sage\KHK\Handwerk\HWRESTORE.EXE (Sage KHK Software GmbH&Co.KG)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\WINDOWS\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\QLINK.lnk = C:\program files\Lexmark Applications\QLink\QLINK.EXE (Lexmark)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\\sarah.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EFD5704-5D07-4B54-8B2A-420BB016F3DE}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ NTFS ]
O32 - AutoRun File - [2004.04.30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{1ba73a2b-60fb-11df-bb73-002264278107}\Shell - "" = AutoRun
O33 - MountPoints2\{1ba73a2b-60fb-11df-bb73-002264278107}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1ba73a2b-60fb-11df-bb73-002264278107}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SENS - C:\DOKUME~1\ALLUSE~1\ANWEND~1\wi3232exe.dat File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.15 00:52:43 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.14 01:23:25 | 000,000,000 | ---D | C] -- C:\Wiederhergestellte Dateien 13-05-13
[2013.05.12 21:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013.05.04 20:32:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2013.05.04 20:31:25 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.04.16 08:46:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsiw.exe
[2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsia.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.15 02:05:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.15 02:05:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.15 02:01:23 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.ini
[2013.05.15 01:58:59 | 000,002,165 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk
[2013.05.15 01:58:56 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.15 00:38:01 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013.05.14 00:43:14 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.13 00:54:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.05.12 18:03:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.12 01:06:24 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2013.05.12 01:06:24 | 000,008,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB
[2013.05.12 01:06:24 | 000,006,144 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB
[2013.05.12 01:06:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Kein Protokoll
[2013.05.04 20:32:03 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.05.04 20:17:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.04.25 23:24:42 | 000,471,880 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.25 23:24:42 | 000,451,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.25 23:24:42 | 000,090,282 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.25 23:24:42 | 000,075,142 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.16 08:46:19 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.12 01:01:40 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.ini
[2013.05.12 00:08:10 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB
[2013.05.12 00:07:51 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB
[2013.05.04 20:32:03 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.04.16 08:46:19 | 000,002,347 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk
[2013.04.16 08:46:19 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[2013.02.26 01:31:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2013.02.26 01:31:44 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2013.02.26 01:31:35 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc
[2012.10.15 21:25:03 | 000,124,792 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2012.10.15 21:24:54 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2012.10.15 21:24:54 | 000,145,408 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2012.10.15 21:23:25 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\ssa3mlm.dll
[2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- C:\Programme\readme.html
[2012.07.27 22:24:16 | 000,006,854 | RHS- | C] () -- C:\WINDOWS\innova3.ini
[2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Programme\basis-link
[2012.02.14 21:02:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.20 01:07:43 | 000,028,624 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.12.19 10:53:34 | 076,004,920 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\exe2323iw.dat
[2011.10.13 00:51:40 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.12.31 15:27:24 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
[2009.05.20 22:57:46 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak
[2009.05.20 22:57:46 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak
[2009.05.20 22:57:46 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak
[2009.05.20 14:19:12 | 000,110,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat
[2009.05.20 05:36:08 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.04.27 12:04:28 | 000,451,928 | ---- | C] () -- C:\Programme\setup.exe
[2009.04.27 12:04:04 | 140,387,075 | ---- | C] () -- C:\Programme\openofficeorg1.cab
[2009.04.27 12:03:46 | 009,818,624 | ---- | C] () -- C:\Programme\openofficeorg31.msi
[2009.04.27 06:43:50 | 000,000,336 | ---- | C] () -- C:\Programme\setup.ini
 
========== ZeroAccess Check ==========
 
[2009.05.20 05:35:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013.02.21 21:06:28 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.05.21 18:23:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\1&1
[2011.02.12 21:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ACD Systems
[2010.05.01 23:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon
[2009.08.08 13:25:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Datalayer
[2013.03.11 01:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\elsterformular
[2010.09.15 23:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ!
[2010.09.15 22:59:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ!fax für FRITZ!Box
[2011.12.18 02:22:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HandBrake
[2012.07.27 22:23:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\innoplus
[2009.08.23 11:28:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech
[2009.08.02 19:38:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia
[2009.08.02 20:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia Multimedia Player
[2009.05.21 18:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2012.06.14 00:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle
[2009.08.02 19:02:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite
[2012.04.07 15:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RavensburgerTipToi
[2009.05.21 03:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView
[2013.02.26 01:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Samsung
[2012.08.21 09:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer
[2010.10.16 13:01:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird
[2011.05.08 21:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ulead Systems
[2012.03.16 12:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\YouTube Downloader
[2013.05.04 20:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011.02.12 21:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2012.11.21 23:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2009.08.02 18:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2010.11.10 23:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Mender
[2013.03.11 01:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2010.01.20 14:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2012.07.27 22:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\innoplus
[2010.09.15 22:59:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch
[2009.08.02 19:02:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012.02.25 11:42:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2013.02.26 01:31:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2011.05.08 20:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2011.05.08 21:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2012.03.05 17:29:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader
[2011.12.18 01:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.01 21:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.05.21 20:43:40 | 000,000,000 | ---D | M] -- C:\70SP4
[2012.05.11 03:01:16 | 000,000,000 | ---D | M] -- C:\9f7803ddae81aabb78e04f476cd8feaa
[2009.07.12 11:35:58 | 000,000,000 | ---D | M] -- C:\Banking
[2009.05.20 05:44:07 | 000,000,000 | ---D | M] -- C:\Compaq
[2013.05.04 20:32:50 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.05.20 14:26:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.04.08 21:16:51 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.08.14 23:19:30 | 000,000,000 | ---D | M] -- C:\e322ecf43298eabf7fb898a4
[2011.01.11 00:05:18 | 000,000,000 | ---D | M] -- C:\Endisch Dokumente
[2012.01.22 19:48:42 | 000,000,000 | ---D | M] -- C:\FBBM
[2013.05.12 00:06:46 | 000,000,000 | ---D | M] -- C:\Firma Doll
[2009.05.21 19:58:28 | 000,000,000 | ---D | M] -- C:\Fotos
[2013.05.15 00:52:43 | 000,000,000 | ---D | M] -- C:\FRST
[2009.05.20 05:44:14 | 000,000,000 | -H-D | M] -- C:\fslrdr
[2009.05.20 05:44:42 | 000,000,000 | -H-D | M] -- C:\hp
[2011.11.04 20:36:41 | 000,000,000 | ---D | M] -- C:\Häuser
[2009.05.20 14:26:48 | 000,000,000 | ---D | M] -- C:\i386
[2010.11.10 23:38:43 | 000,000,000 | ---D | M] -- C:\lexmark
[2013.04.28 16:50:21 | 000,000,000 | ---D | M] -- C:\Private Dokumente Hans
[2010.11.10 23:39:53 | 000,000,000 | ---D | M] -- C:\program files
[2013.05.07 10:36:34 | 000,000,000 | R--D | M] -- C:\Programme
[2012.06.27 21:55:42 | 000,000,000 | ---D | M] -- C:\QLINK
[2011.10.13 00:51:39 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin
[2009.05.21 19:52:42 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2009.05.21 20:24:36 | 000,000,000 | ---D | M] -- C:\Sage
[2012.02.06 00:56:05 | 000,000,000 | ---D | M] -- C:\spoolerlogs
[2009.05.20 17:53:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.05.20 17:53:18 | 000,000,000 | -H-D | M] -- C:\system.sav
[2012.01.05 02:05:57 | 000,000,000 | ---D | M] -- C:\temp
[2013.05.14 01:27:40 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 13-05-13
[2009.05.21 19:57:33 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 21-05-09
[2013.05.15 00:53:20 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2002.03.11 10:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsia.exe
[2002.03.11 11:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsiw.exe
[2009.04.27 12:04:28 | 000,451,928 | ---- | M] () -- C:\Programme\setup.exe
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2008.04.14 04:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp
[2008.04.14 04:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2008.04.14 04:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp
[2008.04.14 04:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2008.04.14 04:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2008.04.14 04:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008.04.14 04:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2006.05.16 16:27:22 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2006.05.16 16:27:22 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2009.09.01 20:59:29 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2011.04.24 23:13:05 | 000,001,100 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2011.04.24 23:13:05 | 000,001,104 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012.10.15 21:34:52 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.02.20 23:33:49 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
< MD5 for: AGP440.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: AHCIX86.SYS  >
[2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\ahcix86.sys
[2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\WINDOWS\DRIVERS\STORAGE\ahcix86.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 09:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 09:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 09:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVGTS.SYS  >
[2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\nvgts.sys
[2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\WINDOWS\DRIVERS\STORAGE\nvgts.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 09:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 09:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 09:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 09:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.17 22:56:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.05.05 07:27:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.05.05 07:27:28 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.05.05 07:27:28 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2013.05.15 02:02:05 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2013.05.15 02:15:34 | 000,196,608 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG
[2013.05.15 01:57:53 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.03.02 03:57:39 | 001,867,392 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 15.05.2013 02:17:44 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = f:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 84,65% Memory free
3,73 Gb Paging File | 3,64 Gb Available in Paging File | 97,82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 4,51 Gb Free Space | 3,29% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
Drive F: | 3,71 Gb Total Space | 3,71 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
 
Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Programme\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler  -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen -- (Microsoft Corporation)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
"C:\Programme\FRITZ!\igd_finder.exe" = C:\Programme\FRITZ!\igd_finder.exe:LocalSubNet:Enabled:AVM FRITZ!fax for FRITZ!Box - igd_finder.exe -- ()
"C:\Programme\FRITZ!\FriFax32.exe" = C:\Programme\FRITZ!\FriFax32.exe:*:Enabled:FRITZ!fax -- (AVM Berlin)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe" = C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe:*:Enabled:Samsung Scanner Discovery Module V2 -- ()
"C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe" = C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe:*:Enabled:CDA Server -- ()
"C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe" = C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe:*:Enabled:Easy Printer Manager -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe" = C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe:*:Enabled:EPM Order Supplies -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe" = C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe:*:Enabled:EPM Alert -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe" = C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe:*:Enabled:CDA Scan2PC -- ()
"C:\Programme\Scan Assistant\USDAgent.exe" = C:\Programme\Scan Assistant\USDAgent.exe:*:Enabled:Samsung Scan Assistant - USDAgent.exe -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe:LocalSubNet:Enabled:Samsung Network PC Fax Monitor -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1EA84402-CD4F-4F19-AFED-C5C228259873}" = G DATA AntiVirus
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D0C290B-B527-11D3-8B9B-006097833640}" = Handwerk
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{880A0DCF-E8C2-11D9-AAFD-0050BA1ACA6F}" = QLink
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F018BFDC-1ED3-4399-9009-4E1604BF2510}" = innoPlus bad
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem  (06/12/2006 6.81.0.21)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.4
"ElsterFormular" = ElsterFormular
"EOS Utility" = Canon Utilities EOS Utility
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"HandBrake" = HandBrake 0.9.5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA-Treiber
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PDF Complete" = PDF Complete
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Ravensburger tiptoi" = Ravensburger tiptoi
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung Network PC Fax" = Samsung Network PC Fax
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Scan Assistant" = Samsung Scan Assistant
"Samsung SCX-472x Series" = Samsung SCX-472x Series
"sv.net" = sv.net
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WIC" = Windows Imaging Component
"Win-CASA 6" = Win-CASA 6
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.05.2013 18:12:29 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 37578
 
Error - 14.05.2013 18:17:13 | Computer Name = COMPUTERHANS | Source = MSSQLSERVER | ID = 17055
Description = 19012 :  SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
 1433. 
 
Error - 14.05.2013 18:18:20 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.05.2013 18:18:20 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32812
 
Error - 14.05.2013 18:18:20 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32812
 
Error - 14.05.2013 18:29:00 | Computer Name = COMPUTERHANS | Source = MSSQLSERVER | ID = 17055
Description = 19012 :  SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
 1433. 
 
Error - 14.05.2013 19:59:05 | Computer Name = COMPUTERHANS | Source = MSSQLSERVER | ID = 17055
Description = 19012 :  SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
 1433. 
 
Error - 14.05.2013 20:00:04 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.05.2013 20:00:04 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15797
 
Error - 14.05.2013 20:00:04 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15797
 
[ System Events ]
Error - 14.05.2013 20:01:25 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemereignisbenachrichtigung" wurde mit folgendem Fehler
 beendet:  %%126
 
Error - 14.05.2013 20:05:51 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  AFD  AmdK8  Fips  i8042prt  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  Tcpip  WS2IFSL
 
Error - 14.05.2013 20:15:27 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
 
< End of report >
--- --- ---

markusg 15.05.2013 13:52
Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat
()
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Frage, ist das n Firem PC?

hansdoll 15.05.2013 22:00
`n Abend Markus,

hier die Datei aus dem OTL-Fix:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 444357518 bytes
->Temporary Internet Files folder emptied: 206361694 bytes
->Java cache emptied: 8004841 bytes
->FireFox cache emptied: 420304006 bytes
->Flash cache emptied: 175846 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 353254 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 144068 bytes
%systemroot%\System32 .tmp files removed: 5537543 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 144534677 bytes
RecycleBin emptied: 136506422 bytes

Total Files Cleaned = 1.303,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05152013_224746

Viele Grüsse

Hans

Hi Markus,

der upload hat geklappt.

Mein PC ist ein privater, auf dem ich als selbstständiger Handwerker auch einige
Firmendaten habe.

Hans

markusg 15.05.2013 22:48
ok, da ich was von ihk gesehen hab als Programm.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

hansdoll 16.05.2013 22:54
Hallo Markusg,

sorry, dass ich gestern weg war.
Der Trojaner war verschwunden, meine Internetverbindung leider auch.
Jetzt bin ich wieder online.
Ich poste Dir noch die Killer-Datei. Ich nehme an, das ist um zu schauen, ob der Rechner sauber ist ?
Auf jeden Fall bin ich unendlich dankbar für die Hilfe.
Wie kann ich mich erkenntlich zeigen? Flasche Rotwein an Dich, Spende an das Board oder beides ?

00:03:36.0296 1628 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:03:36.0328 1628 ============================================================
00:03:36.0328 1628 Current date / time: 2013/05/16 00:03:36.0328
00:03:36.0328 1628 SystemInfo:
00:03:36.0328 1628
00:03:36.0328 1628 OS Version: 5.1.2600 ServicePack: 3.0
00:03:36.0328 1628 Product type: Workstation
00:03:36.0328 1628 ComputerName: COMPUTERHANS
00:03:36.0328 1628 UserName: Administrator
00:03:36.0328 1628 Windows directory: C:\WINDOWS
00:03:36.0328 1628 System windows directory: C:\WINDOWS
00:03:36.0328 1628 Processor architecture: Intel x86
00:03:36.0328 1628 Number of processors: 2
00:03:36.0328 1628 Page size: 0x1000
00:03:36.0328 1628 Boot type: Safe boot
00:03:36.0328 1628 ============================================================
00:03:38.0703 1628 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:03:38.0703 1628 Drive \Device\Harddisk1\DR3 - Size: 0xEE200000 (3.72 Gb), SectorSize: 0x200, Cylinders: 0x1E5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:03:38.0703 1628 ============================================================
00:03:38.0703 1628 \Device\Harddisk0\DR0:
00:03:38.0703 1628 MBR partitions:
00:03:38.0703 1628 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11212C62
00:03:38.0703 1628 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11212CA1, BlocksNum 0x1801F5F
00:03:38.0703 1628 \Device\Harddisk1\DR3:
00:03:38.0718 1628 MBR partitions:
00:03:38.0718 1628 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xB, StartLBA 0x368, BlocksNum 0x770C98
00:03:38.0718 1628 ============================================================
00:03:38.0781 1628 C: <-> \Device\Harddisk0\DR0\Partition1
00:03:38.0828 1628 D: <-> \Device\Harddisk0\DR0\Partition2
00:03:38.0859 1628 ============================================================
00:03:38.0859 1628 Initialize success
00:03:38.0859 1628 ============================================================
00:04:32.0375 1652 ============================================================
00:04:32.0375 1652 Scan started
00:04:32.0375 1652 Mode: Manual; SigCheck; TDLFS;
00:04:32.0375 1652 ============================================================
00:04:33.0328 1652 ================ Scan system memory ========================
00:04:33.0328 1652 System memory - ok
00:04:33.0328 1652 ================ Scan services =============================
00:04:33.0640 1652 Abiosdsk - ok
00:04:33.0640 1652 abp480n5 - ok
00:04:33.0687 1652 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
00:04:35.0906 1652 ac97intc - ok
00:04:35.0984 1652 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:04:36.0109 1652 ACPI - ok
00:04:36.0156 1652 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
00:04:36.0250 1652 ACPIEC - ok
00:04:36.0390 1652 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:04:36.0437 1652 AdobeFlashPlayerUpdateSvc - ok
00:04:36.0453 1652 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:04:36.0562 1652 adpu160m - ok
00:04:36.0578 1652 [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
00:04:36.0609 1652 adpu320 ( UnsignedFile.Multi.Generic ) - warning
00:04:36.0609 1652 adpu320 - detected UnsignedFile.Multi.Generic (1)
00:04:36.0625 1652 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
00:04:36.0750 1652 aec - ok
00:04:36.0812 1652 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:04:36.0875 1652 AFD - ok
00:04:36.0890 1652 Aha154x - ok
00:04:36.0921 1652 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:04:37.0046 1652 aic78u2 - ok
00:04:37.0062 1652 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:04:37.0156 1652 aic78xx - ok
00:04:37.0203 1652 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
00:04:37.0328 1652 Alerter - ok
00:04:37.0343 1652 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
00:04:37.0437 1652 ALG - ok
00:04:37.0437 1652 AliIde - ok
00:04:37.0531 1652 [ 58BE3C2F1AA041EA56F7305A6463035C ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
00:04:37.0578 1652 AmdK8 - ok
00:04:37.0625 1652 [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
00:04:37.0656 1652 AmdLLD - ok
00:04:37.0656 1652 amsint - ok
00:04:37.0859 1652 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:04:37.0875 1652 Apple Mobile Device - ok
00:04:37.0937 1652 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
00:04:38.0062 1652 AppMgmt - ok
00:04:38.0125 1652 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:04:38.0218 1652 Arp1394 - ok
00:04:38.0218 1652 asc - ok
00:04:38.0234 1652 asc3350p - ok
00:04:38.0234 1652 asc3550 - ok
00:04:38.0406 1652 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:04:38.0421 1652 aspnet_state - ok
00:04:38.0437 1652 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:04:38.0500 1652 AsyncMac - ok
00:04:38.0546 1652 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:04:38.0640 1652 atapi - ok
00:04:38.0640 1652 Atdisk - ok
00:04:38.0687 1652 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:04:38.0796 1652 Atmarpc - ok
00:04:38.0843 1652 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:04:38.0937 1652 AudioSrv - ok
00:04:39.0000 1652 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:04:39.0093 1652 audstub - ok
00:04:39.0328 1652 [ 4ED37A7F41891769AEB88C2408B3016F ] AVKProxy C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
00:04:39.0562 1652 AVKProxy - ok
00:04:39.0734 1652 [ 909270C00354439BCC649A92C25D8B3F ] AVKService C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe
00:04:39.0812 1652 AVKService - ok
00:04:39.0984 1652 [ 690468933B8D00B66EF5DB73150F96EA ] AVKWCtl C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe
00:04:40.0640 1652 AVKWCtl - ok
00:04:40.0703 1652 [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject C:\WINDOWS\system32\drivers\avmeject.sys
00:04:40.0734 1652 avmeject ( UnsignedFile.Multi.Generic ) - warning
00:04:40.0734 1652 avmeject - detected UnsignedFile.Multi.Generic (1)
00:04:40.0796 1652 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:04:40.0906 1652 Beep - ok
00:04:40.0953 1652 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
00:04:41.0109 1652 BITS - ok
00:04:41.0234 1652 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
00:04:41.0312 1652 Bonjour Service - ok
00:04:41.0359 1652 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
00:04:41.0390 1652 Browser - ok
00:04:41.0421 1652 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:04:41.0546 1652 cbidf2k - ok
00:04:41.0656 1652 [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8 C:\Programme\Canon\CAL\CALMAIN.exe
00:04:41.0671 1652 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
00:04:41.0671 1652 CCALib8 - detected UnsignedFile.Multi.Generic (1)
00:04:41.0703 1652 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:04:41.0796 1652 CCDECODE - ok
00:04:41.0796 1652 cd20xrnt - ok
00:04:41.0843 1652 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:04:41.0953 1652 Cdaudio - ok
00:04:41.0968 1652 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:04:42.0062 1652 Cdfs - ok
00:04:42.0125 1652 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:04:42.0218 1652 Cdrom - ok
00:04:42.0218 1652 Changer - ok
00:04:42.0265 1652 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
00:04:42.0343 1652 CiSvc - ok
00:04:42.0375 1652 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
00:04:42.0484 1652 ClipSrv - ok
00:04:42.0515 1652 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:04:42.0531 1652 clr_optimization_v2.0.50727_32 - ok
00:04:42.0531 1652 CmdIde - ok
00:04:42.0546 1652 COMSysApp - ok
00:04:42.0562 1652 Cpqarray - ok
00:04:42.0734 1652 cpuz132 - ok
00:04:42.0765 1652 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:04:42.0859 1652 CryptSvc - ok
00:04:42.0859 1652 dac2w2k - ok
00:04:42.0875 1652 dac960nt - ok
00:04:42.0953 1652 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:04:43.0109 1652 DcomLaunch - ok
00:04:43.0171 1652 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:04:43.0265 1652 Dhcp - ok
00:04:43.0296 1652 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:04:43.0375 1652 Disk - ok
00:04:43.0375 1652 dmadmin - ok
00:04:43.0515 1652 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:04:43.0781 1652 dmboot - ok
00:04:43.0796 1652 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
00:04:43.0921 1652 dmio - ok
00:04:43.0953 1652 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:04:44.0078 1652 dmload - ok
00:04:44.0125 1652 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
00:04:44.0203 1652 dmserver - ok
00:04:44.0218 1652 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:04:44.0312 1652 DMusic - ok
00:04:44.0375 1652 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:04:44.0468 1652 Dnscache - ok
00:04:44.0546 1652 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
00:04:44.0640 1652 Dot3svc - ok
00:04:44.0656 1652 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:04:44.0781 1652 dpti2o - ok
00:04:44.0843 1652 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:04:44.0906 1652 drmkaud - ok
00:04:44.0968 1652 [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:04:45.0109 1652 E100B - ok
00:04:45.0156 1652 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
00:04:45.0250 1652 EapHost - ok
00:04:45.0281 1652 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
00:04:45.0359 1652 ERSvc - ok
00:04:45.0437 1652 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
00:04:45.0484 1652 Eventlog - ok
00:04:45.0562 1652 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
00:04:45.0625 1652 EventSystem - ok
00:04:45.0656 1652 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:04:45.0796 1652 Fastfat - ok
00:04:45.0843 1652 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:04:45.0906 1652 FastUserSwitchingCompatibility - ok
00:04:45.0921 1652 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
00:04:46.0000 1652 Fdc - ok
00:04:46.0046 1652 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:04:46.0125 1652 Fips - ok
00:04:46.0171 1652 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:04:46.0265 1652 Flpydisk - ok
00:04:46.0343 1652 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
00:04:46.0437 1652 FltMgr - ok
00:04:46.0500 1652 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:04:46.0515 1652 FontCache3.0.0.0 - ok
00:04:46.0593 1652 [ 037B3AB349BE884BB8CB9C5356E34717 ] FSLX C:\WINDOWS\system32\drivers\fslx.sys
00:04:46.0625 1652 FSLX ( UnsignedFile.Multi.Generic ) - warning
00:04:46.0625 1652 FSLX - detected UnsignedFile.Multi.Generic (1)
00:04:46.0703 1652 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
00:04:46.0718 1652 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
00:04:46.0718 1652 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
00:04:46.0812 1652 [ 96633419F4A1E37ACB89B45EBCCFE001 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
00:04:46.0843 1652 FsUsbExService - ok
00:04:46.0890 1652 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:04:46.0968 1652 Fs_Rec - ok
00:04:47.0000 1652 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:04:47.0109 1652 Ftdisk - ok
00:04:47.0171 1652 [ FF12FA487265DA2AC7DE4BE53F72FF1A ] FWLANUSB C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
00:04:47.0265 1652 FWLANUSB - ok
00:04:47.0328 1652 [ 9A58148406E1BB4A2265B84320DEDC2B ] GDMnIcpt C:\WINDOWS\system32\drivers\MiniIcpt.sys
00:04:47.0375 1652 GDMnIcpt - ok
00:04:47.0453 1652 [ E6D8269EE03119FA4C54B7B59D9699BF ] GDTdiInterceptor C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
00:04:47.0484 1652 GDTdiInterceptor - ok
00:04:47.0531 1652 [ 185ADA973B5020655CEE342059A86CBB ] GearAspiWDM C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
00:04:47.0531 1652 GearAspiWDM - ok
00:04:47.0578 1652 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:04:47.0687 1652 Gpc - ok
00:04:47.0765 1652 [ AAEA50A15F0E0B0E92848DBFDC072ECE ] GRD C:\WINDOWS\system32\drivers\GRD.sys
00:04:47.0796 1652 GRD - ok
00:04:47.0937 1652 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
00:04:47.0968 1652 gupdate - ok
00:04:47.0984 1652 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
00:04:48.0000 1652 gupdatem - ok
00:04:48.0046 1652 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:04:48.0140 1652 HDAudBus - ok
00:04:48.0234 1652 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:04:48.0328 1652 helpsvc - ok
00:04:48.0328 1652 HidServ - ok
00:04:48.0375 1652 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:04:48.0468 1652 HidUsb - ok
00:04:48.0531 1652 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
00:04:48.0609 1652 hkmsvc - ok
00:04:48.0640 1652 [ 33EF584AA0B583D2F106D62FD3A5A053 ] HookCentre C:\WINDOWS\system32\drivers\HookCentre.sys
00:04:48.0671 1652 HookCentre - ok
00:04:48.0671 1652 hpn - ok
00:04:48.0750 1652 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:04:48.0859 1652 HTTP - ok
00:04:48.0937 1652 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
00:04:49.0031 1652 HTTPFilter - ok
00:04:49.0031 1652 i2omgmt - ok
00:04:49.0046 1652 i2omp - ok
00:04:49.0078 1652 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:04:49.0171 1652 i8042prt - ok
00:04:49.0218 1652 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
00:04:49.0328 1652 i81x - ok
00:04:49.0359 1652 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
00:04:49.0453 1652 iAimFP0 - ok
00:04:49.0484 1652 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
00:04:49.0546 1652 iAimFP1 - ok
00:04:49.0562 1652 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
00:04:49.0640 1652 iAimFP2 - ok
00:04:49.0671 1652 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
00:04:49.0750 1652 iAimFP3 - ok
00:04:49.0765 1652 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
00:04:49.0828 1652 iAimFP4 - ok
00:04:49.0828 1652 [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5 C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
00:04:49.0890 1652 iAimFP5 - ok
00:04:49.0921 1652 [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6 C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
00:04:50.0000 1652 iAimFP6 - ok
00:04:50.0000 1652 [ 7BB3AA595E4507A788DE1CDC63F4C8C4 ] iAimFP7 C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
00:04:50.0093 1652 iAimFP7 - ok
00:04:50.0125 1652 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
00:04:50.0218 1652 iAimTV0 - ok
00:04:50.0218 1652 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
00:04:50.0296 1652 iAimTV1 - ok
00:04:50.0328 1652 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
00:04:50.0390 1652 iAimTV3 - ok
00:04:50.0406 1652 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
00:04:50.0468 1652 iAimTV4 - ok
00:04:50.0484 1652 [ 791CC45DE6E50445BE72E8AD6401FF45 ] iAimTV5 C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
00:04:50.0578 1652 iAimTV5 - ok
00:04:50.0578 1652 [ 352FA0E98BC461CE1CE5D41F64DB558D ] iAimTV6 C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
00:04:50.0656 1652 iAimTV6 - ok
00:04:50.0750 1652 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
00:04:50.0796 1652 IDriverT ( UnsignedFile.Multi.Generic ) - warning
00:04:50.0796 1652 IDriverT - detected UnsignedFile.Multi.Generic (1)
00:04:50.0953 1652 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:04:51.0156 1652 idsvc - ok
00:04:51.0265 1652 [ E28602C9E17B0DDCE9F5DEB3B3E2A635 ] IGDCTRL C:\Programme\FRITZ!DSL\IGDCTRL.EXE
00:04:51.0281 1652 IGDCTRL - ok
00:04:51.0296 1652 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
00:04:51.0390 1652 Imapi - ok
00:04:51.0453 1652 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
00:04:51.0562 1652 ImapiService - ok
00:04:51.0562 1652 ini910u - ok
00:04:52.0218 1652 [ E5C925B50154D102734AB446ADE781F4 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:04:53.0359 1652 IntcAzAudAddService - ok
00:04:53.0390 1652 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
00:04:53.0484 1652 IntelIde - ok
00:04:53.0531 1652 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
00:04:53.0640 1652 Ip6Fw - ok
00:04:53.0687 1652 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:04:53.0812 1652 IpFilterDriver - ok
00:04:53.0828 1652 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:04:53.0937 1652 IpInIp - ok
00:04:53.0984 1652 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:04:54.0109 1652 IpNat - ok
00:04:54.0234 1652 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Programme\iPod\bin\iPodService.exe
00:04:54.0343 1652 iPod Service - ok
00:04:54.0375 1652 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:04:54.0468 1652 IPSec - ok
00:04:54.0515 1652 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:04:54.0609 1652 IRENUM - ok
00:04:54.0640 1652 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:04:54.0718 1652 isapnp - ok
00:04:54.0859 1652 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
00:04:54.0890 1652 JavaQuickStarterService - ok
00:04:54.0937 1652 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:04:55.0015 1652 Kbdclass - ok
00:04:55.0031 1652 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:04:55.0093 1652 kbdhid - ok
00:04:55.0156 1652 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:04:55.0250 1652 kmixer - ok
00:04:55.0312 1652 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:04:55.0390 1652 KSecDD - ok
00:04:55.0437 1652 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
00:04:55.0468 1652 lanmanserver - ok
00:04:55.0546 1652 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:04:55.0593 1652 lanmanworkstation - ok
00:04:55.0609 1652 lbrtfdc - ok
00:04:55.0796 1652 [ 6BEEBED6ADF0FFE4CADF78AB5FCD017C ] LiveUpdateInstaller C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe
00:04:55.0921 1652 LiveUpdateInstaller ( UnsignedFile.Multi.Generic ) - warning
00:04:55.0921 1652 LiveUpdateInstaller - detected UnsignedFile.Multi.Generic (1)
00:04:55.0984 1652 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:04:56.0062 1652 LmHosts - ok
00:04:56.0109 1652 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:04:56.0187 1652 Messenger - ok
00:04:56.0218 1652 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:04:56.0328 1652 mnmdd - ok
00:04:56.0375 1652 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
00:04:56.0437 1652 mnmsrvc - ok
00:04:56.0468 1652 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:04:56.0578 1652 Modem - ok
00:04:56.0593 1652 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:04:56.0671 1652 Mouclass - ok
00:04:56.0718 1652 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:04:56.0812 1652 mouhid - ok
00:04:56.0859 1652 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:04:56.0937 1652 MountMgr - ok
00:04:57.0015 1652 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
00:04:57.0046 1652 MozillaMaintenance - ok
00:04:57.0046 1652 mraid35x - ok
00:04:57.0078 1652 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:04:57.0171 1652 MRxDAV - ok
00:04:57.0265 1652 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:04:57.0390 1652 MRxSmb - ok
00:04:57.0437 1652 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
00:04:57.0546 1652 MSDTC - ok
00:04:57.0578 1652 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:04:57.0656 1652 Msfs - ok
00:04:57.0656 1652 MSIServer - ok
00:04:57.0687 1652 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:04:57.0781 1652 MSKSSRV - ok
00:04:57.0812 1652 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:04:57.0921 1652 MSPCLOCK - ok
00:04:57.0953 1652 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:04:58.0015 1652 MSPQM - ok
00:04:58.0062 1652 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:04:58.0140 1652 mssmbios - ok
00:04:58.0203 1652 MSSQLSERVER - ok
00:04:58.0250 1652 [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
00:04:58.0281 1652 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning
00:04:58.0281 1652 MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1)
00:04:58.0328 1652 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
00:04:58.0406 1652 MSTEE - ok
00:04:58.0453 1652 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:04:58.0531 1652 Mup - ok
00:04:58.0562 1652 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:04:58.0671 1652 NABTSFEC - ok
00:04:58.0750 1652 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
00:04:58.0859 1652 napagent - ok
00:04:58.0937 1652 [ B5B1080D35974C0E718D64280761BCD5 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:04:59.0000 1652 NDIS - ok
00:04:59.0046 1652 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:04:59.0156 1652 NdisIP - ok
00:04:59.0218 1652 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:04:59.0234 1652 NdisTapi - ok
00:04:59.0281 1652 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:04:59.0375 1652 Ndisuio - ok
00:04:59.0390 1652 [ B053A8411045FD0664B389A090CB2BBC ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:04:59.0421 1652 NdisWan - ok
00:04:59.0484 1652 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:04:59.0546 1652 NDProxy - ok
00:04:59.0562 1652 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:04:59.0656 1652 NetBIOS - ok
00:04:59.0734 1652 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:04:59.0828 1652 NetBT - ok
00:04:59.0906 1652 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
00:05:00.0015 1652 NetDDE - ok
00:05:00.0031 1652 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:05:00.0093 1652 NetDDEdsdm - ok
00:05:00.0140 1652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
00:05:00.0234 1652 Netlogon - ok
00:05:00.0312 1652 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
00:05:00.0406 1652 Netman - ok
00:05:00.0468 1652 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:05:00.0484 1652 NetTcpPortSharing - ok
00:05:00.0515 1652 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:05:00.0609 1652 NIC1394 - ok
00:05:00.0687 1652 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
00:05:00.0781 1652 Nla - ok
00:05:00.0859 1652 [ 5ABB6B2461C4EB0AFDF1BF7F03963D59 ] Nokia USB Generic C:\WINDOWS\system32\drivers\nmwcdc.sys
00:05:00.0984 1652 Nokia USB Generic - ok
00:05:01.0062 1652 [ 353C16D21EEC1F11306270040B3713C1 ] Nokia USB Modem C:\WINDOWS\system32\drivers\nmwcdcm.sys
00:05:01.0093 1652 Nokia USB Modem - ok
00:05:01.0156 1652 [ F5B1200C75B160C81E7E48CC0489AA5E ] Nokia USB Phone Parent C:\WINDOWS\system32\drivers\nmwcd.sys
00:05:01.0203 1652 Nokia USB Phone Parent - ok
00:05:01.0250 1652 [ 353C16D21EEC1F11306270040B3713C1 ] Nokia USB Port C:\WINDOWS\system32\drivers\nmwcdcj.sys
00:05:01.0265 1652 Nokia USB Port - ok
00:05:01.0296 1652 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:05:01.0375 1652 Npfs - ok
00:05:01.0484 1652 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:05:01.0703 1652 Ntfs - ok
00:05:01.0718 1652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
00:05:01.0796 1652 NtLmSsp - ok
00:05:01.0890 1652 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:05:02.0062 1652 NtmsSvc - ok
00:05:02.0109 1652 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
00:05:02.0218 1652 Null - ok
00:05:03.0078 1652 [ CCE4877E45F5300FFFBB4A6BC5E7FDA7 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:05:04.0671 1652 nv - ok
00:05:04.0703 1652 [ 1492C7738F68625805F5F53C8BAD24C6 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
00:05:04.0765 1652 NVENETFD - ok
00:05:04.0812 1652 [ AE73E61F07DDC84255BECE6B02F18390 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
00:05:04.0859 1652 nvnetbus - ok
00:05:04.0906 1652 [ 4E281506A2ECD3B341D06598DBA97005 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
00:05:04.0937 1652 NVSvc - ok
00:05:04.0968 1652 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:05:05.0078 1652 NwlnkFlt - ok
00:05:05.0093 1652 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:05:05.0187 1652 NwlnkFwd - ok
00:05:05.0250 1652 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:05:05.0343 1652 ohci1394 - ok
00:05:05.0359 1652 [ A7AF0C0860F1C43FC6581BA8A99EABEF ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
00:05:05.0453 1652 P3 - ok
00:05:05.0484 1652 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
00:05:05.0593 1652 Parport - ok
00:05:05.0656 1652 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:05:05.0750 1652 PartMgr - ok
00:05:05.0781 1652 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:05:05.0906 1652 ParVdm - ok
00:05:06.0000 1652 [ 2A42DDAEAAE7743C55A3FA68A7AD9538 ] PCA C:\WINDOWS\SMINST\PCAngel.exe
00:05:06.0062 1652 PCA ( UnsignedFile.Multi.Generic ) - warning
00:05:06.0062 1652 PCA - detected UnsignedFile.Multi.Generic (1)
00:05:06.0109 1652 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:05:06.0203 1652 PCI - ok
00:05:06.0203 1652 PCIDump - ok
00:05:06.0218 1652 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
00:05:06.0312 1652 PCIIde - ok
00:05:06.0359 1652 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
00:05:06.0437 1652 Pcmcia - ok
00:05:06.0437 1652 PDCOMP - ok
00:05:06.0484 1652 pdfcDispatcher - ok
00:05:06.0484 1652 PDFRAME - ok
00:05:06.0484 1652 PDRELI - ok
00:05:06.0500 1652 PDRFRAME - ok
00:05:06.0500 1652 perc2 - ok
00:05:06.0515 1652 perc2hib - ok
00:05:06.0546 1652 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
00:05:06.0578 1652 PlugPlay - ok
00:05:06.0593 1652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
00:05:06.0671 1652 PolicyAgent - ok
00:05:06.0734 1652 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:05:06.0859 1652 PptpMiniport - ok
00:05:06.0875 1652 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
00:05:06.0968 1652 Processor - ok
00:05:06.0968 1652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:05:07.0046 1652 ProtectedStorage - ok
00:05:07.0062 1652 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:05:07.0140 1652 PSched - ok
00:05:07.0203 1652 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:05:07.0312 1652 Ptilink - ok
00:05:07.0359 1652 [ B572ED0C3E6165643FA116AF20425A54 ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
00:05:07.0375 1652 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
00:05:07.0375 1652 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
00:05:07.0375 1652 ql1080 - ok
00:05:07.0390 1652 Ql10wnt - ok
00:05:07.0390 1652 ql12160 - ok
00:05:07.0406 1652 ql1240 - ok
00:05:07.0406 1652 ql1280 - ok
00:05:07.0421 1652 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:05:07.0515 1652 RasAcd - ok
00:05:07.0578 1652 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:05:07.0656 1652 RasAuto - ok
00:05:07.0687 1652 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:05:07.0781 1652 Rasl2tp - ok
00:05:07.0828 1652 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:05:07.0937 1652 RasMan - ok
00:05:07.0953 1652 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:05:08.0031 1652 RasPppoe - ok
00:05:08.0046 1652 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:05:08.0140 1652 Raspti - ok
00:05:08.0171 1652 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:05:08.0265 1652 Rdbss - ok
00:05:08.0265 1652 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:05:08.0375 1652 RDPCDD - ok
00:05:08.0406 1652 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:05:08.0515 1652 rdpdr - ok
00:05:08.0562 1652 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:05:08.0625 1652 RDPWD - ok
00:05:08.0687 1652 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:05:08.0812 1652 RDSessMgr - ok
00:05:08.0859 1652 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
00:05:08.0937 1652 redbook - ok
00:05:08.0984 1652 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:05:09.0078 1652 RemoteAccess - ok
00:05:09.0140 1652 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
00:05:09.0234 1652 RemoteRegistry - ok
00:05:09.0281 1652 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
00:05:09.0375 1652 RpcLocator - ok
00:05:09.0437 1652 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
00:05:09.0500 1652 RpcSs - ok
00:05:09.0531 1652 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
00:05:09.0671 1652 RSVP - ok
00:05:09.0734 1652 [ 180A0296BF259C1AEEB8DC100CC87A31 ] RTL8187B C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
00:05:09.0796 1652 RTL8187B ( UnsignedFile.Multi.Generic ) - warning
00:05:09.0796 1652 RTL8187B - detected UnsignedFile.Multi.Generic (1)
00:05:09.0812 1652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
00:05:09.0875 1652 SamSs - ok
00:05:10.0031 1652 [ 66EB70B8F5F53C11C98B14637B2F6E84 ] Samsung Network Fax Server C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe
00:05:10.0062 1652 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - warning
00:05:10.0062 1652 Samsung Network Fax Server - detected UnsignedFile.Multi.Generic (1)
00:05:10.0109 1652 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:05:10.0187 1652 SCardSvr - ok
00:05:10.0265 1652 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:05:10.0359 1652 Schedule - ok
00:05:10.0406 1652 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:05:10.0484 1652 Secdrv - ok
00:05:10.0515 1652 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
00:05:10.0609 1652 seclogon - ok
00:05:10.0640 1652 SENS - ok
00:05:10.0671 1652 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
00:05:10.0781 1652 serenum - ok
00:05:10.0812 1652 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
00:05:10.0937 1652 Serial - ok
00:05:11.0031 1652 [ 4C0A4FEFD62519552C0E5171F418C4BC ] ServiceLayer C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
00:05:11.0062 1652 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
00:05:11.0062 1652 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
00:05:11.0109 1652 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
00:05:11.0203 1652 Sfloppy - ok
00:05:11.0296 1652 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
00:05:11.0437 1652 SharedAccess - ok
00:05:11.0468 1652 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:05:11.0500 1652 ShellHWDetection - ok
00:05:11.0500 1652 Simbad - ok
00:05:11.0515 1652 SjyPkt - ok
00:05:11.0546 1652 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:05:11.0640 1652 SLIP - ok
00:05:11.0656 1652 Sparrow - ok
00:05:11.0671 1652 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:05:11.0750 1652 splitter - ok
00:05:11.0812 1652 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
00:05:11.0890 1652 Spooler - ok
00:05:11.0890 1652 SQLSERVERAGENT - ok
00:05:11.0968 1652 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:05:12.0062 1652 sr - ok
00:05:12.0140 1652 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
00:05:12.0234 1652 srservice - ok
00:05:12.0296 1652 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:05:12.0468 1652 Srv - ok
00:05:12.0515 1652 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:05:12.0593 1652 SSDPSRV - ok
00:05:12.0687 1652 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\WINDOWS\system32\Drivers\SSPORT.sys
00:05:12.0703 1652 SSPORT ( UnsignedFile.Multi.Generic ) - warning
00:05:12.0703 1652 SSPORT - detected UnsignedFile.Multi.Generic (1)
00:05:12.0796 1652 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
00:05:12.0968 1652 stisvc - ok
00:05:12.0984 1652 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:05:13.0062 1652 streamip - ok
00:05:13.0109 1652 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:05:13.0187 1652 swenum - ok
00:05:13.0218 1652 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:05:13.0296 1652 swmidi - ok
00:05:13.0312 1652 SwPrv - ok
00:05:13.0359 1652 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
00:05:13.0453 1652 symc810 - ok
00:05:13.0468 1652 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:05:13.0593 1652 symc8xx - ok
00:05:13.0640 1652 [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
00:05:13.0640 1652 Symmpi ( UnsignedFile.Multi.Generic ) - warning
00:05:13.0640 1652 Symmpi - detected UnsignedFile.Multi.Generic (1)
00:05:13.0656 1652 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:05:13.0781 1652 sym_hi - ok
00:05:13.0796 1652 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:05:13.0890 1652 sym_u3 - ok
00:05:13.0921 1652 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:05:14.0000 1652 sysaudio - ok
00:05:14.0046 1652 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:05:14.0156 1652 SysmonLog - ok
00:05:14.0218 1652 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:05:14.0328 1652 TapiSrv - ok
00:05:14.0406 1652 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:05:14.0500 1652 Tcpip - ok
00:05:14.0531 1652 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:05:14.0593 1652 TDPIPE - ok
00:05:14.0625 1652 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:05:14.0718 1652 TDTCP - ok
00:05:14.0734 1652 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:05:14.0890 1652 TermDD - ok
00:05:14.0984 1652 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
00:05:15.0093 1652 TermService - ok
00:05:15.0125 1652 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
00:05:15.0140 1652 Themes - ok
00:05:15.0187 1652 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
00:05:15.0296 1652 TlntSvr - ok
00:05:15.0312 1652 TosIde - ok
00:05:15.0375 1652 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
00:05:15.0468 1652 TrkWks - ok
00:05:15.0500 1652 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:05:15.0609 1652 Udfs - ok
00:05:15.0671 1652 [ CA90D2C55EB3BB90687677BEA3DB0B59 ] UleadBurningHelper C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
00:05:15.0687 1652 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
00:05:15.0687 1652 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
00:05:15.0687 1652 ultra - ok
00:05:15.0796 1652 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
00:05:15.0906 1652 upnphost - ok
00:05:15.0953 1652 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
00:05:16.0062 1652 UPS - ok
00:05:16.0109 1652 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
00:05:16.0156 1652 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
00:05:16.0156 1652 USBAAPL - detected UnsignedFile.Multi.Generic (1)
00:05:16.0218 1652 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:05:16.0296 1652 usbccgp - ok
00:05:16.0343 1652 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:05:16.0421 1652 usbehci - ok
00:05:16.0468 1652 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:05:16.0546 1652 usbhub - ok
00:05:16.0578 1652 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:05:16.0656 1652 usbohci - ok
00:05:16.0703 1652 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:05:16.0812 1652 usbprint - ok
00:05:16.0828 1652 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:05:16.0921 1652 usbscan - ok
00:05:16.0953 1652 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:05:17.0046 1652 USBSTOR - ok
00:05:17.0078 1652 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:05:17.0156 1652 usbuhci - ok
00:05:17.0203 1652 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:05:17.0281 1652 VgaSave - ok
00:05:17.0296 1652 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
00:05:17.0390 1652 ViaIde - ok
00:05:17.0406 1652 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:05:17.0484 1652 VolSnap - ok
00:05:17.0562 1652 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
00:05:17.0687 1652 VSS - ok
00:05:17.0750 1652 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
00:05:17.0859 1652 W32Time - ok
00:05:17.0921 1652 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:05:18.0000 1652 Wanarp - ok
00:05:18.0000 1652 WDICA - ok
00:05:18.0031 1652 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:05:18.0125 1652 wdmaud - ok
00:05:18.0187 1652 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
00:05:18.0265 1652 WebClient - ok
00:05:18.0390 1652 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:05:18.0484 1652 winmgmt - ok
00:05:18.0531 1652 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
00:05:18.0593 1652 WmdmPmSN - ok
00:05:18.0703 1652 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
00:05:18.0921 1652 Wmi - ok
00:05:18.0937 1652 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:05:19.0046 1652 WmiApSrv - ok
00:05:19.0234 1652 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
00:05:19.0453 1652 WMPNetworkSvc - ok
00:05:19.0500 1652 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
00:05:19.0531 1652 WpdUsb - ok
00:05:19.0593 1652 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:05:19.0687 1652 WS2IFSL - ok
00:05:19.0765 1652 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
00:05:19.0859 1652 wscsvc - ok
00:05:19.0906 1652 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:05:19.0984 1652 WSTCODEC - ok
00:05:20.0031 1652 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
00:05:20.0109 1652 wuauserv - ok
00:05:20.0171 1652 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:05:20.0234 1652 WudfPf - ok
00:05:20.0250 1652 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:05:20.0265 1652 WudfRd - ok
00:05:20.0312 1652 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
00:05:20.0343 1652 WudfSvc - ok
00:05:20.0453 1652 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:05:20.0593 1652 WZCSVC - ok
00:05:20.0671 1652 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:05:20.0796 1652 xmlprov - ok
00:05:20.0859 1652 [ 58C938BDD89281DC1A64B1DCE675FCE4 ] ZSMC301b C:\WINDOWS\system32\Drivers\usbVM31b.sys
00:05:20.0890 1652 ZSMC301b - ok
00:05:20.0937 1652 ================ Scan global ===============================
00:05:21.0000 1652 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
00:05:21.0093 1652 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
00:05:21.0156 1652 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
00:05:21.0171 1652 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
00:05:21.0171 1652 [Global] - ok
00:05:21.0171 1652 ================ Scan MBR ==================================
00:05:21.0203 1652 [ 4F02A8D4048A138C450ED7F867EB0144 ] \Device\Harddisk0\DR0
00:05:21.0500 1652 \Device\Harddisk0\DR0 - ok
00:05:21.0515 1652 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR3
00:05:21.0656 1652 \Device\Harddisk1\DR3 - ok
00:05:21.0656 1652 ================ Scan VBR ==================================
00:05:21.0656 1652 [ E297A6E7B851D3099B4B27FFED13283D ] \Device\Harddisk0\DR0\Partition1
00:05:21.0656 1652 \Device\Harddisk0\DR0\Partition1 - ok
00:05:21.0671 1652 [ EB745B4E738B10DDD9F51CC02EC4A524 ] \Device\Harddisk0\DR0\Partition2
00:05:21.0671 1652 \Device\Harddisk0\DR0\Partition2 - ok
00:05:21.0671 1652 [ A907C4F5960CF608FC6D56B878BF190E ] \Device\Harddisk1\DR3\Partition1
00:05:21.0671 1652 \Device\Harddisk1\DR3\Partition1 - ok
00:05:21.0671 1652 ============================================================
00:05:21.0671 1652 Scan finished
00:05:21.0671 1652 ============================================================
00:05:21.0781 1644 Detected object count: 17
00:05:21.0781 1644 Actual detected object count: 17
00:09:40.0906 1644 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0906 1644 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0906 1644 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0906 1644 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0906 1644 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0906 1644 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0906 1644 FSLX ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0906 1644 FSLX ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0921 1644 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0921 1644 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0921 1644 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0921 1644 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0921 1644 LiveUpdateInstaller ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0921 1644 LiveUpdateInstaller ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0921 1644 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0921 1644 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0921 1644 PCA ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0921 1644 PCA ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0937 1644 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0937 1644 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0937 1644 RTL8187B ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0937 1644 RTL8187B ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0937 1644 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0937 1644 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0937 1644 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0937 1644 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0937 1644 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0937 1644 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0937 1644 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0937 1644 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0953 1644 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0953 1644 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:40.0953 1644 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:40.0953 1644 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 16.05.2013 23:40
Hi
spenden kannst du gerne, wenn wir fertig sind, wir führen noch einige Scans aus und sichern den pc ab

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

hansdoll 17.05.2013 01:05
Hi,

hab mich zu früh gefreut.
Konnte den Rechner zehn Minuten benutzen, dann hatte ich den GVU-Bildschirm wieder.
Ich habe dann die Killer.exe nochmal ausgeführt.
Combofix habe ich runtergeladen.
Das Problem ist, dass mein PC nur im abgesicherten Modus MIT Eingabeaufforderung läuft.
Normaler abgesicherter Modus stürzt ab.
Ich kann also den Virenscanner (G Data) nicht ausschalten.
Combofix beschwert sich genau darüber.
Nun will Combofix ins Internet, um sich die Microsoft-Wiederherstellungskonsole zu laden.
Aber in diesem DOS-Bildschirm krieg ich ja keine Internet-Verbindung hin.

Was tun ?

markusg 17.05.2013 11:44
Auf jeden fall mal finger weg von illegalen streamings wie kinox.to, nur bei uns bzw auf von mir genannten pages surfen.
neues otl log erstellen und posten

hansdoll 17.05.2013 20:56
Hallo,

hier zum zweiten mal die otl und extras logs :OTL Logfile:
Code:
OTL logfile created on: 17.05.2013 21:47:12 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 82,49% Memory free
3,73 Gb Paging File | 3,65 Gb Available in Paging File | 97,84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 6,29 Gb Free Space | 4,59% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,67% Space Free | Partition Type: NTFS
Drive F: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,75% Space Free | Partition Type: FAT32
 
Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.15 01:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013.05.17 01:03:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.13 10:20:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.15 00:50:23 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.12.21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.06.20 09:19:11 | 000,175,104 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.10.29 09:03:16 | 001,089,608 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2008.09.08 09:46:56 | 001,185,496 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2008.08.19 16:20:50 | 000,386,120 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2008.04.07 07:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Programme\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006.06.05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.07.02 09:36:54 | 000,516,096 | ---- | M] (Sage KHK Software) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe -- (LiveUpdateInstaller)
SRV - [2002.12.17 16:55:12 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2002.12.17 16:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2011.04.05 13:31:50 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.05.27 07:29:56 | 000,068,424 | ---- | M] (G DATA Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2009.05.21 20:36:48 | 000,051,016 | ---- | M] (G DATA Software AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2009.05.21 12:43:53 | 000,048,712 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2009.05.21 12:43:47 | 000,032,328 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2008.07.11 14:44:00 | 000,191,872 | ---- | M] (Altiris, Inc.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
DRV - [2007.11.06 19:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.07.30 14:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.07.30 14:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.05.04 14:40:22 | 000,215,040 | R--- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.05.29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006.05.29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2004.08.17 05:44:22 | 000,091,263 | R--- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004.08.04 01:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004.08.04 01:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004.08.04 01:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004.08.04 01:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004.08.04 01:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004.08.04 01:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004.08.04 01:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004.08.04 01:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004.08.04 01:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004.08.04 01:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004.08.04 01:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004.08.04 01:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004.08.04 01:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004.08.04 01:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004.08.04 01:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002.04.04 07:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=51D33A1B-5494-4753-BB99-A16A296559A6&apn_sauid=EAABA731-5486-4EA9-BE11-A5DC56130D49
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.13 10:20:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.16 08:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.04.03 11:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.21 23:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default\extensions
[2013.04.26 07:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions
[2013.04.26 07:06:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\support@lastpass.com
[2013.02.20 23:33:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\toolbar@ask.com
[2012.02.17 22:21:04 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.04.13 10:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.13 10:20:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.04.13 10:20:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.17 09:55:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 20:16:49 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.17 09:55:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 09:55:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 09:55:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 09:55:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.17 02:15:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (Vimicro)
O4 - HKLM..\Run: [CDAServer] C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe ()
O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe (G DATA Software AG)
O4 - HKLM..\Run: [innoplus_update] C:\Programme\innoPlus\innoplus_bad\bin\dataupdate.exe (INNOVA-engineering GmbH Dresden)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKLM..\RunOnce: [(4) HWRestore] C:\Sage\KHK\Handwerk\HWRESTORE.EXE (Sage KHK Software GmbH&Co.KG)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk =  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\QLINK.lnk = C:\program files\Lexmark Applications\QLink\QLINK.EXE (Lexmark)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\\sarah.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EFD5704-5D07-4B54-8B2A-420BB016F3DE}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.17 02:16:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013.05.17 01:56:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.05.17 01:56:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.05.17 01:56:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.05.17 01:56:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.05.17 01:53:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.17 01:53:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.05.15 00:52:43 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.14 01:23:25 | 000,000,000 | ---D | C] -- C:\Wiederhergestellte Dateien 13-05-13
[2013.05.12 21:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013.05.04 20:32:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2013.05.04 20:31:25 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsiw.exe
[2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsia.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.17 02:15:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.05.17 01:53:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.17 01:52:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.17 01:48:23 | 000,002,165 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk
[2013.05.17 01:48:19 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.17 01:33:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013.05.17 01:17:30 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2013.05.17 01:03:39 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.17 00:41:21 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.16 01:12:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Kein Protokoll
[2013.05.13 00:54:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.05.12 01:06:24 | 000,008,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB
[2013.05.12 01:06:24 | 000,006,144 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB
[2013.05.04 20:32:03 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.05.04 20:17:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.04.25 23:24:42 | 000,471,880 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.25 23:24:42 | 000,451,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.25 23:24:42 | 000,090,282 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.25 23:24:42 | 000,075,142 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.05.17 01:56:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.05.17 01:56:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.05.17 01:56:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.05.17 01:56:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.05.17 01:56:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.05.12 00:08:10 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB
[2013.05.12 00:07:51 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB
[2013.05.04 20:32:03 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.02.26 01:31:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2013.02.26 01:31:44 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2013.02.26 01:31:35 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc
[2012.10.15 21:25:03 | 000,124,792 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2012.10.15 21:24:54 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2012.10.15 21:24:54 | 000,145,408 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2012.10.15 21:23:25 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\ssa3mlm.dll
[2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- C:\Programme\readme.html
[2012.07.27 22:24:16 | 000,006,854 | RHS- | C] () -- C:\WINDOWS\innova3.ini
[2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Programme\basis-link
[2012.02.14 21:02:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.20 01:07:43 | 000,028,624 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.12.19 10:53:34 | 076,004,920 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\exe2323iw.dat
[2011.10.13 00:51:40 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.05.20 22:57:46 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak
[2009.05.20 22:57:46 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak
[2009.05.20 22:57:46 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak
[2009.05.20 05:36:08 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.04.27 12:04:04 | 140,387,075 | ---- | C] () -- C:\Programme\openofficeorg1.cab
[2009.04.27 12:03:46 | 009,818,624 | ---- | C] () -- C:\Programme\openofficeorg31.msi
[2009.04.27 06:43:50 | 000,000,336 | ---- | C] () -- C:\Programme\setup.ini
 
========== ZeroAccess Check ==========
 
[2009.05.20 05:35:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013.02.21 21:06:28 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.02.12 21:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ACD Systems
[2010.05.01 23:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon
[2009.08.08 13:25:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Datalayer
[2013.03.11 01:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\elsterformular
[2010.09.15 23:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ!
[2010.09.15 22:59:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ!fax für FRITZ!Box
[2011.12.18 02:22:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HandBrake
[2012.07.27 22:23:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\innoplus
[2009.08.23 11:28:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech
[2009.08.02 19:38:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia
[2009.08.02 20:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia Multimedia Player
[2009.05.21 18:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2012.06.14 00:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle
[2009.08.02 19:02:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite
[2012.04.07 15:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RavensburgerTipToi
[2009.05.21 03:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView
[2013.02.26 01:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Samsung
[2012.08.21 09:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer
[2010.10.16 13:01:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird
[2011.05.08 21:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ulead Systems
[2012.03.16 12:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\YouTube Downloader
[2013.05.04 20:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011.02.12 21:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2012.11.21 23:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2009.08.02 18:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2010.11.10 23:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Mender
[2013.03.11 01:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2010.01.20 14:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2012.07.27 22:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\innoplus
[2010.09.15 22:59:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch
[2009.08.02 19:02:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012.02.25 11:42:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2013.02.26 01:31:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2011.05.08 20:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2011.05.08 21:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2012.03.05 17:29:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader
[2011.12.18 01:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.01 21:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.05.21 20:43:40 | 000,000,000 | ---D | M] -- C:\70SP4
[2012.05.11 03:01:16 | 000,000,000 | ---D | M] -- C:\9f7803ddae81aabb78e04f476cd8feaa
[2009.07.12 11:35:58 | 000,000,000 | ---D | M] -- C:\Banking
[2009.05.20 05:44:07 | 000,000,000 | ---D | M] -- C:\Compaq
[2013.05.04 20:32:50 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009.05.20 14:26:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.04.08 21:16:51 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.08.14 23:19:30 | 000,000,000 | ---D | M] -- C:\e322ecf43298eabf7fb898a4
[2011.01.11 00:05:18 | 000,000,000 | ---D | M] -- C:\Endisch Dokumente
[2012.01.22 19:48:42 | 000,000,000 | ---D | M] -- C:\FBBM
[2013.05.12 00:06:46 | 000,000,000 | ---D | M] -- C:\Firma Doll
[2009.05.21 19:58:28 | 000,000,000 | ---D | M] -- C:\Fotos
[2013.05.15 00:52:43 | 000,000,000 | ---D | M] -- C:\FRST
[2009.05.20 05:44:14 | 000,000,000 | ---D | M] -- C:\fslrdr
[2009.05.20 05:44:42 | 000,000,000 | ---D | M] -- C:\hp
[2011.11.04 20:36:41 | 000,000,000 | ---D | M] -- C:\Häuser
[2009.05.20 14:26:48 | 000,000,000 | ---D | M] -- C:\i386
[2010.11.10 23:38:43 | 000,000,000 | ---D | M] -- C:\lexmark
[2013.04.28 16:50:21 | 000,000,000 | ---D | M] -- C:\Private Dokumente Hans
[2010.11.10 23:39:53 | 000,000,000 | ---D | M] -- C:\program files
[2013.05.17 02:15:04 | 000,000,000 | R--D | M] -- C:\Programme
[2012.06.27 21:55:42 | 000,000,000 | ---D | M] -- C:\QLINK
[2013.05.17 02:16:59 | 000,000,000 | ---D | M] -- C:\Qoobox
[2009.05.21 20:24:36 | 000,000,000 | ---D | M] -- C:\Sage
[2012.02.06 00:56:05 | 000,000,000 | ---D | M] -- C:\spoolerlogs
[2009.05.20 17:53:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.05.20 17:53:18 | 000,000,000 | ---D | M] -- C:\system.sav
[2012.01.05 02:05:57 | 000,000,000 | ---D | M] -- C:\temp
[2013.05.14 01:27:40 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 13-05-13
[2009.05.21 19:57:33 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 21-05-09
[2013.05.17 02:16:59 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2002.03.11 10:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsia.exe
[2002.03.11 11:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsiw.exe
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2008.04.14 04:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp
[2008.04.14 04:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2008.04.14 04:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp
[2008.04.14 04:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2008.04.14 04:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2008.04.14 04:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008.04.14 04:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.05.16 16:27:22 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2006.05.16 16:27:22 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2009.09.01 20:59:29 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2011.04.24 23:13:05 | 000,001,100 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2011.04.24 23:13:05 | 000,001,104 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012.10.15 21:34:52 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.02.20 23:33:49 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
< MD5 for: AGP440.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: AHCIX86.SYS  >
[2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\ahcix86.sys
[2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\WINDOWS\DRIVERS\STORAGE\ahcix86.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 09:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 09:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 09:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVGTS.SYS  >
[2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\nvgts.sys
[2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\WINDOWS\DRIVERS\STORAGE\nvgts.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 09:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 09:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\erdnt\cache\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 09:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 09:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.17 22:56:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.05.05 07:27:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.05.05 07:27:28 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.05.05 07:27:28 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.05.17 01:51:51 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2013.05.17 21:46:58 | 001,028,096 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG
[2013.05.17 01:51:51 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.03.02 03:57:39 | 001,867,392 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 17.05.2013 21:47:12 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 82,49% Memory free
3,73 Gb Paging File | 3,65 Gb Available in Paging File | 97,84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 6,29 Gb Free Space | 4,59% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,67% Space Free | Partition Type: NTFS
Drive F: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,75% Space Free | Partition Type: FAT32
 
Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Programme\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler  -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\FRITZ!\igd_finder.exe" = C:\Programme\FRITZ!\igd_finder.exe:LocalSubNet:Enabled:AVM FRITZ!fax for FRITZ!Box - igd_finder.exe -- ()
"C:\Programme\FRITZ!\FriFax32.exe" = C:\Programme\FRITZ!\FriFax32.exe:*:Enabled:FRITZ!fax -- (AVM Berlin)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe" = C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe:*:Enabled:Samsung Scanner Discovery Module V2 -- ()
"C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe" = C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe:*:Enabled:CDA Server -- ()
"C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe" = C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe:*:Enabled:Easy Printer Manager -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe" = C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe:*:Enabled:EPM Order Supplies -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe" = C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe:*:Enabled:EPM Alert -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe" = C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe:*:Enabled:CDA Scan2PC -- ()
"C:\Programme\Scan Assistant\USDAgent.exe" = C:\Programme\Scan Assistant\USDAgent.exe:*:Enabled:Samsung Scan Assistant - USDAgent.exe -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe:LocalSubNet:Enabled:Samsung Network PC Fax Monitor -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1EA84402-CD4F-4F19-AFED-C5C228259873}" = G DATA AntiVirus
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D0C290B-B527-11D3-8B9B-006097833640}" = Handwerk
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{880A0DCF-E8C2-11D9-AAFD-0050BA1ACA6F}" = QLink
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F018BFDC-1ED3-4399-9009-4E1604BF2510}" = innoPlus bad
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem  (06/12/2006 6.81.0.21)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.4
"ElsterFormular" = ElsterFormular
"EOS Utility" = Canon Utilities EOS Utility
"HandBrake" = HandBrake 0.9.5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA-Treiber
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PDF Complete" = PDF Complete
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Ravensburger tiptoi" = Ravensburger tiptoi
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung Network PC Fax" = Samsung Network PC Fax
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Scan Assistant" = Samsung Scan Assistant
"Samsung SCX-472x Series" = Samsung SCX-472x Series
"sv.net" = sv.net
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WIC" = Windows Imaging Component
"Win-CASA 6" = Win-CASA 6
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 16.05.2013 19:44:48 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 16.05.2013 19:44:48 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 16.05.2013 19:48:29 | Computer Name = COMPUTERHANS | Source = MSSQLSERVER | ID = 17055
Description = 19012 :  SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
 1433. 
 
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32031
 
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32031
 
[ System Events ]
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  AFD  AmdK8  Fips  i8042prt  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  Tcpip  WS2IFSL
 
Error - 17.05.2013 15:39:35 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error - 17.05.2013 15:42:40 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 17.05.2013 15:50:55 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
 
< End of report >
--- --- ---

markusg 17.05.2013 21:02
bitte aus dem abgesicherten Modus im betroffenen account

hansdoll 17.05.2013 21:06
Hab ich das richtig verstanden:
Abgesicherten Modus verlassen und im abges. Modus mit Eingabeaufforderung weitermachen ?

markusg 17.05.2013 21:16
laut dem log ist keine Malware aktiv, deswegen im abgesicherten modus den infizierten nutzer wählen und erneut scannen

hansdoll 17.05.2013 21:41
Im abgesicherten Modus kann ich beim Anmelden keinen Nutzer wählen,
wie beim normalen Windows-Start. Es gibt allerdings sowieso nur den Administrator.
logs, die dritte:

Code:
OTL logfile created on: 17.05.2013 22:30:36 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 86,73% Memory free
3,73 Gb Paging File | 3,67 Gb Available in Paging File | 98,40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 6,30 Gb Free Space | 4,60% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,67% Space Free | Partition Type: NTFS
Drive F: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,75% Space Free | Partition Type: FAT32
 
Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.15 01:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013.05.17 01:03:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.13 10:20:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.15 00:50:23 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.12.21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.06.20 09:19:11 | 000,175,104 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.10.29 09:03:16 | 001,089,608 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2008.09.08 09:46:56 | 001,185,496 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2008.08.19 16:20:50 | 000,386,120 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2008.04.07 07:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Programme\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006.06.05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.07.02 09:36:54 | 000,516,096 | ---- | M] (Sage KHK Software) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe -- (LiveUpdateInstaller)
SRV - [2002.12.17 16:55:12 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2002.12.17 16:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2011.04.05 13:31:50 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.05.27 07:29:56 | 000,068,424 | ---- | M] (G DATA Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2009.05.21 20:36:48 | 000,051,016 | ---- | M] (G DATA Software AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2009.05.21 12:43:53 | 000,048,712 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2009.05.21 12:43:47 | 000,032,328 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2008.07.11 14:44:00 | 000,191,872 | ---- | M] (Altiris, Inc.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
DRV - [2007.11.06 19:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.07.30 14:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.07.30 14:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.05.04 14:40:22 | 000,215,040 | R--- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.05.29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006.05.29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2004.08.17 05:44:22 | 000,091,263 | R--- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004.08.04 01:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004.08.04 01:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004.08.04 01:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004.08.04 01:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004.08.04 01:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004.08.04 01:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004.08.04 01:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004.08.04 01:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004.08.04 01:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004.08.04 01:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004.08.04 01:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004.08.04 01:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004.08.04 01:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004.08.04 01:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004.08.04 01:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002.04.04 07:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=51D33A1B-5494-4753-BB99-A16A296559A6&apn_sauid=EAABA731-5486-4EA9-BE11-A5DC56130D49
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.13 10:20:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.16 08:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.04.03 11:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.21 23:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default\extensions
[2013.04.26 07:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions
[2013.04.26 07:06:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\support@lastpass.com
[2013.02.20 23:33:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\toolbar@ask.com
[2012.02.17 22:21:04 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.04.13 10:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.13 10:20:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.04.13 10:20:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.17 09:55:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 20:16:49 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.17 09:55:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 09:55:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 09:55:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 09:55:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.17 02:15:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (Vimicro)
O4 - HKLM..\Run: [CDAServer] C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe ()
O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe (G DATA Software AG)
O4 - HKLM..\Run: [innoplus_update] C:\Programme\innoPlus\innoplus_bad\bin\dataupdate.exe (INNOVA-engineering GmbH Dresden)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKLM..\RunOnce: [(4) HWRestore] C:\Sage\KHK\Handwerk\HWRESTORE.EXE (Sage KHK Software GmbH&Co.KG)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk =  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\QLINK.lnk = C:\program files\Lexmark Applications\QLink\QLINK.EXE (Lexmark)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\\sarah.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EFD5704-5D07-4B54-8B2A-420BB016F3DE}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.17 02:16:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013.05.17 01:56:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.05.17 01:56:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.05.17 01:56:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.05.17 01:56:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.05.17 01:53:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.17 01:53:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.05.15 00:52:43 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.14 01:23:25 | 000,000,000 | ---D | C] -- C:\Wiederhergestellte Dateien 13-05-13
[2013.05.12 21:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013.05.04 20:32:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2013.05.04 20:31:25 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsiw.exe
[2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsia.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.17 22:22:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.17 22:22:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.17 02:15:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.05.17 01:48:23 | 000,002,165 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk
[2013.05.17 01:48:19 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.17 01:33:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013.05.17 01:17:30 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2013.05.17 01:03:39 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.17 00:41:21 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.16 01:12:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Kein Protokoll
[2013.05.13 00:54:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.05.12 01:06:24 | 000,008,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB
[2013.05.12 01:06:24 | 000,006,144 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB
[2013.05.04 20:32:03 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.05.04 20:17:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.04.25 23:24:42 | 000,471,880 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.25 23:24:42 | 000,451,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.25 23:24:42 | 000,090,282 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.25 23:24:42 | 000,075,142 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.05.17 01:56:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.05.17 01:56:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.05.17 01:56:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.05.17 01:56:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.05.17 01:56:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.05.12 00:08:10 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB
[2013.05.12 00:07:51 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB
[2013.05.04 20:32:03 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.02.26 01:31:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2013.02.26 01:31:44 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2013.02.26 01:31:35 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc
[2012.10.15 21:25:03 | 000,124,792 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2012.10.15 21:24:54 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2012.10.15 21:24:54 | 000,145,408 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2012.10.15 21:23:25 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\ssa3mlm.dll
[2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- C:\Programme\readme.html
[2012.07.27 22:24:16 | 000,006,854 | RHS- | C] () -- C:\WINDOWS\innova3.ini
[2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Programme\basis-link
[2012.02.14 21:02:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.20 01:07:43 | 000,028,624 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.12.19 10:53:34 | 076,004,920 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\exe2323iw.dat
[2011.10.13 00:51:40 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.05.20 22:57:46 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak
[2009.05.20 22:57:46 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak
[2009.05.20 22:57:46 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak
[2009.05.20 05:36:08 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.04.27 12:04:04 | 140,387,075 | ---- | C] () -- C:\Programme\openofficeorg1.cab
[2009.04.27 12:03:46 | 009,818,624 | ---- | C] () -- C:\Programme\openofficeorg31.msi
[2009.04.27 06:43:50 | 000,000,336 | ---- | C] () -- C:\Programme\setup.ini
 
========== ZeroAccess Check ==========
 
[2009.05.20 05:35:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013.02.21 21:06:28 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.02.12 21:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ACD Systems
[2010.05.01 23:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon
[2009.08.08 13:25:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Datalayer
[2013.03.11 01:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\elsterformular
[2010.09.15 23:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ!
[2010.09.15 22:59:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ!fax für FRITZ!Box
[2011.12.18 02:22:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HandBrake
[2012.07.27 22:23:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\innoplus
[2009.08.23 11:28:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech
[2009.08.02 19:38:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia
[2009.08.02 20:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia Multimedia Player
[2009.05.21 18:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2012.06.14 00:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle
[2009.08.02 19:02:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite
[2012.04.07 15:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RavensburgerTipToi
[2009.05.21 03:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView
[2013.02.26 01:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Samsung
[2012.08.21 09:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer
[2010.10.16 13:01:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird
[2011.05.08 21:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ulead Systems
[2012.03.16 12:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\YouTube Downloader
[2013.05.04 20:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011.02.12 21:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2012.11.21 23:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2009.08.02 18:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2010.11.10 23:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Mender
[2013.03.11 01:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2010.01.20 14:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2012.07.27 22:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\innoplus
[2010.09.15 22:59:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch
[2009.08.02 19:02:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012.02.25 11:42:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2013.02.26 01:31:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2011.05.08 20:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2011.05.08 21:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2012.03.05 17:29:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader
[2011.12.18 01:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.01 21:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.05.21 20:43:40 | 000,000,000 | ---D | M] -- C:\70SP4
[2012.05.11 03:01:16 | 000,000,000 | ---D | M] -- C:\9f7803ddae81aabb78e04f476cd8feaa
[2009.07.12 11:35:58 | 000,000,000 | ---D | M] -- C:\Banking
[2009.05.20 05:44:07 | 000,000,000 | ---D | M] -- C:\Compaq
[2013.05.04 20:32:50 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009.05.20 14:26:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.04.08 21:16:51 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.08.14 23:19:30 | 000,000,000 | ---D | M] -- C:\e322ecf43298eabf7fb898a4
[2011.01.11 00:05:18 | 000,000,000 | ---D | M] -- C:\Endisch Dokumente
[2012.01.22 19:48:42 | 000,000,000 | ---D | M] -- C:\FBBM
[2013.05.12 00:06:46 | 000,000,000 | ---D | M] -- C:\Firma Doll
[2009.05.21 19:58:28 | 000,000,000 | ---D | M] -- C:\Fotos
[2013.05.15 00:52:43 | 000,000,000 | ---D | M] -- C:\FRST
[2009.05.20 05:44:14 | 000,000,000 | ---D | M] -- C:\fslrdr
[2009.05.20 05:44:42 | 000,000,000 | ---D | M] -- C:\hp
[2011.11.04 20:36:41 | 000,000,000 | ---D | M] -- C:\Häuser
[2009.05.20 14:26:48 | 000,000,000 | ---D | M] -- C:\i386
[2010.11.10 23:38:43 | 000,000,000 | ---D | M] -- C:\lexmark
[2013.04.28 16:50:21 | 000,000,000 | ---D | M] -- C:\Private Dokumente Hans
[2010.11.10 23:39:53 | 000,000,000 | ---D | M] -- C:\program files
[2013.05.17 02:15:04 | 000,000,000 | R--D | M] -- C:\Programme
[2012.06.27 21:55:42 | 000,000,000 | ---D | M] -- C:\QLINK
[2013.05.17 02:16:59 | 000,000,000 | ---D | M] -- C:\Qoobox
[2009.05.21 20:24:36 | 000,000,000 | ---D | M] -- C:\Sage
[2012.02.06 00:56:05 | 000,000,000 | ---D | M] -- C:\spoolerlogs
[2009.05.20 17:53:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.05.20 17:53:18 | 000,000,000 | ---D | M] -- C:\system.sav
[2012.01.05 02:05:57 | 000,000,000 | ---D | M] -- C:\temp
[2013.05.14 01:27:40 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 13-05-13
[2009.05.21 19:57:33 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 21-05-09
[2013.05.17 02:16:59 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2002.03.11 10:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsia.exe
[2002.03.11 11:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsiw.exe
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2008.04.14 04:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp
[2008.04.14 04:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2008.04.14 04:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp
[2008.04.14 04:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2008.04.14 04:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2008.04.14 04:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008.04.14 04:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.05.16 16:27:22 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2006.05.16 16:27:22 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2009.09.01 20:59:29 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2011.04.24 23:13:05 | 000,001,100 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2011.04.24 23:13:05 | 000,001,104 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012.10.15 21:34:52 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.02.20 23:33:49 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
< MD5 for: AGP440.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: AHCIX86.SYS  >
[2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\ahcix86.sys
[2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\WINDOWS\DRIVERS\STORAGE\ahcix86.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 09:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 09:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 09:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVGTS.SYS  >
[2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\nvgts.sys
[2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\WINDOWS\DRIVERS\STORAGE\nvgts.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 09:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 09:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\erdnt\cache\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 09:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 09:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.17 22:56:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.05.05 07:27:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.05.05 07:27:28 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.05.05 07:27:28 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.05.17 22:21:08 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2013.05.17 22:24:52 | 000,180,224 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG
[2013.05.17 22:21:08 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.03.02 03:57:39 | 001,867,392 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >
Code:
OTL Extras logfile created on: 17.05.2013 21:47:12 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 82,49% Memory free
3,73 Gb Paging File | 3,65 Gb Available in Paging File | 97,84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 6,29 Gb Free Space | 4,59% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,67% Space Free | Partition Type: NTFS
Drive F: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,75% Space Free | Partition Type: FAT32
 
Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Programme\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler  -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\FRITZ!\igd_finder.exe" = C:\Programme\FRITZ!\igd_finder.exe:LocalSubNet:Enabled:AVM FRITZ!fax for FRITZ!Box - igd_finder.exe -- ()
"C:\Programme\FRITZ!\FriFax32.exe" = C:\Programme\FRITZ!\FriFax32.exe:*:Enabled:FRITZ!fax -- (AVM Berlin)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe" = C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe:*:Enabled:Samsung Scanner Discovery Module V2 -- ()
"C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe" = C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe:*:Enabled:CDA Server -- ()
"C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe" = C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe:*:Enabled:Easy Printer Manager -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe" = C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe:*:Enabled:EPM Order Supplies -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe" = C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe:*:Enabled:EPM Alert -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe" = C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe:*:Enabled:CDA Scan2PC -- ()
"C:\Programme\Scan Assistant\USDAgent.exe" = C:\Programme\Scan Assistant\USDAgent.exe:*:Enabled:Samsung Scan Assistant - USDAgent.exe -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe:LocalSubNet:Enabled:Samsung Network PC Fax Monitor -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1EA84402-CD4F-4F19-AFED-C5C228259873}" = G DATA AntiVirus
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D0C290B-B527-11D3-8B9B-006097833640}" = Handwerk
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{880A0DCF-E8C2-11D9-AAFD-0050BA1ACA6F}" = QLink
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F018BFDC-1ED3-4399-9009-4E1604BF2510}" = innoPlus bad
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem  (06/12/2006 6.81.0.21)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.4
"ElsterFormular" = ElsterFormular
"EOS Utility" = Canon Utilities EOS Utility
"HandBrake" = HandBrake 0.9.5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA-Treiber
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PDF Complete" = PDF Complete
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Ravensburger tiptoi" = Ravensburger tiptoi
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung Network PC Fax" = Samsung Network PC Fax
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Scan Assistant" = Samsung Scan Assistant
"Samsung SCX-472x Series" = Samsung SCX-472x Series
"sv.net" = sv.net
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WIC" = Windows Imaging Component
"Win-CASA 6" = Win-CASA 6
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 16.05.2013 19:44:48 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 16.05.2013 19:44:48 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 16.05.2013 19:48:29 | Computer Name = COMPUTERHANS | Source = MSSQLSERVER | ID = 17055
Description = 19012 :  SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
 1433. 
 
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32031
 
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32031
 
[ System Events ]
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  AFD  AmdK8  Fips  i8042prt  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  Tcpip  WS2IFSL
 
Error - 17.05.2013 15:39:35 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error - 17.05.2013 15:42:40 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 17.05.2013 15:50:55 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
 
< End of report >

hansdoll 19.05.2013 16:13
Hi,

wahrscheinlich machst Du verdiente Pfingstferien.
Ich hab die otl und otl extra logs noch in Antwort #15 stehen und seitdem am Rechner nix gemacht.

Viele Grüße

Hans

markusg 20.05.2013 11:44
dann müssen wirs anders machen
kommst du an nen pc mit brenner?
download:
http://filepony.de/download-otlpe/
und brenne es mit ISOBurner auf eine CD.
ISO Burner - Download - Filepony
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

hansdoll 20.05.2013 20:54
Guten Abend, Markus,

bin froh von Dir zu hören !

Hier die otl.txt

Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe

markusg 20.05.2013 20:57
das ist das was in der Textbox stand, nicht die otl.txt

hansdoll 20.05.2013 21:06
sorry, bin schon ganz wirr vom USB-Stick umstecken

Code:
OTL logfile created on: 5/20/2013 10:47:06 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137.04 Gb Total Space | 6.30 Gb Free Space | 4.60% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 1.64 Gb Free Space | 13.67% Space Free | Partition Type: NTFS
Drive F: | 3.71 Gb Total Space | 3.58 Gb Free Space | 96.41% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled] --  -- (HidServ)
SRV - [2013/05/16 19:03:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/13 04:20:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/14 18:50:23 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/12/21 10:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/06/20 03:19:11 | 000,175,104 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto] -- C:\WINDOWS\System32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2010/07/04 14:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/10/29 03:03:16 | 001,089,608 | ---- | M] (G DATA Software AG) [Auto] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2008/09/08 03:46:56 | 001,185,496 | ---- | M] (G DATA Software AG) [Auto] -- C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2008/08/19 10:20:50 | 000,386,120 | ---- | M] (G DATA Software AG) [Auto] -- C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2008/04/07 01:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto] -- C:\Programme\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/09/04 04:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007/01/31 08:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/06/05 07:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/11/13 19:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/02/26 03:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/07/02 03:36:54 | 000,516,096 | ---- | M] (Sage KHK Software) [Auto] -- C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe -- (LiveUpdateInstaller)
SRV - [2002/12/17 10:55:12 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2002/12/17 10:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (SjyPkt)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (cpuz132)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | On_Demand] --  -- (catchme)
DRV - [2011/04/05 07:31:50 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2010/06/14 04:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/05/27 01:29:56 | 000,068,424 | ---- | M] (G DATA Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2009/05/21 14:36:48 | 000,051,016 | ---- | M] (G DATA Software AG) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2009/05/21 06:43:53 | 000,048,712 | ---- | M] (G DATA Software AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2009/05/21 06:43:47 | 000,032,328 | ---- | M] (G DATA Software AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2008/07/11 08:44:00 | 000,191,872 | ---- | M] (Altiris, Inc.) [File_System | System] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
DRV - [2007/11/06 13:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/30 08:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/07/30 08:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/06/29 08:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/05/04 08:40:22 | 000,215,040 | R--- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007/01/25 19:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007/01/25 19:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2006/07/01 17:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/05/29 02:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006/05/29 02:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006/05/29 02:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006/05/29 02:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2004/08/16 23:44:22 | 000,091,263 | R--- | M] (VM) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b) Vimicro USB PC Camera (VC0305)
DRV - [2004/08/03 19:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 19:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 19:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 19:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 19:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 19:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 19:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 19:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 19:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 19:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 19:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 19:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 19:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 19:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 19:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/04/04 01:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
IE - HKU\Administrator_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013/04/13 04:20:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013/04/16 02:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013/04/03 05:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010/10/16 07:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions
[2010/10/16 07:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/03/21 17:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\0pmdo0bb.default\extensions
[2013/04/26 01:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\pm2lbhgz.default\extensions
[2013/04/26 01:06:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\support@lastpass.com
[2013/02/20 17:33:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\toolbar@ask.com
[2013/04/13 04:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013/04/13 04:20:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/04/13 04:20:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/02/17 03:55:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/31 14:16:49 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/02/17 03:55:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/17 03:55:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/17 03:55:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/17 03:55:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013/05/16 20:15:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (Vimicro)
O4 - HKLM..\Run: [CDAServer] C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe ()
O4 - HKLM..\Run: [Device Detector]  File not found
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe (G DATA Software AG)
O4 - HKLM..\Run: [innoplus_update] C:\Programme\innoPlus\innoplus_bad\bin\dataupdate.exe (INNOVA-engineering GmbH Dresden)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Administrator_ON_C..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\Administrator_ON_C..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKLM..\RunOnce: [(4) HWRestore] C:\Sage\KHK\Handwerk\HWRESTORE.EXE (Sage KHK Software GmbH&Co.KG)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk =  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\QLINK.lnk = C:\program files\Lexmark Applications\QLink\QLINK.EXE (Lexmark)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\\sarah.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 12:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/17 18:31:20 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\NetworkService\Cookies
[2013/05/16 20:16:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/05/16 19:56:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/05/16 19:56:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/05/16 19:56:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/05/16 19:56:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/05/16 19:53:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/16 19:53:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/05/14 18:52:43 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/13 19:23:25 | 000,000,000 | ---D | C] -- C:\Wiederhergestellte Dateien 13-05-13
[2013/05/12 15:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013/05/04 14:32:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2013/05/04 14:31:25 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2013/05/04 14:31:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2013/05/04 14:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/01/29 10:18:00 | 000,630,784 | ---- | C] ( ) -- C:\WINDOWS\System32\softcoin.dll
[2010/01/29 10:18:00 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\gencoin.dll
[2002/03/11 05:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsiw.exe
[2002/03/11 04:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsia.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/20 15:27:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/20 14:57:15 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2013/05/18 14:40:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/17 17:27:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Kein Protokoll
[2013/05/16 20:15:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/05/16 19:48:23 | 000,002,165 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk
[2013/05/16 19:48:19 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/16 19:33:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/05/16 19:03:39 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/16 19:03:38 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/16 19:03:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/16 18:41:21 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/12 18:54:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/11 19:06:24 | 000,008,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB
[2013/05/11 19:06:24 | 000,006,144 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB
[2013/05/04 14:32:03 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013/05/04 14:32:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2013/05/04 14:17:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/04/25 17:24:42 | 000,471,880 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/04/25 17:24:42 | 000,451,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/25 17:24:42 | 000,090,282 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/04/25 17:24:42 | 000,075,142 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013/05/16 19:56:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/16 19:56:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/16 19:56:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/16 19:56:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/16 19:56:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/11 18:08:10 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB
[2013/05/11 18:07:51 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB
[2013/05/04 14:32:03 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013/02/25 19:31:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2013/02/25 19:31:44 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2013/02/25 19:31:35 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc
[2012/10/15 15:25:03 | 000,124,792 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2012/10/15 15:24:54 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2012/10/15 15:24:54 | 000,145,408 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2012/10/15 15:23:25 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\ssa3mlm.dll
[2012/08/13 06:08:08 | 000,014,217 | ---- | C] () -- C:\Programme\readme.html
[2012/07/27 16:24:16 | 000,006,854 | RHS- | C] () -- C:\WINDOWS\innova3.ini
[2012/05/08 09:15:36 | 000,000,005 | ---- | C] () -- C:\Programme\basis-link
[2012/02/14 15:02:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/19 19:07:43 | 000,028,624 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/12/19 04:53:34 | 076,004,920 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\exe2323iw.dat
[2011/10/12 18:51:40 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/01 03:19:45 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/17 12:11:48 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\CDASpl.dll
[2010/10/04 09:06:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/16 11:32:06 | 000,097,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2009/05/26 06:45:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/25 16:05:24 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\RunSetup.dll
[2009/05/25 16:05:22 | 000,049,152 | R--- | C] () -- C:\WINDOWS\amcap.exe
[2009/05/21 16:38:49 | 001,029,120 | ---- | C] () -- C:\WINDOWS\System32\H5KRNL32.DLL
[2009/05/21 16:38:49 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\H5ICON32.DLL
[2009/05/21 16:38:49 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\H5MENU32.DLL
[2009/05/21 16:38:49 | 000,114,176 | ---- | C] () -- C:\WINDOWS\System32\H5DLG32.DLL
[2009/05/21 16:38:49 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\H5RTF32.DLL
[2009/05/21 16:38:49 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\H5TOOL32.DLL
[2009/05/20 17:04:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/20 16:57:46 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak
[2009/05/20 16:57:46 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak
[2009/05/20 16:57:46 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak
[2009/05/20 08:27:55 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/20 08:27:55 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/05/20 08:27:55 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/20 08:27:55 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/05/20 08:27:54 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/05/20 08:27:53 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/20 08:27:53 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/05/20 08:27:52 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/05/20 08:27:52 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/05/20 08:19:18 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/05/20 08:19:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/05/20 08:19:13 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/05/20 08:19:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/05/20 08:18:54 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/05/20 08:17:13 | 000,000,981 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/05/19 23:46:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/19 23:44:11 | 000,000,731 | ---- | C] () -- C:\WINDOWS\System32\McOEMAppRules.dat
[2009/05/19 23:41:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/05/19 23:36:08 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/05/19 23:34:20 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/04/27 06:04:04 | 140,387,075 | ---- | C] () -- C:\Programme\openofficeorg1.cab
[2009/04/27 06:03:46 | 009,818,624 | ---- | C] () -- C:\Programme\openofficeorg31.msi
[2009/04/27 00:43:50 | 000,000,336 | ---- | C] () -- C:\Programme\setup.ini
[2007/10/25 12:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/05/16 10:20:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/04 23:53:24 | 000,471,880 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/05/04 23:53:24 | 000,451,054 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/05/04 23:53:24 | 000,090,282 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/05/04 23:53:24 | 000,075,142 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/05/04 23:49:18 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/04 23:41:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/04 23:37:00 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/19 06:33:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2001/08/18 07:09:40 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001/08/18 07:09:40 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001/08/17 16:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/17 16:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/17 16:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/07/21 17:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/07/21 17:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
 
========== LOP Check ==========
 
[2010/11/15 06:07:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\FRITZ!
[2012/10/18 16:50:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Samsung
[2011/02/12 15:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ACD Systems
[2010/05/01 17:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon
[2009/08/08 07:25:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Datalayer
[2013/03/10 19:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\elsterformular
[2010/09/15 17:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ!
[2010/09/15 16:59:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ!fax für FRITZ!Box
[2011/12/17 20:22:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HandBrake
[2012/07/27 16:23:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\innoplus
[2009/08/23 05:28:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech
[2009/08/02 13:38:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia
[2009/08/02 14:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia Multimedia Player
[2009/05/21 12:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2012/06/13 18:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle
[2009/08/02 13:02:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite
[2012/04/07 09:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RavensburgerTipToi
[2009/05/20 21:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView
[2013/02/25 19:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Samsung
[2012/08/21 03:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer
[2010/10/16 07:01:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird
[2011/05/08 15:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ulead Systems
[2012/03/16 06:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\YouTube Downloader
[2013/05/04 14:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/02/12 15:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2012/11/21 17:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2009/08/02 12:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2010/11/10 17:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Mender
[2013/03/10 19:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2010/01/20 08:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2012/07/27 16:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\innoplus
[2010/09/15 16:59:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch
[2009/08/02 13:02:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012/02/25 05:42:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2013/02/25 19:31:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2011/05/08 14:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2011/05/08 15:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2012/03/05 11:29:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader
[2011/12/17 19:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/01 15:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/05/16 19:33:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009/05/21 14:43:40 | 000,000,000 | ---D | M] -- C:\70SP4
[2012/05/10 21:01:16 | 000,000,000 | ---D | M] -- C:\9f7803ddae81aabb78e04f476cd8feaa
[2009/07/12 05:35:58 | 000,000,000 | ---D | M] -- C:\Banking
[2009/05/19 23:44:07 | 000,000,000 | ---D | M] -- C:\Compaq
[2013/05/04 14:32:50 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009/05/20 08:26:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011/04/08 15:16:51 | 000,000,000 | ---D | M] -- C:\Downloads
[2009/08/14 17:19:30 | 000,000,000 | ---D | M] -- C:\e322ecf43298eabf7fb898a4
[2011/01/10 18:05:18 | 000,000,000 | ---D | M] -- C:\Endisch Dokumente
[2012/01/22 13:48:42 | 000,000,000 | ---D | M] -- C:\FBBM
[2013/05/11 18:06:46 | 000,000,000 | ---D | M] -- C:\Firma Doll
[2009/05/21 13:58:28 | 000,000,000 | ---D | M] -- C:\Fotos
[2013/05/14 18:52:43 | 000,000,000 | ---D | M] -- C:\FRST
[2009/05/19 23:44:14 | 000,000,000 | ---D | M] -- C:\fslrdr
[2009/05/19 23:44:42 | 000,000,000 | ---D | M] -- C:\hp
[2011/11/04 14:36:41 | 000,000,000 | ---D | M] -- C:\Häuser
[2009/05/20 08:26:48 | 000,000,000 | ---D | M] -- C:\i386
[2010/11/10 17:38:43 | 000,000,000 | ---D | M] -- C:\lexmark
[2013/04/28 10:50:21 | 000,000,000 | ---D | M] -- C:\Private Dokumente Hans
[2010/11/10 17:39:53 | 000,000,000 | ---D | M] -- C:\program files
[2013/05/16 20:15:04 | 000,000,000 | R--D | M] -- C:\Programme
[2012/06/27 15:55:42 | 000,000,000 | ---D | M] -- C:\QLINK
[2013/05/16 20:16:59 | 000,000,000 | ---D | M] -- C:\Qoobox
[2009/05/21 14:24:36 | 000,000,000 | ---D | M] -- C:\Sage
[2012/02/05 18:56:05 | 000,000,000 | ---D | M] -- C:\spoolerlogs
[2009/05/20 11:53:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009/05/20 11:53:18 | 000,000,000 | ---D | M] -- C:\system.sav
[2012/01/04 20:05:57 | 000,000,000 | ---D | M] -- C:\temp
[2013/05/13 19:27:40 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 13-05-13
[2009/05/21 13:57:33 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 21-05-09
[2013/05/16 20:16:59 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2002/03/11 04:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsia.exe
[2002/03/11 05:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsiw.exe
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2006/02/28 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2006/02/28 03:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011/02/16 15:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011/02/16 15:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: AHCIX86.SYS  >
[2007/10/26 08:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\ahcix86.sys
[2007/10/26 08:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\WINDOWS\DRIVERS\STORAGE\ahcix86.sys
 
< MD5 for: ATAPI.SYS  >
[2006/02/28 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2006/02/28 03:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011/02/16 15:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011/02/16 15:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004/08/04 03:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVGTS.SYS  >
[2007/12/13 10:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\nvgts.sys
[2007/12/13 10:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\WINDOWS\DRIVERS\STORAGE\nvgts.sys
 
< MD5 for: SCECLI.DLL  >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 03:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004/08/04 03:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\erdnt\cache\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/08/04 03:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 03:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001/08/17 16:56:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006/05/05 01:27:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/05/05 01:27:28 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/05/05 01:27:28 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2013/02/21 15:06:28 | 001,510,400 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shdocvw.dll
[2012/06/08 10:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
< End of report >

markusg 20.05.2013 21:09
komisch, mir wird da nichts angezeigt.
kannst du combofix im abgesicherten modus nutzen?b

hansdoll 20.05.2013 22:53
Habe Combofix im abgesicherten Modus laufen lassen.
Leider das gleiche Problem wie vorher:
Ich bekomme von Combofix die Fehlermeldung, dass keine Microsoft Wiederherstellungs-Konsole vorhanden sei. Combofix will diese nun aus dem Internet laden, ich bekomme aber im abges. Modus keine Internetverbindung hin (Router wird nicht gefunden).
Die ganze Schreiberei hier mache ich von einem zweiten Rechner mit Internetverbindung.

markusg 20.05.2013 22:55
überspringe das mit der Konsole bitte

hansdoll 21.05.2013 20:41
Hallo Markus,

hier der combofix-log:
Code:
ComboFix 13-05-16.02 - Administrator 21.05.2013  2:29.2.2 - x86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1918.1536 [GMT 2:00]
ausgeführt von:: F:\ComboFix.exe
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-21 bis 2013-05-21  ))))))))))))))))))))))))))))))
.
.
2013-05-14 22:52 . 2013-05-14 22:52        --------        d-----w-        C:\FRST
2013-05-13 23:23 . 2013-05-13 23:27        --------        d-----w-        C:\Wiederhergestellte Dateien 13-05-13
2013-05-04 18:31 . 2013-05-04 18:31        --------        d-----w-        c:\programme\iPod
2013-05-04 18:31 . 2013-05-04 18:31        --------        d-----w-        c:\programme\iTunes
2013-05-04 18:31 . 2013-05-04 18:31        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 23:03 . 2012-07-16 06:04        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-05-16 23:03 . 2012-03-05 15:24        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-14 22:50 . 2013-03-14 22:50        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2013-03-14 22:50 . 2013-03-14 22:50        143872        ----a-w-        c:\windows\system32\javacpl.cpl
2013-03-14 22:50 . 2012-06-13 22:33        861088        ----a-w-        c:\windows\system32\npDeployJava1.dll
2013-03-14 22:50 . 2010-10-03 19:29        782240        ----a-w-        c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2004-08-04 07:57        293888        ----a-w-        c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2006-02-28 09:00        2031104        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2004-08-04 07:50        2152448        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-02 01:57 . 2004-08-04 07:46        1867392        ----a-w-        c:\windows\system32\win32k.sys
2013-02-27 07:56 . 2004-08-04 05:59        2067456        ----a-w-        c:\windows\system32\mstscax.dll
2013-02-21 19:06 . 2004-08-04 07:57        672768        ----a-w-        c:\windows\system32\wininet.dll
2013-02-21 19:06 . 2004-08-04 05:59        61952        ----a-w-        c:\windows\system32\tdc.ocx
2013-02-21 19:06 . 2004-08-04 07:57        81920        ----a-w-        c:\windows\system32\ieencode.dll
2013-02-21 19:02 . 2004-08-04 07:42        371200        ----a-w-        c:\windows\system32\html.iec
2009-04-27 10:03 . 2009-04-27 10:03        9818624        ----a-w-        c:\programme\openofficeorg31.msi
2002-03-11 09:06 . 2002-03-11 09:06        1822520        ----a-w-        c:\programme\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45        1708856        ----a-w-        c:\programme\instmsia.exe
2013-04-13 08:20 . 2013-04-13 08:20        263064        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\programme\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"AutoStartNPSAgent"="c:\programme\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-04 8466432]
"nwiz"="nwiz.exe" [2007-09-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-04 81920]
"amd_dc_opt"="c:\programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"PDF Complete"="c:\programme\PDF Complete\pdfsty.exe" [2008-04-07 318488]
"SetRefresh"="c:\programme\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"G DATA AntiVirus Trayapplication"="c:\programme\G DATA\AntiVirus\AVKTray\AVKTray.exe" [2008-10-29 955976]
"BigDogPath"="c:\windows\VM_STI.EXE" [2005-02-28 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AVMWlanClient"="c:\programme\avmwlanstick\FRITZWLANMini.exe" [2007-02-02 283136]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"innoplus_update"="c:\programme\innoPlus\innoplus_bad\bin\dataupdate.exe" [2012-07-25 2983088]
"CDAServer"="c:\programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe" [2010-12-17 332288]
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe" [2013-02-08 1644680]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"(4) HWRestore"="c:\sage\KHK\Handwerk\HWRESTORE.EXE" [2003-07-07 159744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
OpenOffice.org 3.4.1.lnk - c:\programme\program\quickstart.exe [2012-8-13 1199104]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
OpenOffice.org 3.4.1.lnk - c:\programme\program\quickstart.exe [2012-8-13 1199104]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Dienst-Manager.lnk - c:\programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe [N/A]
QLINK.lnk - c:\program files\Lexmark Applications\QLink\QLINK.EXE [2010-11-10 1500752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\FRITZ!DSL\\WebwaIgd.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\FRITZ!\\FriFax32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX472x\\SCNSearch\\USDAgent.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Common Desktop Agent\\CDASrv.exe"=
"c:\\Programme\\Samsung\\Easy Printer Manager\\IDS.Application.exe"=
"c:\\Programme\\Samsung\\Easy Printer Manager\\OrderSupplies.exe"=
"c:\\Programme\\Samsung\\Easy Printer Manager\\IDSAlert.exe"=
"c:\\Programme\\Samsung\\Easy Printer Manager\\CDAS2PC\\CDAS2PC.exe"=
"c:\\Programme\\Scan Assistant\\USDAgent.exe"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
S1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [11.07.2008 14:44 191872]
S1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [27.05.2009 07:29 68424]
S2 AVKProxy;G DATA AntiVirus Proxy;c:\programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [19.08.2008 16:20 1089608]
S2 AVKService;G DATA Scheduler;c:\programme\G DATA\AntiVirus\AVK\AVKService.exe [19.08.2008 16:20 386120]
S2 AVKWCtl;AntiVirus Wächter;c:\programme\G DATA\AntiVirus\AVK\AVKWCtl.exe [14.08.2008 08:55 1185496]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [26.02.2013 01:31 238952]
S2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [20.05.2009 22:57 51016]
S2 IGDCTRL;AVM IGD CTRL Service;c:\programme\FRITZ!DSL\IGDCTRL.EXE [04.09.2007 10:14 87344]
S2 LiveUpdateInstaller;LiveUpdateInstaller;c:\programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe [21.05.2009 21:28 516096]
S2 pdfcDispatcher;PDF Document Manager;c:\programme\PDF Complete\pdfsvc.exe [20.05.2009 05:43 576024]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [15.10.2012 21:28 175104]
S2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [05.04.2011 13:31 5120]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [26.07.2010 21:29 4352]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [26.02.2013 01:31 36608]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [16.05.2010 17:32 265088]
S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [20.05.2009 22:57 48712]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [20.05.2009 22:57 32328]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [21.05.2009 03:08 215040]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 23:03]
.
2013-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-04-24 21:12]
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-04-24 21:12]
.
2013-05-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2013-02-08 13:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt
uInternet Settings,ProxyOverride = fritz.box;192.168.178.1;*.local
LSP: c:\programme\FRITZ!DSL\\sarah.dll
Trusted Zone: samsungsetup.com\www
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=51D33A1B-5494-4753-BB99-A16A296559A6&apn_ptnrs=U3&apn_sauid=EAABA731-5486-4EA9-BE11-A5DC56130D49&apn_dtid=OSJ000YYDE&&q=
FF - ExtSQL: !HIDDEN! 2010-04-28 23:18; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-21 02:35
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\programme\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2013-05-21  02:36:36
ComboFix-quarantined-files.txt  2013-05-21 00:36
ComboFix2.txt  2013-05-17 00:16
.
Vor Suchlauf: 6.741.188.608 Bytes frei
Nach Suchlauf: 6.727.749.632 Bytes frei
.
- - End Of File - - F4389BE8750C5A9735BF35D858C6734E

markusg 21.05.2013 23:20
Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

hansdoll 22.05.2013 23:13
Hallo,

ich habe nach wie vor das Problem, das ich mit dem infizierten Rechner im abgesicherten Modus
keine Internet-Verbindung habe.
Da Malwarebytes sich auf diesem Rechner nicht aktualisieren kann, habe ich es so
laufen lassen, wie es vom Download kam. Es gab keine Funde.
Ich habe den Rechner jetzt das erste mal normal gebootet und bis jetzt ist alles normal.
Hier der log:
Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.04.07

Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus)
Internet Explorer 6.0.2900.5512
Administrator :: COMPUTERHANS [Administrator]

Schutz: Deaktiviert

23.05.2013 00:15:47
mbam-log-2013-05-23 (00-15-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 300150
Laufzeit: 47 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg 22.05.2013 23:27
und wieso hast du malwarebytes nicht im normalen Modus aktualisiert, oder meintest du, dass es da probleme gibt mit dem Update, falls ja, de und reinstaliere es

hansdoll 24.05.2013 22:48
Hallo Markus,

genau die Angst hatte ich.
Habe jetzt Malwarebytes de- und reinstalliert, im normalen Modus durchlaufenlassen (fast 24 Stunden !). Ergebnis: Keine Funde.
Das bedeutet wohl, das der Rechner clean ist, oder ?
Komischerweise ist nun der Rechner selbst bei einfachen Aufgaben auf null ausgebremst (deswegen der 24h-Scan von Malwarebytes), die Festplatte ist rappelvoll und läuft sich zu Tode. Ich werde mal nen Frühjahrsputz machen, das sollte helfen.

Hier noch der log:
Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.23.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: COMPUTERHANS [Administrator]

Schutz: Deaktiviert

23.05.2013 23:37:21
mbam-log-2013-05-23 (23-37-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 278260
Laufzeit: 23 Stunde(n), 35 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg 24.05.2013 23:08
deinstaliere malwarebytes mal wieder, läufts besser?

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

hansdoll 27.05.2013 00:14
Hallo Markus,

die Reise ist wohl noch nicht zu Ende ...
Code:
ACDSee Foto-Manager 12        ACD Systems International Inc.        12.02.2011        144,00MB        12.0.344 notwendig
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        17.05.2013                11.7.700.202 notwendig
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        17.05.2013                11.7.700.202 notwendig
Adobe Reader XI (11.0.02) - Deutsch        Adobe Systems Incorporated        16.04.2013        145,00MB        11.0.02 notwendig
Altiris Software Virtualization Agent        Altiris, Inc.        20.05.2009        0,67MB        2.1.2096 unbekannt
AMD Processor Driver        AMD        20.05.2009                1.3.2.0053 unbekannt
Apple Application Support        Apple Inc.        04.05.2013        64,49MB        2.3.3 notwendig
Apple Mobile Device Support        Apple Inc.        04.05.2013        24,70MB        6.1.0.13 notwendig
Apple Software Update        Apple Inc.        18.12.2011        2,38MB        2.1.3.127 notwendig
Ask Toolbar        Ask.com        20.02.2013        5,03MB        1.15.15.0 unnötig
Ask Toolbar Updater        Ask.com        20.02.2013                1.2.4.36191 unnötig
AVM FRITZ!DSL        AVM Berlin        28.06.2009        14,11MB        2.04.02 notwendig
Bonjour        Apple Inc.        18.12.2011        1,04MB        3.0.0.10 unnötig
Canon Camera Access Library        Canon Inc.        01.05.2010                8.4.0.1 notwendig
Canon Camera Support Core Library        Canon Inc.        01.05.2010                7.3.1.6 notwendig
Canon EOS 5D WIA-Treiber        Canon        01.05.2010                5.7 notwendig
CANON iMAGE GATEWAY Task for ZoomBrowser EX        Canon Inc.        18.01.2012                1.5.0.3 notwendig
Canon Internet Library for ZoomBrowser EX        Canon Inc.        18.01.2012                1.6.1.6 notwendig
Canon RAW Image Task for ZoomBrowser EX        Canon Inc.        01.05.2010                3.3.0.5 notwendig
Canon Utilities CameraWindow        Canon Inc.        01.05.2010                7.1.0.2 notwendig
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX        Canon Inc.        01.05.2010                5.4.5.17 notwendig
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX        Canon Inc.        01.05.2010                6.4.2.16 notwendig
Canon Utilities Digital Photo Professional 3.4        Canon Inc.        01.05.2010                3.4.0.0 notwendig
Canon Utilities EOS Utility        Canon Inc.        01.05.2010                2.4.0.1 notwendig
Canon Utilities MyCamera        Canon Inc.        01.05.2010                6.4.0.5 notwendig
Canon Utilities Original Data Security Tools        Canon Inc.        01.05.2010                1.4.0.1 notwendig
Canon Utilities PhotoStitch        Canon Inc.        01.05.2010                3.1.21.45 notwendig
Canon Utilities Picture Style Editor        Canon Inc.        01.05.2010                1.3.0.0 notwendig
Canon Utilities RemoteCapture Task for ZoomBrowser EX        Canon Inc.        01.05.2010                1.7.1.9 notwendig
Canon Utilities WFT-E1/E2/E3 Utility        Canon Inc.        01.05.2010                3.2.1.1 notwendig
Canon Utilities ZoomBrowser EX        Canon Inc.        18.01.2012                6.1.1.21 notwendig
Canon ZoomBrowser EX Memory Card Utility        Canon Inc.        01.05.2010                1.1.0.8 notwendig
CCleaner        Piriform        23.04.2013                4.01 notwendig
Dual-Core Optimizer        AMD        20.05.2009        0,08MB        1.1.3.0161 unbekannt
ElsterFormular        Landesfinanzdirektion Thüringen        09.04.2013                14.1.20130301 notwendig
ElsterFormular 2008/2009        Steuerverwaltung des Bundes und der Länder        10.08.2009                10.2.1.0 notwendig
G DATA AntiVirus        G DATA Software AG        20.05.2009        214,00MB        19.0.0.4 notwendig
Google Earth Plug-in        Google        22.03.2013        80,76MB        7.0.3.8542 notwendig
HandBrake 0.9.5                18.12.2011                0.9.5 notwendig
Handwerk                10.11.2010 notwendig               
High Definition Audio - KB888111        Microsoft Corporation                        20040219.000000 unbekannt
HP Backup and Recovery Manager        Hewlett-Packard Company        20.05.2009                2.5C unnötig
HP Help and Support        HPQ        20.05.2009                4.2.0010 unnötig
innoPlus bad        INNOVA-engineering GmbH        27.07.2012        114,00MB        13.00.0100 unnötig
iTunes        Apple Inc.        04.05.2013        186,00MB        11.0.2.26 notwendig
Java 7 Update 17        Oracle        14.03.2013        130,00MB        7.0.170 notwendig
Microsoft .NET Framework 2.0 Language Pack - DEU        Microsoft Corporation        01.05.2010 unbekannt               
Microsoft .NET Framework 2.0 Service Pack 2        Microsoft Corporation        23.05.2013        185,00MB        2.2.30729 unbekannt
Microsoft .NET Framework 3.0 Service Pack 2        Microsoft Corporation        09.01.2013        253,00MB        3.2.30729 unbekannt
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        09.01.2013 unbekannt               
Microsoft Compression Client Pack 1.0 for Windows XP        Microsoft Corporation        25.02.2012 unbekannt        1
Microsoft SQL Server Desktop Engine        Microsoft Corporation        21.05.2009        79,75MB        8.00.760 notwendig
Microsoft User-Mode Driver Framework Feature Pack 1.0        Microsoft Corporation        25.02.2012 unbekannt               
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        27.07.2012        5,28MB        8.0.61001 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        06.05.2010        10,29MB        9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        15.10.2012        10,19MB        9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        14.02.2013        15,01MB        9.0.30729.6161 unbekannt
Mozilla Firefox (2.0.0.15)        Mozilla        20.05.2009                2.0.0.15 (en-US) unnötig
Mozilla Firefox 20.0.1 (x86 de)        Mozilla        13.04.2013                20.0.1 notwendig
Mozilla Maintenance Service        Mozilla        15.04.2013                20.0.1 notwendig
Mozilla Thunderbird 17.0.5 (x86 de)        Mozilla        19.05.2013                17.0.5 notwendig
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        03.08.2009        2,67MB        4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        25.11.2009        2,77MB        4.20.9876.0 unbekannt
MSXML 6 Service Pack 2 (KB973686)        Microsoft Corporation        25.11.2009        1,40MB        6.20.2003.0 unbekannt
Nero Suite                18.04.2010 notwendig               
Nokia Connectivity Cable Driver        Nokia        02.08.2009        0,77MB        6.81.1.2 notwendig
Nokia Lifeblog 2.1        Nokia        02.08.2009        60,41MB        2.1.131 notwendig
Nokia MTP driver        Nokia        02.08.2009        0,66MB        1.0.0 notwendig
Nokia N73 highlights        Nokia        02.08.2009        17,04MB        1.0.6 notwendig
Nokia Nseries Skin for Microsoft Windows Media Player        Nokia        02.08.2009        0,06MB        1.0.4 notwendig
Nokia PC Connectivity Solution        Nokia        02.08.2009        6,10MB        6.23.9.0 notwendig
Nokia PC Suite        Nokia        02.08.2009        29,81MB        6.81.13.0 notwendig
Nokia themes for your device        Nokia        02.08.2009        0,42MB        1.0.5 notwendig
NVIDIA Drivers                20.05.2009 notwendig               
OpenOffice.org 3.4.1        Apache Software Foundation        14.02.2013        350,00MB        3.41.9593 notwendig
PDF Complete        PDF Complete, Inc.        20.05.2009                3.5.22
QLink                10.11.2010               
Ravensburger tiptoi                07.04.2012 notwendig               
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        20.05.2009                5.10.0.5508
Samsung Easy Printer Manager        Samsung Electronics Co., Ltd.        15.10.2012                1.01.16.02 notwendig
Samsung Network PC Fax        Samsung Electronics Co., Ltd.        15.10.2012                1.05.23.04 notwendig
Samsung New PC Studio        Samsung Electronics Co., Ltd.        26.02.2013                1.00.0000 notwendig
Samsung Printer Live Update        Samsung Electronics Co., Ltd.        15.10.2012 notwendig               
Samsung Scan Assistant        Samsung Electronics Co., Ltd.        20.11.2012                1.04.26.00 notwendig
Samsung SCX-472x Series        Samsung Electronics Co., Ltd.        15.10.2012 notwendig               
SAMSUNG USB Driver for Mobile Phones        SAMSUNG Electronics Co., Ltd.        26.02.2013                1.3.650.0 notwendig
Sicherheitsupdate für Windows Media Encoder (KB2447961)        Microsoft Corporation        09.05.2011               
Skype™ 4.0        Skype Technologies S.A.        25.05.2009        32,28MB        4.0.226 notwendig
SmartSound Quicktracks Plugin        SmartSound Software Inc.        08.05.2011                3.0.0.26 unbekannt
Spelling Dictionaries Support For Adobe Reader 9        Adobe Systems Incorporated        03.12.2009        29,69MB        9.0.0 unbekannt
sv.net        ITSG GmbH        18.12.2012                12.1 notwendig
Ulead VideoStudio 8.0        Ulead System        08.05.2011                8.0 notwendig
Win-CASA 6                23.05.2013 notwendig               
Windows Driver Package - Nokia Modem  (06/12/2006 6.81.0.21)        Nokia        02.08.2009                06/12/2006 6.81.0.21 unbekannt
Windows Media Encoder 9 Series                08.05.2011 unbekannt
Windows Media Format 11 runtime                23.05.2011 unbekannt
Windows Media Player 11                23.05.2013 notwendig
Windows XP Service Pack 3        Microsoft Corporation        16.02.2011                20080414.031514 notwendig
YouTube Downloader 3.5        BienneSoft        05.03.2012 unnötig

markusg 28.05.2013 09:20
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Ask : alle

G DATA AntiVirus :
is ja total alt, deine Version scheint 2009 zu sein, es gibt schon die Version 2014
gehe mal auf die Homepage und upgrade auf die Neue.

Deinstaliere:
innoPlus
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Mozilla Firefox (2.0.0.15)

Skype™
Total veraltet:
Kostenlose Skype-Internetanrufe und günstige Online-Anrufe an Telefone ? Skype


Deinstalire:
Spelling Dictionaries
YouTube Downloader

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:58 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58