Weißer Bildschirm - Please wait... / Bitte warten...

Novize10 · 21.03.2012, 13:08

Weißer Bildschirm mit der Meldung - "Please wait while the server is trying to connect" (englisch und deutsch)

Nachdem ich mich nicht mal mehr im abgesicherten Zustand auf meinen Computer zugreifen konnte habe ich entsprechend einer Empfehlung hier im Forum OPTNL.exe heruntergeladen und den OTLPE-Scan unter Verwendung folgenden Scantexts in "Custom Scans/Files" ausgeführt:

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe

Das Ergebnis war folgende OTL.txt

OTL logfile created on: 3/21/2012 2:39:33 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

511.00 Mb Total Physical Memory | 311.00 Mb Available Physical Memory | 61.00% Memory free
459.00 Mb Paging File | 338.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 27.95 Gb Total Space | 1.99 Gb Free Space | 7.12% Space Free | Partition Type: NTFS
Drive D: | 22.08 Gb Total Space | 19.20 Gb Free Space | 86.98% Space Free | Partition Type: NTFS
Drive E: | 5.85 Gb Total Space | 1.01 Gb Free Space | 17.30% Space Free | Partition Type: FAT32
Drive F: | 124.72 Mb Total Space | 101.54 Mb Free Space | 81.41% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/02/15 08:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/27 05:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/20 08:13:44 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto] -- C:\Programme\Sitecom\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009/08/11 16:39:13 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/11 15:21:25 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/07/26 02:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 02:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/06/19 13:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/04/03 08:51:02 | 000,204,800 | ---- | M] () [Auto] -- C:\Programme\schomaecker\XPrintClient\Service\wrapper.exe -- (XPrintClientService)
SRV - [2003/07/28 15:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/09/20 10:41:02 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand] -- C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2002/09/20 10:29:30 | 000,053,248 | ---- | M] (Computer Associates) [Auto] -- C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2002/09/20 10:27:06 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand] -- C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)
SRV - [2001/02/23 04:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (tifm)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/07/14 06:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/12/07 15:55:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/20 08:13:54 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2009/09/15 09:09:22 | 000,779,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/06/11 15:21:25 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/26 16:51:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 05:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/08/26 05:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/26 09:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 09:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 02:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/06/19 13:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/03/29 12:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 12:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/28 16:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PDNMp50.sys -- (PDNMp50)
DRV - [2006/11/28 16:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PDNSp50.sys -- (PDNSp50)
DRV - [2004/12/15 14:12:04 | 000,218,368 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2004/02/20 07:05:12 | 000,380,736 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PRISMA00.sys -- (PRISM_A00)
DRV - [2003/08/21 12:02:32 | 000,075,109 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2003/08/21 12:02:18 | 001,086,453 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2003/08/21 12:01:48 | 000,602,873 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2003/08/21 12:01:20 | 000,031,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/08/18 14:24:54 | 000,028,276 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/04/24 11:48:02 | 000,730,092 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/03/20 10:01:46 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/04/17 14:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Nr1_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Nr1_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de
IE - HKU\Nr1_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Nr1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fe_3.6@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2011/12/18 19:19:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/03/08 20:45:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/03/08 20:45:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/12/18 19:19:23 | 000,000,000 | ---D | M]

[2012/03/09 01:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/03/04 17:48:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/08 20:45:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010/10/12 10:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 10:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 10:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\confmgr.dll
[2010/10/12 10:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\ctxlogging.dll
[2010/10/12 12:16:54 | 000,484,768 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npicaN.dll
[2010/10/12 10:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\TcpPServ.dll
[2012/03/08 20:45:41 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/08 20:45:41 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/03/08 20:45:41 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/08 20:45:41 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/08 20:45:41 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/08 20:45:41 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2002/08/29 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ConnectionCenter] C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [CtrlVol] File not found
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE2] C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PRISMSTA.EXE] C:\WINDOWS\System32\PRISMSTA.exe (Intersil Americas Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe ()
O4 - HKLM..\Run: [ZPseiK15zRSy1wG] C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\hw56suzj11.exe (lyqU)
O4 - HKU\.DEFAULT..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\Nr1_ON_C..\Run: [] File not found
O4 - HKU\Nr1_ON_C..\Run: [AOLMIcon] File not found
O4 - HKU\Nr1_ON_C..\Run: [ZPseiK15zRSy1wG] C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\hw56suzj11.exe (lyqU)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Sitecom Wireless Utility.lnk = C:\Programme\Sitecom\Common\RaUI.exe (Sitecom Europe BV)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\XPrint GUI.lnk = C:\Programme\schomaecker\XPrintClient\jre\bin\javaw.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nr1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nr1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Nr1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Nr1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37842.3558912037 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\hw56suzj11.exe) - C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\hw56suzj11.exe (lyqU)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\hw56suzj11.exe) - C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\hw56suzj11.exe (lyqU)
O20 - HKU\Nr1_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\hw56suzj11.exe) - C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\hw56suzj11.exe (lyqU)
O20 - HKU\Nr1_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\hw56suzj11.exe) - C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\hw56suzj11.exe (lyqU)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/09 16:01:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {7PUWzcMk-Mf4p-5xu7-pQUO-GiYsvyVQ39TZ} -
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {f5de1b93-9d38-416b-b09e-aa85a8e84309} - Q818529
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/19 14:09:25 | 000,294,912 | ---- | C] (lyqU) -- C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\hw56suzj11.exe
[2012/03/14 20:34:14 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/14 20:34:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
[2012/03/14 20:34:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee Security Scan
[2012/03/14 20:33:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus
[2012/03/14 20:33:52 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan
[2012/03/05 18:13:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/04 17:47:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2012/03/04 17:47:17 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/21 06:33:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/21 06:32:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/21 06:32:39 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/21 06:11:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/19 14:09:17 | 000,294,912 | ---- | M] (lyqU) -- C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\hw56suzj11.exe
[2012/03/19 13:19:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/19 13:00:39 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2012/03/14 20:34:14 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/14 20:34:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus
[2012/03/14 20:33:57 | 000,001,575 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk
[2012/03/14 20:33:57 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
[2012/03/14 20:33:56 | 000,001,583 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/03/14 03:17:49 | 087,227,952 | ---- | M] () -- C:\Dokumente und Einstellungen\Nr1\Desktop\avira_free_antivirus_898de.exe
[2012/03/08 20:45:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox
[2012/03/08 20:45:58 | 000,000,706 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2012/03/05 19:35:56 | 031,225,868 | ---- | M] () -- C:\Dokumente und Einstellungen\Nr1\Desktop\ninetyfive5-2007-09-28-52399.mp3
[2012/03/05 18:15:42 | 000,001,713 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2012/03/05 18:15:39 | 000,001,804 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk
[2012/03/04 17:59:10 | 000,012,921 | ---- | M] () -- C:\Dokumente und Einstellungen\Nr1\Desktop\casi.jpg
[2012/03/04 17:47:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2012/03/04 15:08:52 | 003,510,710 | ---- | M] () -- C:\Dokumente und Einstellungen\Nr1\Desktop\Handbuch_Alice_WLAN_1421.pdf
[2012/03/04 15:06:05 | 000,002,501 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Word.lnk
[2012/02/27 13:36:56 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Nr1\Eigene Dateien\Casi1Prof.prof
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/21 06:26:11 | 535,875,584 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/14 20:33:57 | 000,001,575 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk
[2012/03/14 20:33:56 | 000,001,583 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/03/14 03:16:04 | 087,227,952 | ---- | C] () -- C:\Dokumente und Einstellungen\Nr1\Desktop\avira_free_antivirus_898de.exe
[2012/03/08 20:45:57 | 000,000,706 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2012/03/05 19:33:35 | 031,225,868 | ---- | C] () -- C:\Dokumente und Einstellungen\Nr1\Desktop\ninetyfive5-2007-09-28-52399.mp3
[2012/03/05 18:15:40 | 000,001,713 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2012/03/05 18:15:39 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk
[2012/03/04 17:58:54 | 000,012,921 | ---- | C] () -- C:\Dokumente und Einstellungen\Nr1\Desktop\casi.jpg
[2012/03/04 15:08:51 | 003,510,710 | ---- | C] () -- C:\Dokumente und Einstellungen\Nr1\Desktop\Handbuch_Alice_WLAN_1421.pdf
[2012/02/27 13:36:56 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\Nr1\Eigene Dateien\Casi1Prof.prof
[2011/12/29 14:52:18 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/12/17 10:10:07 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2011/12/17 10:10:07 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2011/12/17 10:10:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2011/07/17 09:52:04 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS53.DLL
[2010/04/13 08:27:41 | 000,006,433 | ---- | C] () -- C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\NMM-MetaData.db
[2010/02/08 12:40:18 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2010/02/03 06:49:14 | 000,001,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Nr1\gsview32.ini
[2009/11/25 08:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/07/26 08:42:52 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/07/26 02:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/07/17 09:34:47 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/19 13:08:52 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/19 13:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/04/03 02:48:50 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini
[2008/02/25 11:10:30 | 000,000,020 | ---- | C] () -- C:\WINDOWS\crackpdf.INI
[2008/02/25 11:03:34 | 000,000,401 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2008/02/16 11:47:43 | 000,001,167 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/02/13 12:30:01 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2008/02/11 10:00:17 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008/02/01 09:32:55 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7Q.DLL
[2008/01/31 13:22:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/01/31 12:27:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/01/31 12:27:18 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/01/31 12:23:21 | 000,000,516 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/01/31 12:20:05 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\CNCFLbNL.DLL
[2008/01/27 07:37:34 | 000,033,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Nr1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/27 07:37:34 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Nr1\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/01/27 07:37:33 | 000,177,657 | ---- | C] () -- C:\Dokumente und Einstellungen\Nr1\~
[2007/03/02 10:56:39 | 000,009,886 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2005/12/07 05:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/08/30 12:06:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/08/30 12:04:08 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2003/08/24 04:44:56 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2003/08/21 11:46:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/18 14:20:35 | 000,040,960 | ---- | C] () -- C:\Programme\Uninstall_PCM.exe
[2003/08/18 13:57:14 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/17 07:56:46 | 004,142,932 | ---- | C] () -- C:\WINDOWS\System32\DETour.exe
[2003/08/16 12:19:40 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/08/16 11:36:16 | 000,380,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\PRISMA00.sys
[2003/08/16 11:36:16 | 000,008,632 | ---- | C] () -- C:\WINDOWS\PRISMDOM.ini
[2003/08/10 00:49:16 | 000,001,060 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/10 00:49:05 | 000,387,834 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/08/10 00:49:05 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003/08/10 00:49:05 | 000,063,490 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/08/10 00:49:05 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003/08/10 00:48:49 | 000,376,350 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/08/10 00:48:49 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/08/10 00:48:49 | 000,052,148 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/08/10 00:48:49 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/08/10 00:48:47 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/08/10 00:48:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/08/10 00:48:44 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/10 00:48:40 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/08/10 00:48:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/08/10 00:48:33 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/08/10 00:48:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/08/09 16:53:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/09 16:52:30 | 000,243,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/08/09 16:29:47 | 000,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2003/08/09 16:12:19 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/09 16:05:46 | 000,000,904 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/09 16:03:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/08/09 15:59:00 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/08/09 11:46:09 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/08/09 11:17:47 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/05/05 03:55:36 | 000,393,728 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2003/02/19 08:20:16 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/08 09:55:50 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\VOBRegCheck.exe

========== LOP Check ==========

[2008/04/03 02:47:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\SmartSurfer
[2008/02/14 10:27:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SmartSurfer
[2008/02/13 05:28:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\Canon
[2011/06/19 13:41:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\elsterformular
[2011/07/27 18:54:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\ICAClient
[2003/08/11 03:00:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\InterTrust
[2009/05/12 02:55:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\Leadertech
[2010/02/03 06:40:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\NewSoft
[2011/12/18 19:16:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\Nokia
[2011/07/15 10:38:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\Nokia Ovi Suite
[2008/03/17 06:43:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\Opera
[2011/07/26 16:53:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\PC Suite
[2008/01/31 12:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\ScanSoft
[2008/04/03 08:41:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\SmartSurfer
[2008/04/03 08:41:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\WEBDE
[2010/02/08 12:47:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nr1\Anwendungsdaten\WordToPDF
[2008/02/01 09:33:01 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011/07/27 18:41:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Citrix
[2008/04/10 16:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2010/03/27 12:23:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2011/12/18 19:18:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010/08/08 16:46:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2009/07/05 02:27:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2008/02/13 05:30:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2011/12/17 10:09:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sitecom Driver
[2008/02/13 05:22:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir
[2008/02/13 05:22:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard
[2008/04/03 08:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WEBDE

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2011/10/24 07:05:43 | 000,000,000 | ---D | M] -- C:\501
[2008/01/31 12:20:03 | 000,000,000 | -H-D | M] -- C:\CanonMP
[2012/03/08 20:20:55 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011/10/23 10:29:21 | 000,000,000 | ---D | M] -- C:\DCIM
[2012/03/21 06:22:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2008/02/19 14:21:20 | 000,000,000 | ---D | M] -- C:\kyoceramita
[2008/02/07 11:13:16 | 000,000,000 | ---D | M] -- C:\Medion
[2012/03/14 20:33:52 | 000,000,000 | R--D | M] -- C:\Programme
[2008/02/06 03:23:59 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2008/02/06 12:46:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/12/30 09:22:54 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >
[2003/08/12 14:28:48 | 000,040,960 | ---- | M] () -- C:\Programme\Uninstall_PCM.exe

Invalid Environment Variable: %LOCALAPPDATA%\*.exe

< %systemroot%\*. /mp /s >

< MD5 for: AGP440.SYS >
[2004/08/03 20:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/03 20:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\agp440.sys
[2004/08/03 18:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 18:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 07:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 08:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/03 20:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2002/08/29 08:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004/08/03 20:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/08/28 19:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2002/08/29 08:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\eventlog.dll
[2004/08/03 19:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/03 19:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
[2002/08/29 08:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2002/08/29 08:00:00 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/03 19:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828_0$\explorer.exe
[2004/08/03 19:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 09:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 09:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\explorer.exe
[2007/06/13 09:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\explorer.exe
[2007/06/13 09:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\netlogon.dll
[2002/08/29 08:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/03 19:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll
[2004/08/03 19:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467$\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\scecli.dll
[2004/08/03 19:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/03 19:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
[2002/08/29 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USER32.DLL >
[2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007/03/08 11:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\dllcache\user32.dll
[2007/03/08 11:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\user32.dll
[2005/03/02 14:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004/08/03 19:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2004/08/03 19:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2007/03/08 11:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\user32.dll
[2002/11/22 06:28:16 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=DB15B2FE24ECCE331EA3A954F6F90448 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2002/08/29 08:00:00 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtUninstallQ328310$\user32.dll

< MD5 for: USERINIT.EXE >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\userinit.exe
[2002/08/29 08:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/03 19:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/03 19:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 19:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/03 19:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2002/08/29 08:00:00 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2002/08/29 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2002/08/29 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2003/08/09 17:51:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2003/08/09 17:51:52 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003/08/09 17:51:52 | 000,413,696 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:39:48 | 000,148,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2004/08/03 19:57:30 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2004/08/03 19:57:32 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2010/04/16 11:35:16 | 001,506,304 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shdocvw.dll
[2008/07/03 09:14:58 | 008,495,616 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

Invalid Environment Variable: %USERPROFILE%\*.*

Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe

Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll

Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >

Was muss ich nunmehr tun, um den Plagegeist vollständig zu beseitigen?

Weißer Bildschirm - Please wait... / Bitte warten...

Plagegeister aller Art und deren Bekämpfung: Weißer Bildschirm - Please wait... / Bitte warten...

Weißer Bildschirm - Please wait... / Bitte warten...

Ähnliche Themen: Weißer Bildschirm - Please wait... / Bitte warten...