|
Mülltonne: Windows Update Trojaner startet nicht in keinem Abgesicherten Modi. Bitte um Hilfe!Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
12.06.2012, 16:25 | #1 |
| Windows Update Trojaner startet nicht in keinem Abgesicherten Modi. Bitte um Hilfe! Hallo Zusammen! Habe jetzt einiges durchgelesen und probiert, dabei Wahrscheinlich mehr Schaden angerichtet. Ich weiss nicht mehr weiter und brauche Hilfe. Von Anfang an kam ich in keinen der Abgesicherten Modi. Habe es so versucht, Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen. Mache einen Doppelklick auf das OTLPE Icon. Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler! Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK. OTLpe sollte nun starten. Drücke Run Scan, um den Scan zu starten. Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt eine Extra.txt bekomme ich nicht. Nur diese, OTL Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/12/2012 2:23:55 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 62.00% Memory free 459.00 Mb Paging File | 340.00 Mb Available in Paging File | 74.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 29.30 Gb Total Space | 16.19 Gb Free Space | 55.26% Space Free | Partition Type: NTFS Drive D: | 1000.00 Gb Total Space | 417.93 Gb Free Space | 41.79% Space Free | Partition Type: NTFS Drive E: | 100.00 Gb Total Space | 99.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS Drive F: | 103.58 Gb Total Space | 103.51 Gb Free Space | 99.94% Space Free | Partition Type: NTFS Drive G: | 63.01 Gb Total Space | 53.85 Gb Free Space | 85.46% Space Free | Partition Type: NTFS Drive H: | 800.00 Gb Total Space | 249.26 Gb Free Space | 31.16% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - [2012/04/10 10:02:50 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/02/23 07:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto] -- C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate) SRV - [2011/06/05 10:41:26 | 002,480,048 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011/05/25 03:25:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2009/10/30 23:48:40 | 000,661,072 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2008/11/26 12:18:46 | 000,155,160 | ---- | M] (ALWIL Software) [Auto] -- C:\Programme\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2008/11/26 12:18:32 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Programme\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2008/11/26 12:16:23 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Programme\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2008/11/26 12:12:08 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2003/07/28 08:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2012/01/12 04:16:47 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/06/05 10:41:27 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp) DRV - [2011/06/05 10:41:24 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) DRV - [2011/06/05 10:41:23 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2011/06/05 10:41:18 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2008/11/26 12:18:18 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2008/11/26 12:17:36 | 000,111,184 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2008/11/26 12:17:25 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2008/11/26 12:16:38 | 000,050,864 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2008/11/26 12:16:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2008/11/26 12:15:35 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2008/04/13 17:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC) DRV - [2006/11/23 11:11:40 | 004,025,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2006/04/05 19:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Jürgen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\Jürgen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Jürgen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=19433.67245.253116.234:8080 IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/02/13 10:56:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/04/10 11:25:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/02/13 10:56:28 | 000,000,000 | ---D | M] [2012/04/10 11:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\mozilla\Extensions [2012/04/10 11:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012/03/13 00:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012/03/13 01:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/03/13 01:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012/03/13 01:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012/03/13 01:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012/03/13 01:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012/03/13 01:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager) O4 - HKU\Jürgen_ON_C..\Run: [lyla.exe] File not found O4 - HKU\Jürgen_ON_C..\Run: [Omemkiyl] File not found O4 - HKU\Jürgen_ON_C..\Run: [Ozano] File not found O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager) O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager) O4 - HKU\systemprofile_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager) O4 - HKU\UpdatusUser_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager) O4 - Startup: C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yfsrfobamtz\hlydnnkeu.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1307207772828 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1307208877093 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/06/04 10:36:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011/05/29 12:34:10 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{7dfa3959-c11f-11e0-a485-00040efc837b}\Shell - "" = AutoRun O33 - MountPoints2\{7dfa3959-c11f-11e0-a485-00040efc837b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7dfa3959-c11f-11e0-a485-00040efc837b}\Shell\AutoRun\command - "" = L:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/06/12 13:19:50 | 002,805,464 | ---- | C] (Symantec Corporation) -- C:\NPE.exe [2012/06/11 15:14:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yfsrfobamtz [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/12 06:32:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/06/12 06:31:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/06/12 06:01:36 | 002,805,464 | ---- | M] (Symantec Corporation) -- C:\NPE.exe [2012/06/12 03:52:08 | 000,408,618 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012/06/12 03:52:08 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/12 03:52:08 | 000,071,598 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012/06/12 03:52:08 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/06/12 03:52:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/06/12 02:51:52 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012/06/11 15:14:04 | 000,062,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yfsrfobamtz\hlydnnkeu.exe [2012/05/29 07:04:30 | 000,222,208 | ---- | M] () -- C:\Dokumente und Einstellungen\Jürgen\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/05/18 12:46:08 | 000,208,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/05/17 12:18:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/21 04:00:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/13 10:53:47 | 000,185,433 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp [2012/02/13 10:53:47 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp [2012/02/13 07:38:07 | 000,187,813 | ---- | C] () -- C:\WINDOWS\hpoins28.dat [2012/02/13 07:38:07 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat [2012/01/03 03:28:06 | 002,570,286 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe [2011/10/09 11:56:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2011/06/06 03:52:20 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011/06/06 03:00:16 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX3600FGD.ini [2011/06/04 19:17:46 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011/06/04 19:17:45 | 000,222,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Jürgen\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/04 11:52:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011/06/04 11:52:34 | 000,000,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat [2011/06/04 11:52:06 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2011/06/04 11:51:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2011/06/04 11:46:00 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011/06/04 11:22:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011/06/04 11:19:07 | 000,208,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/06/04 11:07:53 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011/06/04 11:07:53 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011/06/04 11:07:53 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011/06/04 11:07:42 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011/06/04 10:39:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011/06/04 10:33:25 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009/09/30 06:05:48 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v60.dll [2008/10/30 12:00:22 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v60.dll [2008/10/30 11:59:24 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v60.dll [2008/09/04 20:01:00 | 000,097,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008/04/14 08:00:00 | 000,408,618 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2008/04/14 08:00:00 | 000,395,200 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008/04/14 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008/04/14 08:00:00 | 000,071,598 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2008/04/14 08:00:00 | 000,059,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008/04/14 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/04/14 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll [2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll [2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll [2003/02/20 13:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [1601/02/13 04:28:18 | 000,072,080 | ---- | C] () -- C:\Dokumente und Einstellungen\Jürgen\UopafUQvonelsxgNjyaXd [1601/02/13 04:28:18 | 000,010,640 | ---- | C] () -- C:\Dokumente und Einstellungen\Jürgen\yGONjylexsvQnopaV [1601/02/13 04:28:18 | 000,003,434 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OpoVaQGoJsAtlg [1601/02/13 04:28:18 | 000,000,073 | ---- | C] () -- C:\Dokumente und Einstellungen\Jürgen\Lokale Einstellungen\Anwendungsdaten\nsQOjjladUgJLnXlG ========== LOP Check ========== [2012/05/26 15:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\abgx360 [2011/06/07 07:33:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Acronis [2012/06/12 03:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Awer [2012/06/12 03:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\DAEMON Tools Lite [2011/07/07 03:16:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\EPSON [2012/06/11 17:36:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Erotok [2012/06/12 03:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Hutoa [2012/04/26 14:52:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\ImgBurn [2012/06/12 03:42:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Ivte [2012/06/12 03:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\NetSpeedMonitor [2012/04/26 16:11:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Oberu [2012/06/12 03:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Poyrl [2012/06/12 03:42:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\UseNeXT [2012/06/12 03:45:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\uTorrent [2012/06/12 03:42:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\XnView [2012/06/11 15:14:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yfsrfobamtz [2012/06/12 03:42:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Ylti [2012/06/12 03:42:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yvva [2011/06/05 10:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2012/01/12 04:01:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2011/09/07 17:01:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarMoney 8.0 ========== Purity Check ========== < End of report > --- --- --- dann diese versucht, :OTL O4 - HKU\Dracon_ON_C..\Run: [B47AB9C5] C:\WINDOWS\system32\694A625BB47AB9C56908.exe (Al Momento Non è Registrata) O4 - HKU\.DEFAULT..\RunOnce: [IETI] File not found O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found O4 - HKLM..\RunOnceEx: [Title] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Dracon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Dracon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\Dracon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\Dracon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\694A625BB47AB9C56908.exe) - C:\WINDOWS\system32\694A625BB47AB9C56908.exe (Al Momento Non è Registrata) O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/02/20 10:28:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] @Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP1B5B4F1 :Files C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Sfdwkelnhq C:\WINDOWS\System32\694A625BB47AB9C56908.exe C:\WINDOWS\System32\winsh32? :Commands [purity] [resethosts] Nun versuchte ich alles Rückgänngig zu machen, was nachdem Fix nicht mehr funktioniert. Jetzt startet der PC an der Windows XP-Schrift immer wieder, neu. Wie bekomme ich das je wieder hin? Ich bedanke mich schon mal im Voraus für die Mühe mir zu helfen! PS. Das ist vom OTL, das FIX ! Error: Unable to interpret <OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/12/2012 2:23:55 PM - Run > in the current context! Error: Unable to interpret <OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE> in the current context! Error: Unable to interpret <Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM> in the current context! Error: Unable to interpret <Internet Explorer (Version = 8.0.6001.18702)> in the current context! Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <511.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 62.00% Memory free> in the current context! Error: Unable to interpret <459.00 Mb Paging File | 340.00 Mb Available in Paging File | 74.00% Paging File free> in the current context! Error: Unable to interpret <Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme> in the current context! Error: Unable to interpret <Drive C: | 29.30 Gb Total Space | 16.19 Gb Free Space | 55.26% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret <Drive D: | 1000.00 Gb Total Space | 417.93 Gb Free Space | 41.79% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret <Drive E: | 100.00 Gb Total Space | 99.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret <Drive F: | 103.58 Gb Total Space | 103.51 Gb Free Space | 99.94% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret <Drive G: | 63.01 Gb Total Space | 53.85 Gb Free Space | 85.46% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret <Drive H: | 800.00 Gb Total Space | 249.26 Gb Free Space | 31.16% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret <Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Computer Name: REATOGO | User Name: SYSTEM> in the current context! Error: Unable to interpret <Boot Mode: Normal | Scan Mode: All users> in the current context! Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context! Error: Unable to interpret <Using ControlSet: ControlSet002> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <SRV - [2012/04/10 10:02:50 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)> in the current context! Error: Unable to interpret <SRV - [2012/02/23 07:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto] -- C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)> in the current context! Error: Unable to interpret <SRV - [2011/06/05 10:41:26 | 002,480,048 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)> in the current context! Error: Unable to interpret <SRV - [2011/05/25 03:25:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)> in the current context! Error: Unable to interpret <SRV - [2009/10/30 23:48:40 | 000,661,072 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)> in the current context! Error: Unable to interpret <SRV - [2008/11/26 12:18:46 | 000,155,160 | ---- | M] (ALWIL Software) [Auto] -- C:\Programme\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)> in the current context! Error: Unable to interpret <SRV - [2008/11/26 12:18:32 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Programme\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)> in the current context! Error: Unable to interpret <SRV - [2008/11/26 12:16:23 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Programme\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)> in the current context! Error: Unable to interpret <SRV - [2008/11/26 12:12:08 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)> in the current context! Error: Unable to interpret <SRV - [2003/07/28 08:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] -- -- (WDICA)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | System] -- -- (PCIDump)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | System] -- -- (lbrtfdc)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | System] -- -- (i2omgmt)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | System] -- -- (Changer)> in the current context! Error: Unable to interpret <DRV - [2012/01/12 04:16:47 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)> in the current context! Error: Unable to interpret <DRV - [2011/06/05 10:41:27 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)> in the current context! Error: Unable to interpret <DRV - [2011/06/05 10:41:24 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)> in the current context! Error: Unable to interpret <DRV - [2011/06/05 10:41:23 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)> in the current context! Error: Unable to interpret <DRV - [2011/06/05 10:41:18 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)> in the current context! Error: Unable to interpret <DRV - [2008/11/26 12:18:18 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)> in the current context! Error: Unable to interpret <DRV - [2008/11/26 12:17:36 | 000,111,184 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)> in the current context! Error: Unable to interpret <DRV - [2008/11/26 12:17:25 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)> in the current context! Error: Unable to interpret <DRV - [2008/11/26 12:16:38 | 000,050,864 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)> in the current context! Error: Unable to interpret <DRV - [2008/11/26 12:16:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)> in the current context! Error: Unable to interpret <DRV - [2008/11/26 12:15:35 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)> in the current context! Error: Unable to interpret <DRV - [2008/04/13 17:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)> in the current context! Error: Unable to interpret <DRV - [2006/11/23 11:11:40 | 004,025,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)> in the current context! Error: Unable to interpret <DRV - [2006/04/05 19:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Internet Explorer ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <IE - HKU\Jürgen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/> in the current context! Error: Unable to interpret <IE - HKU\Jürgen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context! Error: Unable to interpret <IE - HKU\Jürgen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=19433.67245.253116.234:8080> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/02/13 10:56:28 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/04/10 11:25:40 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins> in the current context! Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/02/13 10:56:28 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012/04/10 11:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\mozilla\Extensions> in the current context! Error: Unable to interpret <[2012/04/10 11:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions> in the current context! Error: Unable to interpret <[2012/03/13 00:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll> in the current context! Error: Unable to interpret <[2012/03/13 01:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml> in the current context! Error: Unable to interpret <[2012/03/13 01:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml> in the current context! Error: Unable to interpret <[2012/03/13 01:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml> in the current context! Error: Unable to interpret <[2012/03/13 01:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml> in the current context! Error: Unable to interpret <[2012/03/13 01:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml> in the current context! Error: Unable to interpret <[2012/03/13 01:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts> in the current context! Error: Unable to interpret <O1 - Hosts: 127.0.0.1 localhost> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)> in the current context! Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)> in the current context! Error: Unable to interpret <O4 - HKU\Jürgen_ON_C..\Run: [lyla.exe] File not found> in the current context! Error: Unable to interpret <O4 - HKU\Jürgen_ON_C..\Run: [Omemkiyl] File not found> in the current context! Error: Unable to interpret <O4 - HKU\Jürgen_ON_C..\Run: [Ozano] File not found> in the current context! Error: Unable to interpret <O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)> in the current context! Error: Unable to interpret <O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)> in the current context! Error: Unable to interpret <O4 - HKU\systemprofile_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)> in the current context! Error: Unable to interpret <O4 - HKU\UpdatusUser_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)> in the current context! Error: Unable to interpret <O4 - Startup: C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yfsrfobamtz\hlydnnkeu.exe ()> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1> in the current context! Error: Unable to interpret <O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context! Error: Unable to interpret <O7 - HKU\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]> in the current context! Error: Unable to interpret <O7 - HKU\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1> in the current context! Error: Unable to interpret <O7 - HKU\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1> in the current context! Error: Unable to interpret <O7 - HKU\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1> in the current context! Error: Unable to interpret <O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context! Error: Unable to interpret <O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context! Error: Unable to interpret <O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context! Error: Unable to interpret <O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context! Error: Unable to interpret <O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1307207772828 (WUWebControl Class)> in the current context! Error: Unable to interpret <O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1307208877093 (MUWebControl Class)> in the current context! Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)> in the current context! Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)> in the current context! Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)> in the current context! Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)> in the current context! Error: Unable to interpret <O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home> in the current context! Error: Unable to interpret <O24 - Desktop WallPaper: > in the current context! Error: Unable to interpret <O24 - Desktop BackupWallPaper: > in the current context! Error: Unable to interpret <O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found> in the current context! Error: Unable to interpret <O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found> in the current context! Error: Unable to interpret <O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found> in the current context! Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context! Error: Unable to interpret <O32 - AutoRun File - [2011/06/04 10:36:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]> in the current context! Error: Unable to interpret <O32 - AutoRun File - [2011/05/29 12:34:10 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]> in the current context! Error: Unable to interpret <O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]> in the current context! Error: Unable to interpret <O33 - MountPoints2\{7dfa3959-c11f-11e0-a485-00040efc837b}\Shell - "" = AutoRun> in the current context! Error: Unable to interpret <O33 - MountPoints2\{7dfa3959-c11f-11e0-a485-00040efc837b}\Shell\AutoRun - "" = Auto&Play> in the current context! Error: Unable to interpret <O33 - MountPoints2\{7dfa3959-c11f-11e0-a485-00040efc837b}\Shell\AutoRun\command - "" = L:\pushinst.exe> in the current context! Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *) - File not found> in the current context! Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context! Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context! Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context! Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012/06/12 13:19:50 | 002,805,464 | ---- | C] (Symantec Corporation) -- C:\NPE.exe> in the current context! Error: Unable to interpret <[2012/06/11 15:14:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yfsrfobamtz> in the current context! Error: Unable to interpret <[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context! Error: Unable to interpret <[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012/06/12 06:32:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat> in the current context! Error: Unable to interpret <[2012/06/12 06:31:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl> in the current context! Error: Unable to interpret <[2012/06/12 06:01:36 | 002,805,464 | ---- | M] (Symantec Corporation) -- C:\NPE.exe> in the current context! Error: Unable to interpret <[2012/06/12 03:52:08 | 000,408,618 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat> in the current context! Error: Unable to interpret <[2012/06/12 03:52:08 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat> in the current context! Error: Unable to interpret <[2012/06/12 03:52:08 | 000,071,598 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat> in the current context! Error: Unable to interpret <[2012/06/12 03:52:08 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat> in the current context! Error: Unable to interpret <[2012/06/12 03:52:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job> in the current context! Error: Unable to interpret <[2012/06/12 02:51:52 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT> in the current context! Error: Unable to interpret <[2012/06/11 15:14:04 | 000,062,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yfsrfobamtz\hlydnnkeu.exe> in the current context! Error: Unable to interpret <[2012/05/29 07:04:30 | 000,222,208 | ---- | M] () -- C:\Dokumente und Einstellungen\Jürgen\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context! Error: Unable to interpret <[2012/05/18 12:46:08 | 000,208,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT> in the current context! Error: Unable to interpret <[2012/05/17 12:18:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK> in the current context! Error: Unable to interpret <[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context! Error: Unable to interpret <[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012/02/21 04:00:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll> in the current context! Error: Unable to interpret <[2012/02/13 10:53:47 | 000,185,433 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp> in the current context! Error: Unable to interpret <[2012/02/13 10:53:47 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp> in the current context! Error: Unable to interpret <[2012/02/13 07:38:07 | 000,187,813 | ---- | C] () -- C:\WINDOWS\hpoins28.dat> in the current context! Error: Unable to interpret <[2012/02/13 07:38:07 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat> in the current context! Error: Unable to interpret <[2012/01/03 03:28:06 | 002,570,286 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe> in the current context! Error: Unable to interpret <[2011/10/09 11:56:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI> in the current context! Error: Unable to interpret <[2011/06/06 03:52:20 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat> in the current context! Error: Unable to interpret <[2011/06/06 03:00:16 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX3600FGD.ini> in the current context! Error: Unable to interpret <[2011/06/04 19:17:46 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini> in the current context! Error: Unable to interpret <[2011/06/04 19:17:45 | 000,222,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Jürgen\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context! Error: Unable to interpret <[2011/06/04 11:52:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe> in the current context! Error: Unable to interpret <[2011/06/04 11:52:34 | 000,000,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat> in the current context! Error: Unable to interpret <[2011/06/04 11:52:06 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini> in the current context! Error: Unable to interpret <[2011/06/04 11:51:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll> in the current context! Error: Unable to interpret <[2011/06/04 11:46:00 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI> in the current context! Error: Unable to interpret <[2011/06/04 11:22:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI> in the current context! Error: Unable to interpret <[2011/06/04 11:19:07 | 000,208,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT> in the current context! Error: Unable to interpret <[2011/06/04 11:07:53 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin> in the current context! Error: Unable to interpret <[2011/06/04 11:07:53 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin> in the current context! Error: Unable to interpret <[2011/06/04 11:07:53 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin> in the current context! Error: Unable to interpret <[2011/06/04 11:07:42 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data> in the current context! Error: Unable to interpret <[2011/06/04 10:39:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat> in the current context! Error: Unable to interpret <[2011/06/04 10:33:25 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat> in the current context! Error: Unable to interpret <[2009/09/30 06:05:48 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v60.dll> in the current context! Error: Unable to interpret <[2008/10/30 12:00:22 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v60.dll> in the current context! Error: Unable to interpret <[2008/10/30 11:59:24 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v60.dll> in the current context! Error: Unable to interpret <[2008/09/04 20:01:00 | 000,097,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin> in the current context! Error: Unable to interpret <[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin> in the current context! Error: Unable to interpret <[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat> in the current context! Error: Unable to interpret <[2008/04/14 08:00:00 | 000,408,618 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat> in the current context! Error: Unable to interpret <[2008/04/14 08:00:00 | 000,395,200 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat> in the current context! Error: Unable to interpret <[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat> in the current context! Error: Unable to interpret <[2008/04/14 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat> in the current context! Error: Unable to interpret <[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat> in the current context! Error: Unable to interpret <[2008/04/14 08:00:00 | 000,071,598 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat> in the current context! Error: Unable to interpret <[2008/04/14 08:00:00 | 000,059,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat> in the current context! Error: Unable to interpret <[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin> in the current context! Error: Unable to interpret <[2008/04/14 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat> in the current context! Error: Unable to interpret <[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat> in the current context! Error: Unable to interpret <[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat> in the current context! Error: Unable to interpret <[2008/04/14 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat> in the current context! Error: Unable to interpret <[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin> in the current context! Error: Unable to interpret <[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat> in the current context! Error: Unable to interpret <[2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll> in the current context! Error: Unable to interpret <[2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll> in the current context! Error: Unable to interpret <[2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll> in the current context! Error: Unable to interpret <[2003/02/20 13:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI> in the current context! Error: Unable to interpret <[1601/02/13 04:28:18 | 000,072,080 | ---- | C] () -- C:\Dokumente und Einstellungen\Jürgen\UopafUQvonelsxgNjyaXd> in the current context! Error: Unable to interpret <[1601/02/13 04:28:18 | 000,010,640 | ---- | C] () -- C:\Dokumente und Einstellungen\Jürgen\yGONjylexsvQnopaV> in the current context! Error: Unable to interpret <[1601/02/13 04:28:18 | 000,003,434 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OpoVaQGoJsAtlg> in the current context! Error: Unable to interpret <[1601/02/13 04:28:18 | 000,000,073 | ---- | C] () -- C:\Dokumente und Einstellungen\Jürgen\Lokale Einstellungen\Anwendungsdaten\nsQOjjladUgJLnXlG> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== LOP Check ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012/05/26 15:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\abgx360> in the current context! Error: Unable to interpret <[2011/06/07 07:33:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Acronis> in the current context! Error: Unable to interpret <[2012/06/12 03:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Awer> in the current context! Error: Unable to interpret <[2012/06/12 03:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\DAEMON Tools Lite> in the current context! Error: Unable to interpret <[2011/07/07 03:16:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\EPSON> in the current context! Error: Unable to interpret <[2012/06/11 17:36:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Erotok> in the current context! Error: Unable to interpret <[2012/06/12 03:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Hutoa> in the current context! Error: Unable to interpret <[2012/04/26 14:52:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\ImgBurn> in the current context! Error: Unable to interpret <[2012/06/12 03:42:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Ivte> in the current context! Error: Unable to interpret <[2012/06/12 03:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\NetSpeedMonitor> in the current context! Error: Unable to interpret <[2012/04/26 16:11:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Oberu> in the current context! Error: Unable to interpret <[2012/06/12 03:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Poyrl> in the current context! Error: Unable to interpret <[2012/06/12 03:42:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\UseNeXT> in the current context! Error: Unable to interpret <[2012/06/12 03:45:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\uTorrent> in the current context! Error: Unable to interpret <[2012/06/12 03:42:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\XnView> in the current context! Error: Unable to interpret <[2012/06/11 15:14:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yfsrfobamtz> in the current context! Error: Unable to interpret <[2012/06/12 03:42:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Ylti> in the current context! Error: Unable to interpret <[2012/06/12 03:42:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yvva> in the current context! Error: Unable to interpret <[2011/06/05 10:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis> in the current context! Error: Unable to interpret <[2012/01/12 04:01:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite> in the current context! Error: Unable to interpret <[2011/09/07 17:01:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarMoney 8.0> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Purity Check ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << End of report > > in the current context! OTLPE by OldTimer - Version 3.1.48.0 log created on 06122012_202011 Neuer Versuch mit Texteingabe in OTLPE, netsvcs msconfig safebootminimal safebootnetwork activex drivers32 /md5start explorer.exe lsass.exe svchost.exe wininit.exe winlogon.exe userinit.exe /md5stop %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*.exe /s %APPDATA%\*.dat /s %APPDATA%\Adobe\Update\*.* %APPDATA%\Update\*.* %APPDATA%\Microsoft\*.* %ALLUSERSPROFILE%\Favorites\*.* %ALLUSERSPROFILE%\*.* %SYSTEMDRIVE%\*.* %PROGRAMFILES%\*.* %PROGRAMFILES%\Internet Explorer\*.* %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe %systemroot%\*. /mp /s %systemroot%\*.exe /90 %systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\*.dll /90 %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\drivers\*.sys /90 %systemroot%\system32\*.exe /90 %systemroot%\system32\config\*.sav %systemroot%\system32\spool\prtprocs\w32x86\*.* %systemroot%\Tasks\*.job /lockedfiles %systemroot%\assembly\tmp\*.* /S /MD5 %systemroot%\assembly\GAC_32\*.* /S /MD5 %systemroot%\assembly\GAC_64\*.* /S /MD5 CREATERESTOREPOINT HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs OTL ist =, OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/12/2012 8:58:24 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.00 Mb Total Physical Memory | 251.00 Mb Available Physical Memory | 49.00% Memory free 459.00 Mb Paging File | 284.00 Mb Available in Paging File | 62.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 29.30 Gb Total Space | 18.12 Gb Free Space | 61.83% Space Free | Partition Type: NTFS Drive D: | 1000.00 Gb Total Space | 417.93 Gb Free Space | 41.79% Space Free | Partition Type: NTFS Drive E: | 100.00 Gb Total Space | 99.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS Drive F: | 103.58 Gb Total Space | 103.51 Gb Free Space | 99.94% Space Free | Partition Type: NTFS Drive G: | 63.01 Gb Total Space | 53.85 Gb Free Space | 85.46% Space Free | Partition Type: NTFS Drive H: | 800.00 Gb Total Space | 249.26 Gb Free Space | 31.16% Space Free | Partition Type: NTFS Drive J: | 7.46 Gb Total Space | 2.57 Gb Free Space | 34.44% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - File not found [Auto] -- -- (TrkWks) Überwachung verteilter Verknüpfungen (Client) SRV - File not found [Auto] -- -- (stisvc) Windows-Bilderfassung (WIA) SRV - File not found [Auto] -- -- (RpcSs) Remoteprozeduraufruf (RPC) SRV - File not found [Auto] -- -- (RemoteAccess) SRV - File not found [On_Demand] -- -- (Nla) NLA (Network Location Awareness) SRV - File not found [On_Demand] -- -- (napagent) NAP-Agent (Network Access Protection) SRV - File not found [On_Demand] -- -- (Dot3svc) Automatische Konfiguration (verkabelt) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Boot] -- -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) DRV - File not found [Kernel | On_Demand] -- -- (Raspti) Parallelanschluss (direkt) DRV - File not found [Kernel | On_Demand] -- -- (Rasl2tp) WAN-Miniport (L2TP) DRV - File not found [Kernel | On_Demand] -- -- (PptpMiniport) WAN-Miniport (PPTP) DRV - File not found [Kernel | On_Demand] -- -- (aswRdr) DRV - File not found [Kernel | On_Demand] -- -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Jürgen_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = IE - HKU\Jürgen_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\Jürgen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\Jürgen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Jürgen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/02/13 10:56:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/06/12 14:45:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins O1 HOSTS File: ([2012/06/12 14:45:58 | 000,001,564 | RH-- | M]) - C:\WINDOWS\System32\Drivers\etc\hosts O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - Unable to open key or key not present! O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: AudioSrv - File not found NetSvcs: Browser - File not found NetSvcs: CryptSvc - File not found NetSvcs: DMServer - File not found NetSvcs: DHCP - File not found NetSvcs: ERSvc - File not found NetSvcs: EventSystem - File not found NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: LanmanWorkstation - File not found NetSvcs: Messenger - File not found NetSvcs: Netman - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Rasauto - File not found NetSvcs: Rasman - C:\WINDOWS\System32\rasman.dll (Microsoft Corporation) NetSvcs: Remoteaccess - File not found NetSvcs: Schedule - File not found NetSvcs: Seclogon - File not found NetSvcs: SENS - File not found NetSvcs: Sharedaccess - File not found NetSvcs: SRService - File not found NetSvcs: Tapisrv - File not found NetSvcs: Themes - File not found NetSvcs: TrkWks - File not found NetSvcs: W32Time - File not found NetSvcs: WZCSVC - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: winmgmt - C:\WINDOWS\system32\wbem\winmgmt.exe (Microsoft Corporation) NetSvcs: wscsvc - File not found NetSvcs: xmlprov - File not found NetSvcs: napagent - File not found NetSvcs: hkmsvc - File not found NetSvcs: BITS - File not found NetSvcs: wuauserv - File not found NetSvcs: ShellHWDetection - File not found NetSvcs: helpsvc - File not found NetSvcs: WmdmPmSN - File not found MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) MsConfig - StartUpReg: AVMWlanClient - hkey= - key= - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - File not found MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found MsConfig - StartUpReg: EPSON Stylus CX3600 Series - hkey= - key= - File not found MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Programme\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: nwiz - hkey= - key= - C:\Programme\NVIDIA Corporation\nView\nwiz.exe () MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) ========== Files/Folders - Created Within 30 Days ========== [2012/06/12 14:46:09 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2012/06/12 14:45:48 | 000,000,000 | ---D | C] -- C:\_OTL ========== Files - Modified Within 30 Days ========== ========== Files Created - No Company Name ========== ========== LOP Check ========== ========== Purity Check ========== ========== Custom Scans ========== < MD5 for: EXPLORER.EXE > [2008/04/14 08:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008/04/14 08:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: LSASS.EXE > [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=AFB8261B56CBA0D86AEB6DF682AF9785 -- C:\WINDOWS\system32\dllcache\lsass.exe [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=AFB8261B56CBA0D86AEB6DF682AF9785 -- C:\WINDOWS\system32\lsass.exe < MD5 for: SVCHOST.EXE > [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- C:\WINDOWS\system32\dllcache\svchost.exe [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- C:\WINDOWS\system32\svchost.exe < MD5 for: USERINIT.EXE > [2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008/04/14 08:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008/04/14 08:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe Invalid Environment Variable: %APPDATA%\*.exe Invalid Environment Variable: %APPDATA%\*.dat Invalid Environment Variable: %APPDATA%\Adobe\Update\*.* Invalid Environment Variable: %APPDATA%\Update\*.* Invalid Environment Variable: %APPDATA%\Microsoft\*.* Invalid Environment Variable: %ALLUSERSPROFILE%\Favorites\*.* Invalid Environment Variable: %ALLUSERSPROFILE%\*.* < %SYSTEMDRIVE%\*.* > [2012/06/12 20:47:31 | 000,072,906 | ---- | M] () -- C:\1OTL.txt [2012/03/14 03:14:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2008/04/14 08:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin [2011/06/04 10:36:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2012/06/12 20:46:21 | 000,031,460 | ---- | M] () -- C:\Extras.Txt [2011/06/04 10:36:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011/06/04 10:36:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/04/14 08:00:00 | 000,251,712 | RHS- | M] () -- C:\ntldr [2012/06/12 20:46:13 | 000,072,906 | ---- | M] () -- C:\OTL.Txt [2011/07/12 22:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe [2012/06/12 06:32:31 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys < %PROGRAMFILES%\*.* > < %PROGRAMFILES%\Internet Explorer\*.* > [2009/03/07 22:35:04 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ExtExport.exe [2009/03/07 22:24:28 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\hmmapi.dll [2009/01/11 15:05:26 | 000,002,649 | ---- | M] () -- C:\Programme\Internet Explorer\ie8props.propdesc [2011/08/16 06:45:39 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iecompat.dll [2012/03/01 07:00:07 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iedvtool.dll [2008/04/14 08:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iedw.exe [2012/03/01 07:00:08 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll [2009/03/08 08:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe [2009/03/08 08:28:16 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe.mui [2009/03/07 22:35:02 | 000,521,216 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\jsdbgui.dll [2009/03/07 22:35:02 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\jsdebuggeride.dll [2009/03/07 22:35:04 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\JSProfilerCore.dll [2009/03/07 22:35:12 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\jsprofilerui.dll [2009/01/07 12:20:18 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\pdm.dll [2009/01/07 12:20:54 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\sqmapi.dll [2012/03/01 07:00:09 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\xpshims.dll Invalid Environment Variable: %USERPROFILE%\*.* Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe < %systemroot%\*. /mp /s > < %systemroot%\*.exe /90 > < %systemroot%\system32\*.dll /lockedfiles > [2008/04/14 08:00:00 | 000,193,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\activeds.dll [2008/04/14 08:00:00 | 000,098,304 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\actxprxy.dll [2008/04/14 08:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\adsldpc.dll [2011/02/17 09:51:44 | 001,025,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\browseui.dll [2008/04/14 08:00:00 | 000,102,912 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cscdll.dll [2008/04/14 08:00:00 | 000,334,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cscui.dll [2008/04/14 08:00:00 | 000,025,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\davclnt.dll [2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drprov.dll [2012/03/02 00:00:10 | 011,082,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll [2012/03/01 07:00:08 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll [2008/04/14 08:00:00 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll [2008/04/14 08:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\netrap.dll [2008/04/14 08:00:00 | 000,081,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\netui0.dll [2008/04/14 08:00:00 | 000,245,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\netui1.dll [2008/04/14 08:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll [2008/04/14 08:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntlanman.dll [2008/04/14 08:00:00 | 000,064,000 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\samlib.dll [2009/06/25 04:25:23 | 000,056,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\secur32.dll [2011/02/17 09:51:44 | 001,510,400 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shdocvw.dll [2011/01/21 10:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll [2008/04/14 08:00:00 | 000,068,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shgina.dll [2008/04/14 08:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\twext.dll < %systemroot%\system32\*.dll /90 > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\drivers\*.sys /90 > < %systemroot%\system32\*.exe /90 > [2012/04/10 10:02:50 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerApp.exe [2012/04/11 09:51:20 | 002,071,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntkrnlpa.exe [2012/04/11 09:51:17 | 002,194,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntoskrnl.exe < %systemroot%\system32\config\*.sav > [2011/06/04 12:17:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2011/06/04 12:17:34 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2011/06/04 12:17:34 | 000,454,656 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2007/05/01 01:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD92.DLL [2007/05/01 01:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP92.DLL [2007/10/20 13:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll [2007/04/09 07:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\assembly\tmp\*.* /S /MD5 > < %systemroot%\assembly\GAC_32\*.* /S /MD5 > [2012/04/24 15:07:28 | 000,068,608 | ---- | M] (Microsoft Corporation) MD5=DF0350DBF3349741AD146C4B3CB2FED0 -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll [2012/04/24 15:07:42 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=8A600D0A6AE19EC70D3FB4421F20F5BE -- C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll [2012/04/24 15:07:43 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp [2012/04/24 15:07:43 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp [2012/04/24 15:07:44 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp [2012/04/24 15:07:43 | 004,308,992 | ---- | M] (Microsoft Corporation) MD5=4CDAE87053C9C93B0628FE45238EFDE3 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll [2012/04/24 15:07:44 | 000,059,342 | ---- | M] () MD5=C45791A2457AE198E6595759902BD2B1 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp [2012/04/24 15:07:44 | 000,042,918 | ---- | M] () MD5=ECB67857370C90165FF59636864848C3 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp [2012/04/24 15:07:44 | 000,036,644 | ---- | M] () MD5=63437E7BC4F6A866C36C8E1E33E939DD -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp [2012/04/24 15:07:44 | 000,063,176 | ---- | M] () MD5=62258D3B4B7E492180941F37684584CE -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp [2012/04/24 15:07:44 | 000,057,150 | ---- | M] () MD5=E1088DB2D56A1C473E58D4E27C03B611 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp [2012/04/24 15:07:44 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp [2012/04/24 15:07:44 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp [2012/04/24 15:07:43 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp [2012/04/24 15:07:43 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp [2012/04/24 15:07:44 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp [2012/04/24 15:07:45 | 000,482,304 | ---- | M] (Microsoft Corporation) MD5=335A9C6EF222CBDA0D410092C2E2CBEF -- C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll [2012/04/24 15:07:38 | 002,878,976 | ---- | M] (Microsoft Corporation) MD5=3047657FFCC2A6D4947113487CAF84FF -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll [2012/04/24 15:07:20 | 000,258,048 | ---- | M] (Microsoft Corporation) MD5=A78ECBA0C7DEFF0AFF8AE6FFA57C2A0A -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll [2012/04/24 15:07:20 | 000,114,176 | ---- | M] (Microsoft Corporation) MD5=396B76EC2329B07E08D79E7938B482F2 -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll [2012/04/24 15:07:51 | 000,260,096 | ---- | M] (Microsoft Corporation) MD5=ED62E84B4E023F319FAE8AD8FE4CBDD9 -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll [2012/04/24 15:07:33 | 005,025,792 | ---- | M] (Microsoft Corporation) MD5=0485EE61C40B876E349A34D3B179F669 -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll < %systemroot%\assembly\GAC_64\*.* /S /MD5 > < CREATERESTOREPOINT > < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-17 16:18:14 < End of report > Extra ist =, OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 6/12/2012 8:58:24 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.00 Mb Total Physical Memory | 251.00 Mb Available Physical Memory | 49.00% Memory free 459.00 Mb Paging File | 284.00 Mb Available in Paging File | 62.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 29.30 Gb Total Space | 18.12 Gb Free Space | 61.83% Space Free | Partition Type: NTFS Drive D: | 1000.00 Gb Total Space | 417.93 Gb Free Space | 41.79% Space Free | Partition Type: NTFS Drive E: | 100.00 Gb Total Space | 99.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS Drive F: | 103.58 Gb Total Space | 103.51 Gb Free Space | 99.94% Space Free | Partition Type: NTFS Drive G: | 63.01 Gb Total Space | 53.85 Gb Free Space | 85.46% Space Free | Partition Type: NTFS Drive H: | 800.00 Gb Total Space | 249.26 Gb Free Space | 31.16% Space Free | Partition Type: NTFS Drive J: | 7.46 Gb Total Space | 2.57 Gb Free Space | 34.44% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet002 ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01 "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25 "{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant "{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52306338-9945-41A5-A021-25739C852B58}" = StarMoney "{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter "{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software "{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer "{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9CA72668-86CC-5447-9278-A0378FE45378}" = Media Add-ons für Acronis True Image Home 2010 "{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200 "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm "{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting "{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService "{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5 "{E4C57F9E-8673-40D3-B41A-BC7F445122DE}" = StarMoney 8.0 S-Edition "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout "{E8D82F42-EBD8-478C-917B-28F5BA6EAAAA}" = StarMoney "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer "{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "abgx360" = abgx360 v1.0.6 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "avast!" = avast! Antivirus "DAEMON Tools Lite" = DAEMON Tools Lite "Defraggler" = Defraggler "FormatFactory" = FormatFactory 2.60 "HP Imaging Device Functions" = HP Imaging Device Functions 11.0 "HP Photosmart Essential" = HP Photosmart Essential 3.0 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0 "HPExtendedCapabilities" = HP Customer Participation Program 11.0 "ie8" = Windows Internet Explorer 8 "ImgBurn" = ImgBurn "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "Nero - Burning Rom!UninstallKey" = Nero OEM "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "Shop for HP Supplies" = Shop for HP Supplies "UseNeXT_is1" = UseNeXT "VLC media player" = VLC media player 1.1.9 "WinRAR archiver" = WinRAR 4.00 (32-Bit) "XnView_is1" = XnView 1.98 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting" = GoToMeeting 4.8.0.723 < End of report > Ich der Hoffnung, dass man Hiermit mehr anzufangen ist für bessere Hilfe. Geändert von ssabines (12.06.2012 um 17:25 Uhr) |
14.06.2012, 14:12 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Update Trojaner startet nicht in keinem Abgesicherten Modi. Bitte um Hilfe! Auf Wunsch landet dieser Strang in der Tonne
__________________=> http://www.trojaner-board.de/117190-...r-problem.html
__________________ |
Themen zu Windows Update Trojaner startet nicht in keinem Abgesicherten Modi. Bitte um Hilfe! |
.dll, 32 bit, administrator, adobe, alternate, antivirus, avast, desktop, disabletaskmgr, einstellungen, error, explorer, fehler, firefox, flash player, format, homepage, lanmanworkstation, logfile, nvidia, nvidia update, plug-in, realtek, registry, remote user, scan, software, starmoney, symantec, system, trojaner, update trojaner, windows, windows internet, windows xp |