Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne

Mülltonne: Windows Update Trojaner startet nicht in keinem Abgesicherten Modi. Bitte um Hilfe!

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 12.06.2012, 16:25   #1
ssabines
 
Windows Update Trojaner startet nicht in keinem Abgesicherten Modi. Bitte um Hilfe! - Standard

Windows Update Trojaner startet nicht in keinem Abgesicherten Modi. Bitte um Hilfe!



Hallo Zusammen!

Habe jetzt einiges durchgelesen und probiert, dabei Wahrscheinlich mehr Schaden angerichtet.
Ich weiss nicht mehr weiter und brauche Hilfe.

Von Anfang an kam ich in keinen der Abgesicherten Modi.

Habe es so versucht,

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt


eine Extra.txt bekomme ich nicht.

Nur diese,

OTL Logfile:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/12/2012 2:23:55 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 62.00% Memory free
459.00 Mb Paging File | 340.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29.30 Gb Total Space | 16.19 Gb Free Space | 55.26% Space Free | Partition Type: NTFS
Drive D: | 1000.00 Gb Total Space | 417.93 Gb Free Space | 41.79% Space Free | Partition Type: NTFS
Drive E: | 100.00 Gb Total Space | 99.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive F: | 103.58 Gb Total Space | 103.51 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive G: | 63.01 Gb Total Space | 53.85 Gb Free Space | 85.46% Space Free | Partition Type: NTFS
Drive H: | 800.00 Gb Total Space | 249.26 Gb Free Space | 31.16% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/04/10 10:02:50 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/23 07:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto] -- C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2011/06/05 10:41:26 | 002,480,048 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/05/25 03:25:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2009/10/30 23:48:40 | 000,661,072 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/11/26 12:18:46 | 000,155,160 | ---- | M] (ALWIL Software) [Auto] -- C:\Programme\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/11/26 12:18:32 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Programme\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/11/26 12:16:23 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Programme\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/11/26 12:12:08 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2003/07/28 08:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2012/01/12 04:16:47 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/06/05 10:41:27 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2011/06/05 10:41:24 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2011/06/05 10:41:23 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2011/06/05 10:41:18 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2008/11/26 12:18:18 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008/11/26 12:17:36 | 000,111,184 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/11/26 12:17:25 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/11/26 12:16:38 | 000,050,864 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/11/26 12:16:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/11/26 12:15:35 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 17:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2006/11/23 11:11:40 | 004,025,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/04/05 19:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Jürgen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Jürgen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Jürgen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=19433.67245.253116.234:8080
 
 
 
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/02/13 10:56:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/04/10 11:25:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/02/13 10:56:28 | 000,000,000 | ---D | M]
 
[2012/04/10 11:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\mozilla\Extensions
[2012/04/10 11:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/03/13 00:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/03/13 01:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/13 01:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/03/13 01:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/13 01:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/13 01:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/13 01:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\Jürgen_ON_C..\Run: [lyla.exe]  File not found
O4 - HKU\Jürgen_ON_C..\Run: [Omemkiyl]  File not found
O4 - HKU\Jürgen_ON_C..\Run: [Ozano]  File not found
O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\systemprofile_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\UpdatusUser_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - Startup: C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yfsrfobamtz\hlydnnkeu.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1307207772828 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1307208877093 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/04 10:36:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/29 12:34:10 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7dfa3959-c11f-11e0-a485-00040efc837b}\Shell - "" = AutoRun
O33 - MountPoints2\{7dfa3959-c11f-11e0-a485-00040efc837b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7dfa3959-c11f-11e0-a485-00040efc837b}\Shell\AutoRun\command - "" = L:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/12 13:19:50 | 002,805,464 | ---- | C] (Symantec Corporation) -- C:\NPE.exe
[2012/06/11 15:14:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yfsrfobamtz
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/12 06:32:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/12 06:31:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/12 06:01:36 | 002,805,464 | ---- | M] (Symantec Corporation) -- C:\NPE.exe
[2012/06/12 03:52:08 | 000,408,618 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/06/12 03:52:08 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/12 03:52:08 | 000,071,598 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/06/12 03:52:08 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/12 03:52:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/12 02:51:52 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/06/11 15:14:04 | 000,062,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yfsrfobamtz\hlydnnkeu.exe
[2012/05/29 07:04:30 | 000,222,208 | ---- | M] () -- C:\Dokumente und Einstellungen\Jürgen\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/18 12:46:08 | 000,208,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/17 12:18:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/02/21 04:00:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/13 10:53:47 | 000,185,433 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp
[2012/02/13 10:53:47 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp
[2012/02/13 07:38:07 | 000,187,813 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2012/02/13 07:38:07 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2012/01/03 03:28:06 | 002,570,286 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe
[2011/10/09 11:56:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011/06/06 03:52:20 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/06/06 03:00:16 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX3600FGD.ini
[2011/06/04 19:17:46 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/04 19:17:45 | 000,222,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Jürgen\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/04 11:52:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/06/04 11:52:34 | 000,000,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2011/06/04 11:52:06 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2011/06/04 11:51:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/06/04 11:46:00 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/06/04 11:22:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/04 11:19:07 | 000,208,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/04 11:07:53 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/04 11:07:53 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/04 11:07:53 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/04 11:07:42 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/04 10:39:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/04 10:33:25 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/30 06:05:48 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v60.dll
[2008/10/30 12:00:22 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v60.dll
[2008/10/30 11:59:24 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v60.dll
[2008/09/04 20:01:00 | 000,097,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,408,618 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008/04/14 08:00:00 | 000,395,200 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,071,598 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008/04/14 08:00:00 | 000,059,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2003/02/20 13:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1601/02/13 04:28:18 | 000,072,080 | ---- | C] () -- C:\Dokumente und Einstellungen\Jürgen\UopafUQvonelsxgNjyaXd
[1601/02/13 04:28:18 | 000,010,640 | ---- | C] () -- C:\Dokumente und Einstellungen\Jürgen\yGONjylexsvQnopaV
[1601/02/13 04:28:18 | 000,003,434 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OpoVaQGoJsAtlg
[1601/02/13 04:28:18 | 000,000,073 | ---- | C] () -- C:\Dokumente und Einstellungen\Jürgen\Lokale Einstellungen\Anwendungsdaten\nsQOjjladUgJLnXlG
 
========== LOP Check ==========
 
[2012/05/26 15:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\abgx360
[2011/06/07 07:33:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Acronis
[2012/06/12 03:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Awer
[2012/06/12 03:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\DAEMON Tools Lite
[2011/07/07 03:16:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\EPSON
[2012/06/11 17:36:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Erotok
[2012/06/12 03:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Hutoa
[2012/04/26 14:52:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\ImgBurn
[2012/06/12 03:42:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Ivte
[2012/06/12 03:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\NetSpeedMonitor
[2012/04/26 16:11:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Oberu
[2012/06/12 03:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Poyrl
[2012/06/12 03:42:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\UseNeXT
[2012/06/12 03:45:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\uTorrent
[2012/06/12 03:42:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\XnView
[2012/06/11 15:14:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yfsrfobamtz
[2012/06/12 03:42:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Ylti
[2012/06/12 03:42:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yvva
[2011/06/05 10:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2012/01/12 04:01:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011/09/07 17:01:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarMoney 8.0
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---

--- --- ---


dann diese versucht,

:OTL
O4 - HKU\Dracon_ON_C..\Run: [B47AB9C5] C:\WINDOWS\system32\694A625BB47AB9C56908.exe (Al Momento Non è Registrata)
O4 - HKU\.DEFAULT..\RunOnce: [IETI] File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Dracon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Dracon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Dracon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Dracon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\694A625BB47AB9C56908.exe) - C:\WINDOWS\system32\694A625BB47AB9C56908.exe (Al Momento Non è Registrata)
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/20 10:28:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP1B5B4F1
:Files
C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Sfdwkelnhq
C:\WINDOWS\System32\694A625BB47AB9C56908.exe
C:\WINDOWS\System32\winsh32?
:Commands
[purity]
[resethosts]


Nun versuchte ich alles Rückgänngig zu machen, was nachdem Fix nicht mehr funktioniert.
Jetzt startet der PC an der Windows XP-Schrift immer wieder, neu.
Wie bekomme ich das je wieder hin?

Ich bedanke mich schon mal im Voraus für die Mühe mir zu helfen!

PS.
Das ist vom OTL, das FIX !

Error: Unable to interpret <OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/12/2012 2:23:55 PM - Run > in the current context!
Error: Unable to interpret <OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE> in the current context!
Error: Unable to interpret <Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 8.0.6001.18702)> in the current context!
Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <511.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 62.00% Memory free> in the current context!
Error: Unable to interpret <459.00 Mb Paging File | 340.00 Mb Available in Paging File | 74.00% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme> in the current context!
Error: Unable to interpret <Drive C: | 29.30 Gb Total Space | 16.19 Gb Free Space | 55.26% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive D: | 1000.00 Gb Total Space | 417.93 Gb Free Space | 41.79% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive E: | 100.00 Gb Total Space | 99.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive F: | 103.58 Gb Total Space | 103.51 Gb Free Space | 99.94% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive G: | 63.01 Gb Total Space | 53.85 Gb Free Space | 85.46% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive H: | 800.00 Gb Total Space | 249.26 Gb Free Space | 31.16% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: REATOGO | User Name: SYSTEM> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: All users> in the current context!
Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret <Using ControlSet: ControlSet002> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SRV - [2012/04/10 10:02:50 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)> in the current context!
Error: Unable to interpret <SRV - [2012/02/23 07:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto] -- C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)> in the current context!
Error: Unable to interpret <SRV - [2011/06/05 10:41:26 | 002,480,048 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)> in the current context!
Error: Unable to interpret <SRV - [2011/05/25 03:25:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)> in the current context!
Error: Unable to interpret <SRV - [2009/10/30 23:48:40 | 000,661,072 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)> in the current context!
Error: Unable to interpret <SRV - [2008/11/26 12:18:46 | 000,155,160 | ---- | M] (ALWIL Software) [Auto] -- C:\Programme\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)> in the current context!
Error: Unable to interpret <SRV - [2008/11/26 12:18:32 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Programme\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)> in the current context!
Error: Unable to interpret <SRV - [2008/11/26 12:16:23 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Programme\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)> in the current context!
Error: Unable to interpret <SRV - [2008/11/26 12:12:08 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)> in the current context!
Error: Unable to interpret <SRV - [2003/07/28 08:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (WDICA)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | System] --  -- (PCIDump)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | System] --  -- (lbrtfdc)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | System] --  -- (i2omgmt)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | System] --  -- (Changer)> in the current context!
Error: Unable to interpret <DRV - [2012/01/12 04:16:47 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)> in the current context!
Error: Unable to interpret <DRV - [2011/06/05 10:41:27 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)> in the current context!
Error: Unable to interpret <DRV - [2011/06/05 10:41:24 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)> in the current context!
Error: Unable to interpret <DRV - [2011/06/05 10:41:23 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)> in the current context!
Error: Unable to interpret <DRV - [2011/06/05 10:41:18 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)> in the current context!
Error: Unable to interpret <DRV - [2008/11/26 12:18:18 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)> in the current context!
Error: Unable to interpret <DRV - [2008/11/26 12:17:36 | 000,111,184 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)> in the current context!
Error: Unable to interpret <DRV - [2008/11/26 12:17:25 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)> in the current context!
Error: Unable to interpret <DRV - [2008/11/26 12:16:38 | 000,050,864 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)> in the current context!
Error: Unable to interpret <DRV - [2008/11/26 12:16:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)> in the current context!
Error: Unable to interpret <DRV - [2008/11/26 12:15:35 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)> in the current context!
Error: Unable to interpret <DRV - [2008/04/13 17:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)> in the current context!
Error: Unable to interpret <DRV - [2006/11/23 11:11:40 | 004,025,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)> in the current context!
Error: Unable to interpret <DRV - [2006/04/05 19:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Internet Explorer ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\Jürgen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/> in the current context!
Error: Unable to interpret <IE - HKU\Jürgen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <IE - HKU\Jürgen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=19433.67245.253116.234:8080> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/02/13 10:56:28 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/04/10 11:25:40 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins> in the current context!
Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/02/13 10:56:28 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012/04/10 11:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\mozilla\Extensions> in the current context!
Error: Unable to interpret <[2012/04/10 11:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions> in the current context!
Error: Unable to interpret <[2012/03/13 00:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll> in the current context!
Error: Unable to interpret <[2012/03/13 01:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml> in the current context!
Error: Unable to interpret <[2012/03/13 01:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml> in the current context!
Error: Unable to interpret <[2012/03/13 01:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml> in the current context!
Error: Unable to interpret <[2012/03/13 01:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml> in the current context!
Error: Unable to interpret <[2012/03/13 01:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml> in the current context!
Error: Unable to interpret <[2012/03/13 01:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts> in the current context!
Error: Unable to interpret <O1 - Hosts: 127.0.0.1       localhost> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)> in the current context!
Error: Unable to interpret <O4 - HKU\Jürgen_ON_C..\Run: [lyla.exe]  File not found> in the current context!
Error: Unable to interpret <O4 - HKU\Jürgen_ON_C..\Run: [Omemkiyl]  File not found> in the current context!
Error: Unable to interpret <O4 - HKU\Jürgen_ON_C..\Run: [Ozano]  File not found> in the current context!
Error: Unable to interpret <O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)> in the current context!
Error: Unable to interpret <O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)> in the current context!
Error: Unable to interpret <O4 - HKU\systemprofile_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)> in the current context!
Error: Unable to interpret <O4 - HKU\UpdatusUser_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yfsrfobamtz\hlydnnkeu.exe ()> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1> in the current context!
Error: Unable to interpret <O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]> in the current context!
Error: Unable to interpret <O7 - HKU\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1> in the current context!
Error: Unable to interpret <O7 - HKU\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1> in the current context!
Error: Unable to interpret <O7 - HKU\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1> in the current context!
Error: Unable to interpret <O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1307207772828 (WUWebControl Class)> in the current context!
Error: Unable to interpret <O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1307208877093 (MUWebControl Class)> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)> in the current context!
Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)> in the current context!
Error: Unable to interpret <O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home> in the current context!
Error: Unable to interpret <O24 - Desktop WallPaper: > in the current context!
Error: Unable to interpret <O24 - Desktop BackupWallPaper: > in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found> in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found> in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2011/06/04 10:36:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2011/05/29 12:34:10 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{7dfa3959-c11f-11e0-a485-00040efc837b}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{7dfa3959-c11f-11e0-a485-00040efc837b}\Shell\AutoRun - "" = Auto&Play> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{7dfa3959-c11f-11e0-a485-00040efc837b}\Shell\AutoRun\command - "" = L:\pushinst.exe> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *) -  File not found> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012/06/12 13:19:50 | 002,805,464 | ---- | C] (Symantec Corporation) -- C:\NPE.exe> in the current context!
Error: Unable to interpret <[2012/06/11 15:14:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yfsrfobamtz> in the current context!
Error: Unable to interpret <[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012/06/12 06:32:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat> in the current context!
Error: Unable to interpret <[2012/06/12 06:31:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl> in the current context!
Error: Unable to interpret <[2012/06/12 06:01:36 | 002,805,464 | ---- | M] (Symantec Corporation) -- C:\NPE.exe> in the current context!
Error: Unable to interpret <[2012/06/12 03:52:08 | 000,408,618 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat> in the current context!
Error: Unable to interpret <[2012/06/12 03:52:08 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat> in the current context!
Error: Unable to interpret <[2012/06/12 03:52:08 | 000,071,598 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat> in the current context!
Error: Unable to interpret <[2012/06/12 03:52:08 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat> in the current context!
Error: Unable to interpret <[2012/06/12 03:52:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job> in the current context!
Error: Unable to interpret <[2012/06/12 02:51:52 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT> in the current context!
Error: Unable to interpret <[2012/06/11 15:14:04 | 000,062,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yfsrfobamtz\hlydnnkeu.exe> in the current context!
Error: Unable to interpret <[2012/05/29 07:04:30 | 000,222,208 | ---- | M] () -- C:\Dokumente und Einstellungen\Jürgen\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context!
Error: Unable to interpret <[2012/05/18 12:46:08 | 000,208,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT> in the current context!
Error: Unable to interpret <[2012/05/17 12:18:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK> in the current context!
Error: Unable to interpret <[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012/02/21 04:00:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll> in the current context!
Error: Unable to interpret <[2012/02/13 10:53:47 | 000,185,433 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp> in the current context!
Error: Unable to interpret <[2012/02/13 10:53:47 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp> in the current context!
Error: Unable to interpret <[2012/02/13 07:38:07 | 000,187,813 | ---- | C] () -- C:\WINDOWS\hpoins28.dat> in the current context!
Error: Unable to interpret <[2012/02/13 07:38:07 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat> in the current context!
Error: Unable to interpret <[2012/01/03 03:28:06 | 002,570,286 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe> in the current context!
Error: Unable to interpret <[2011/10/09 11:56:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI> in the current context!
Error: Unable to interpret <[2011/06/06 03:52:20 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat> in the current context!
Error: Unable to interpret <[2011/06/06 03:00:16 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX3600FGD.ini> in the current context!
Error: Unable to interpret <[2011/06/04 19:17:46 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini> in the current context!
Error: Unable to interpret <[2011/06/04 19:17:45 | 000,222,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Jürgen\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context!
Error: Unable to interpret <[2011/06/04 11:52:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe> in the current context!
Error: Unable to interpret <[2011/06/04 11:52:34 | 000,000,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat> in the current context!
Error: Unable to interpret <[2011/06/04 11:52:06 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini> in the current context!
Error: Unable to interpret <[2011/06/04 11:51:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll> in the current context!
Error: Unable to interpret <[2011/06/04 11:46:00 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI> in the current context!
Error: Unable to interpret <[2011/06/04 11:22:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI> in the current context!
Error: Unable to interpret <[2011/06/04 11:19:07 | 000,208,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT> in the current context!
Error: Unable to interpret <[2011/06/04 11:07:53 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin> in the current context!
Error: Unable to interpret <[2011/06/04 11:07:53 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin> in the current context!
Error: Unable to interpret <[2011/06/04 11:07:53 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin> in the current context!
Error: Unable to interpret <[2011/06/04 11:07:42 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data> in the current context!
Error: Unable to interpret <[2011/06/04 10:39:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat> in the current context!
Error: Unable to interpret <[2011/06/04 10:33:25 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat> in the current context!
Error: Unable to interpret <[2009/09/30 06:05:48 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v60.dll> in the current context!
Error: Unable to interpret <[2008/10/30 12:00:22 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v60.dll> in the current context!
Error: Unable to interpret <[2008/10/30 11:59:24 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v60.dll> in the current context!
Error: Unable to interpret <[2008/09/04 20:01:00 | 000,097,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,408,618 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,395,200 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,071,598 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,059,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat> in the current context!
Error: Unable to interpret <[2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll> in the current context!
Error: Unable to interpret <[2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll> in the current context!
Error: Unable to interpret <[2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll> in the current context!
Error: Unable to interpret <[2003/02/20 13:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI> in the current context!
Error: Unable to interpret <[1601/02/13 04:28:18 | 000,072,080 | ---- | C] () -- C:\Dokumente und Einstellungen\Jürgen\UopafUQvonelsxgNjyaXd> in the current context!
Error: Unable to interpret <[1601/02/13 04:28:18 | 000,010,640 | ---- | C] () -- C:\Dokumente und Einstellungen\Jürgen\yGONjylexsvQnopaV> in the current context!
Error: Unable to interpret <[1601/02/13 04:28:18 | 000,003,434 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OpoVaQGoJsAtlg> in the current context!
Error: Unable to interpret <[1601/02/13 04:28:18 | 000,000,073 | ---- | C] () -- C:\Dokumente und Einstellungen\Jürgen\Lokale Einstellungen\Anwendungsdaten\nsQOjjladUgJLnXlG> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== LOP Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012/05/26 15:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\abgx360> in the current context!
Error: Unable to interpret <[2011/06/07 07:33:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Acronis> in the current context!
Error: Unable to interpret <[2012/06/12 03:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Awer> in the current context!
Error: Unable to interpret <[2012/06/12 03:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\DAEMON Tools Lite> in the current context!
Error: Unable to interpret <[2011/07/07 03:16:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\EPSON> in the current context!
Error: Unable to interpret <[2012/06/11 17:36:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Erotok> in the current context!
Error: Unable to interpret <[2012/06/12 03:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Hutoa> in the current context!
Error: Unable to interpret <[2012/04/26 14:52:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\ImgBurn> in the current context!
Error: Unable to interpret <[2012/06/12 03:42:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Ivte> in the current context!
Error: Unable to interpret <[2012/06/12 03:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\NetSpeedMonitor> in the current context!
Error: Unable to interpret <[2012/04/26 16:11:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Oberu> in the current context!
Error: Unable to interpret <[2012/06/12 03:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Poyrl> in the current context!
Error: Unable to interpret <[2012/06/12 03:42:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\UseNeXT> in the current context!
Error: Unable to interpret <[2012/06/12 03:45:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\uTorrent> in the current context!
Error: Unable to interpret <[2012/06/12 03:42:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\XnView> in the current context!
Error: Unable to interpret <[2012/06/11 15:14:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yfsrfobamtz> in the current context!
Error: Unable to interpret <[2012/06/12 03:42:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Ylti> in the current context!
Error: Unable to interpret <[2012/06/12 03:42:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jürgen\Anwendungsdaten\Yvva> in the current context!
Error: Unable to interpret <[2011/06/05 10:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis> in the current context!
Error: Unable to interpret <[2012/01/12 04:01:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite> in the current context!
Error: Unable to interpret <[2011/09/07 17:01:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarMoney 8.0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Purity Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << End of report >
         
--- --- ---
> in the current context!

OTLPE by OldTimer - Version 3.1.48.0 log created on 06122012_202011


Neuer Versuch mit Texteingabe in OTLPE,

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
/md5stop
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.exe /s
%APPDATA%\*.dat /s
%APPDATA%\Adobe\Update\*.*
%APPDATA%\Update\*.*
%APPDATA%\Microsoft\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%ALLUSERSPROFILE%\*.*
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.*
%PROGRAMFILES%\Internet Explorer\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
%systemroot%\*. /mp /s
%systemroot%\*.exe /90
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.dll /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\*.exe /90
%systemroot%\system32\config\*.sav
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_64\*.* /S /MD5
CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



OTL ist =,

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/12/2012 8:58:24 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
511.00 Mb Total Physical Memory | 251.00 Mb Available Physical Memory | 49.00% Memory free
459.00 Mb Paging File | 284.00 Mb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29.30 Gb Total Space | 18.12 Gb Free Space | 61.83% Space Free | Partition Type: NTFS
Drive D: | 1000.00 Gb Total Space | 417.93 Gb Free Space | 41.79% Space Free | Partition Type: NTFS
Drive E: | 100.00 Gb Total Space | 99.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive F: | 103.58 Gb Total Space | 103.51 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive G: | 63.01 Gb Total Space | 53.85 Gb Free Space | 85.46% Space Free | Partition Type: NTFS
Drive H: | 800.00 Gb Total Space | 249.26 Gb Free Space | 31.16% Space Free | Partition Type: NTFS
Drive J: | 7.46 Gb Total Space | 2.57 Gb Free Space | 34.44% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (TrkWks) Überwachung verteilter Verknüpfungen (Client)
SRV - File not found [Auto] --  -- (stisvc) Windows-Bilderfassung (WIA)
SRV - File not found [Auto] --  -- (RpcSs) Remoteprozeduraufruf (RPC)
SRV - File not found [Auto] --  -- (RemoteAccess)
SRV - File not found [On_Demand] --  -- (Nla) NLA (Network Location Awareness)
SRV - File not found [On_Demand] --  -- (napagent) NAP-Agent (Network Access Protection)
SRV - File not found [On_Demand] --  -- (Dot3svc) Automatische Konfiguration (verkabelt)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot] --  -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - File not found [Kernel | On_Demand] --  -- (Raspti) Parallelanschluss (direkt)
DRV - File not found [Kernel | On_Demand] --  -- (Rasl2tp) WAN-Miniport (L2TP)
DRV - File not found [Kernel | On_Demand] --  -- (PptpMiniport) WAN-Miniport (PPTP)
DRV - File not found [Kernel | On_Demand] --  -- (aswRdr)
DRV - File not found [Kernel | On_Demand] --  -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Jürgen_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKU\Jürgen_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\Jürgen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\Jürgen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Jürgen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 
 
 
 
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/02/13 10:56:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/06/12 14:45:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
 
O1 HOSTS File: ([2012/06/12 14:45:58 | 000,001,564 | RH-- | M]) - C:\WINDOWS\System32\Drivers\etc\hosts
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: AudioSrv -  File not found
NetSvcs: Browser -  File not found
NetSvcs: CryptSvc -  File not found
NetSvcs: DMServer -  File not found
NetSvcs: DHCP -  File not found
NetSvcs: ERSvc -  File not found
NetSvcs: EventSystem -  File not found
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: LanmanWorkstation -  File not found
NetSvcs: Messenger -  File not found
NetSvcs: Netman -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Rasauto -  File not found
NetSvcs: Rasman - C:\WINDOWS\System32\rasman.dll (Microsoft Corporation)
NetSvcs: Remoteaccess -  File not found
NetSvcs: Schedule -  File not found
NetSvcs: Seclogon -  File not found
NetSvcs: SENS -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Tapisrv -  File not found
NetSvcs: Themes -  File not found
NetSvcs: TrkWks -  File not found
NetSvcs: W32Time -  File not found
NetSvcs: WZCSVC -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: winmgmt - C:\WINDOWS\system32\wbem\winmgmt.exe (Microsoft Corporation)
NetSvcs: wscsvc -  File not found
NetSvcs: xmlprov -  File not found
NetSvcs: napagent -  File not found
NetSvcs: hkmsvc -  File not found
NetSvcs: BITS -  File not found
NetSvcs: wuauserv -  File not found
NetSvcs: ShellHWDetection -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: WmdmPmSN -  File not found
 
MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig - StartUpReg: AVMWlanClient - hkey= - key= - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= -  File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: EPSON Stylus CX3600 Series - hkey= - key= -  File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Programme\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
 
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/12 14:46:09 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012/06/12 14:45:48 | 000,000,000 | ---D | C] -- C:\_OTL
 
========== Files - Modified Within 30 Days ==========
 
 
========== Files Created - No Company Name ==========
 
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 08:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: LSASS.EXE  >
[2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=AFB8261B56CBA0D86AEB6DF682AF9785 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=AFB8261B56CBA0D86AEB6DF682AF9785 -- C:\WINDOWS\system32\lsass.exe
 
< MD5 for: SVCHOST.EXE  >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- C:\WINDOWS\system32\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008/04/14 08:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe
 
Invalid Environment Variable: %APPDATA%\*.exe
 
Invalid Environment Variable: %APPDATA%\*.dat
 
Invalid Environment Variable: %APPDATA%\Adobe\Update\*.*
 
Invalid Environment Variable: %APPDATA%\Update\*.*
 
Invalid Environment Variable: %APPDATA%\Microsoft\*.*
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Favorites\*.*
 
Invalid Environment Variable: %ALLUSERSPROFILE%\*.*
 
< %SYSTEMDRIVE%\*.* >
[2012/06/12 20:47:31 | 000,072,906 | ---- | M] () -- C:\1OTL.txt
[2012/03/14 03:14:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/04/14 08:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2011/06/04 10:36:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/06/12 20:46:21 | 000,031,460 | ---- | M] () -- C:\Extras.Txt
[2011/06/04 10:36:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/04 10:36:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2012/06/12 20:46:13 | 000,072,906 | ---- | M] () -- C:\OTL.Txt
[2011/07/12 22:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2012/06/12 06:32:31 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
 
< %PROGRAMFILES%\*.* >
 
< %PROGRAMFILES%\Internet Explorer\*.* >
[2009/03/07 22:35:04 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ExtExport.exe
[2009/03/07 22:24:28 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\hmmapi.dll
[2009/01/11 15:05:26 | 000,002,649 | ---- | M] () -- C:\Programme\Internet Explorer\ie8props.propdesc
[2011/08/16 06:45:39 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iecompat.dll
[2012/03/01 07:00:07 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iedvtool.dll
[2008/04/14 08:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iedw.exe
[2012/03/01 07:00:08 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll
[2009/03/08 08:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
[2009/03/08 08:28:16 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe.mui
[2009/03/07 22:35:02 | 000,521,216 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\jsdbgui.dll
[2009/03/07 22:35:02 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\jsdebuggeride.dll
[2009/03/07 22:35:04 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\JSProfilerCore.dll
[2009/03/07 22:35:12 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\jsprofilerui.dll
[2009/01/07 12:20:18 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\pdm.dll
[2009/01/07 12:20:54 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\sqmapi.dll
[2012/03/01 07:00:09 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\xpshims.dll
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\*.exe /90 >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 08:00:00 | 000,193,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\activeds.dll
[2008/04/14 08:00:00 | 000,098,304 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\actxprxy.dll
[2008/04/14 08:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\adsldpc.dll
[2011/02/17 09:51:44 | 001,025,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\browseui.dll
[2008/04/14 08:00:00 | 000,102,912 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cscdll.dll
[2008/04/14 08:00:00 | 000,334,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cscui.dll
[2008/04/14 08:00:00 | 000,025,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\davclnt.dll
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drprov.dll
[2012/03/02 00:00:10 | 011,082,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2012/03/01 07:00:08 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/14 08:00:00 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 08:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\netrap.dll
[2008/04/14 08:00:00 | 000,081,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\netui0.dll
[2008/04/14 08:00:00 | 000,245,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\netui1.dll
[2008/04/14 08:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/04/14 08:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntlanman.dll
[2008/04/14 08:00:00 | 000,064,000 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\samlib.dll
[2009/06/25 04:25:23 | 000,056,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\secur32.dll
[2011/02/17 09:51:44 | 001,510,400 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shdocvw.dll
[2011/01/21 10:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[2008/04/14 08:00:00 | 000,068,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shgina.dll
[2008/04/14 08:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\twext.dll
 
< %systemroot%\system32\*.dll /90 >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /90 >
 
< %systemroot%\system32\*.exe /90 >
[2012/04/10 10:02:50 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerApp.exe
[2012/04/11 09:51:20 | 002,071,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntkrnlpa.exe
[2012/04/11 09:51:17 | 002,194,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntoskrnl.exe
 
< %systemroot%\system32\config\*.sav >
[2011/06/04 12:17:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2011/06/04 12:17:34 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2011/06/04 12:17:34 | 000,454,656 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/05/01 01:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD92.DLL
[2007/05/01 01:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP92.DLL
[2007/10/20 13:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2007/04/09 07:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\assembly\tmp\*.* /S /MD5 >
 
< %systemroot%\assembly\GAC_32\*.* /S /MD5 >
[2012/04/24 15:07:28 | 000,068,608 | ---- | M] (Microsoft Corporation) MD5=DF0350DBF3349741AD146C4B3CB2FED0 -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2012/04/24 15:07:42 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=8A600D0A6AE19EC70D3FB4421F20F5BE -- C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2012/04/24 15:07:43 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2012/04/24 15:07:43 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2012/04/24 15:07:44 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2012/04/24 15:07:43 | 004,308,992 | ---- | M] (Microsoft Corporation) MD5=4CDAE87053C9C93B0628FE45238EFDE3 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2012/04/24 15:07:44 | 000,059,342 | ---- | M] () MD5=C45791A2457AE198E6595759902BD2B1 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2012/04/24 15:07:44 | 000,042,918 | ---- | M] () MD5=ECB67857370C90165FF59636864848C3 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2012/04/24 15:07:44 | 000,036,644 | ---- | M] () MD5=63437E7BC4F6A866C36C8E1E33E939DD -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2012/04/24 15:07:44 | 000,063,176 | ---- | M] () MD5=62258D3B4B7E492180941F37684584CE -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2012/04/24 15:07:44 | 000,057,150 | ---- | M] () MD5=E1088DB2D56A1C473E58D4E27C03B611 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2012/04/24 15:07:44 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2012/04/24 15:07:44 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2012/04/24 15:07:43 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2012/04/24 15:07:43 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2012/04/24 15:07:44 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2012/04/24 15:07:45 | 000,482,304 | ---- | M] (Microsoft Corporation) MD5=335A9C6EF222CBDA0D410092C2E2CBEF -- C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2012/04/24 15:07:38 | 002,878,976 | ---- | M] (Microsoft Corporation) MD5=3047657FFCC2A6D4947113487CAF84FF -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2012/04/24 15:07:20 | 000,258,048 | ---- | M] (Microsoft Corporation) MD5=A78ECBA0C7DEFF0AFF8AE6FFA57C2A0A -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2012/04/24 15:07:20 | 000,114,176 | ---- | M] (Microsoft Corporation) MD5=396B76EC2329B07E08D79E7938B482F2 -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2012/04/24 15:07:51 | 000,260,096 | ---- | M] (Microsoft Corporation) MD5=ED62E84B4E023F319FAE8AD8FE4CBDD9 -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2012/04/24 15:07:33 | 005,025,792 | ---- | M] (Microsoft Corporation) MD5=0485EE61C40B876E349A34D3B179F669 -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
 
< %systemroot%\assembly\GAC_64\*.* /S /MD5 >
 
< CREATERESTOREPOINT >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs  >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-17 16:18:14
 
 
 
 
< End of report >
         
--- --- ---



Extra ist =,

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 6/12/2012 8:58:24 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
511.00 Mb Total Physical Memory | 251.00 Mb Available Physical Memory | 49.00% Memory free
459.00 Mb Paging File | 284.00 Mb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29.30 Gb Total Space | 18.12 Gb Free Space | 61.83% Space Free | Partition Type: NTFS
Drive D: | 1000.00 Gb Total Space | 417.93 Gb Free Space | 41.79% Space Free | Partition Type: NTFS
Drive E: | 100.00 Gb Total Space | 99.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive F: | 103.58 Gb Total Space | 103.51 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive G: | 63.01 Gb Total Space | 53.85 Gb Free Space | 85.46% Space Free | Partition Type: NTFS
Drive H: | 800.00 Gb Total Space | 249.26 Gb Free Space | 31.16% Space Free | Partition Type: NTFS
Drive J: | 7.46 Gb Total Space | 2.57 Gb Free Space | 34.44% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52306338-9945-41A5-A021-25739C852B58}" = StarMoney
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9CA72668-86CC-5447-9278-A0378FE45378}" = Media Add-ons für Acronis True Image Home 2010
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E4C57F9E-8673-40D3-B41A-BC7F445122DE}" = StarMoney 8.0 S-Edition
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E8D82F42-EBD8-478C-917B-28F5BA6EAAAA}" = StarMoney
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"abgx360" = abgx360 v1.0.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast!" = avast! Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Defraggler" = Defraggler
"FormatFactory" = FormatFactory 2.60
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Shop for HP Supplies" = Shop for HP Supplies
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.9
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"XnView_is1" = XnView 1.98
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.723
 
< End of report >
         
--- --- ---

Ich der Hoffnung, dass man Hiermit mehr anzufangen ist für bessere Hilfe.


Geändert von ssabines (12.06.2012 um 17:25 Uhr)

Alt 14.06.2012, 14:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Update Trojaner startet nicht in keinem Abgesicherten Modi. Bitte um Hilfe! - Standard

Windows Update Trojaner startet nicht in keinem Abgesicherten Modi. Bitte um Hilfe!



Auf Wunsch landet dieser Strang in der Tonne

=> http://www.trojaner-board.de/117190-...r-problem.html
__________________

__________________

 

Themen zu Windows Update Trojaner startet nicht in keinem Abgesicherten Modi. Bitte um Hilfe!
.dll, 32 bit, administrator, adobe, alternate, antivirus, avast, desktop, disabletaskmgr, einstellungen, error, explorer, fehler, firefox, flash player, format, homepage, lanmanworkstation, logfile, nvidia, nvidia update, plug-in, realtek, registry, remote user, scan, software, starmoney, symantec, system, trojaner, update trojaner, windows, windows internet, windows xp




Ähnliche Themen: Windows Update Trojaner startet nicht in keinem Abgesicherten Modi. Bitte um Hilfe!


  1. BKA/AKM Virus, WinXP Laptop lässt sich weder im normalen noch in einem der abgesicherten Modi starten
    Log-Analyse und Auswertung - 08.01.2015 (7)
  2. Bundestrojaner, Windows startet nicht im abgesicherten Modus
    Log-Analyse und Auswertung - 13.05.2014 (17)
  3. Windows XP Laptop gesperrt durch BKA Trojaner/ startet im abgesicherten Modus von alleine neu!
    Log-Analyse und Auswertung - 28.03.2014 (7)
  4. Windows 7: Langsam, MBam startet nicht, auch im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 11.03.2014 (7)
  5. United Kingdom Police Trojaner, Rechner startet nicht mehr im Abgesicherten Modus
    Log-Analyse und Auswertung - 22.02.2014 (3)
  6. GVU Trojaner - Windows XP startet nicht im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 15.12.2013 (13)
  7. GVU Trojaner - Windows startet nicht mehr im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 08.11.2013 (17)
  8. Windows 7 startet nach Update nicht mehr
    Alles rund um Windows - 29.10.2013 (10)
  9. GVU BKA Trojaner Win 7 startet nicht mehr im abgesicherten Modus
    Log-Analyse und Auswertung - 11.09.2013 (13)
  10. GVU Trojaner - Windows XP startet nicht im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (37)
  11. Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus
    Log-Analyse und Auswertung - 22.06.2012 (42)
  12. Trojaner/Virus sbcvvhost_win86 behindert Zugriff auf Windows in allem Modi
    Log-Analyse und Auswertung - 08.01.2012 (29)
  13. BS XP home startet nicht – in keinem Modus
    Alles rund um Windows - 15.10.2009 (5)
  14. Windows Vista Update wird nicht installiert bzw.Windows startet nicht mehr
    Alles rund um Windows - 16.08.2009 (4)
  15. Windows-Update führt zu Goggle, Anti-Malware startet nicht,Ad-aware updaten unmöglich
    Log-Analyse und Auswertung - 10.06.2009 (0)
  16. Windows startet nicht,auch nicht im abgesicherten Modus
    Alles rund um Windows - 29.07.2008 (3)
  17. Windows startet nicht - escan findet 37Viren... BITTE UM HILFE!
    Plagegeister aller Art und deren Bekämpfung - 16.01.2006 (1)

Zum Thema Windows Update Trojaner startet nicht in keinem Abgesicherten Modi. Bitte um Hilfe! - Hallo Zusammen! Habe jetzt einiges durchgelesen und probiert, dabei Wahrscheinlich mehr Schaden angerichtet. Ich weiss nicht mehr weiter und brauche Hilfe. Von Anfang an kam ich in keinen der Abgesicherten - Windows Update Trojaner startet nicht in keinem Abgesicherten Modi. Bitte um Hilfe!...
Archiv
Du betrachtest: Windows Update Trojaner startet nicht in keinem Abgesicherten Modi. Bitte um Hilfe! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.