My Start- Incredibar - noch immer auf meinem Rechner?

Vica · 19.09.2012, 10:49

Sorry , Klausuren, Klausuren und noch mehr Klausuren ...

Code:

ATTFilter

11:37:08.0048 2612  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
11:37:08.0279 2612  ============================================================
11:37:08.0279 2612  Current date / time: 2012/09/19 11:37:08.0279
11:37:08.0279 2612  SystemInfo:
11:37:08.0279 2612  
11:37:08.0279 2612  OS Version: 5.1.2600 ServicePack: 3.0
11:37:08.0279 2612  Product type: Workstation
11:37:08.0279 2612  ComputerName: PRIVAT-8B40CCD7
11:37:08.0279 2612  UserName: Julia Carolin
11:37:08.0279 2612  Windows directory: C:\WINDOWS
11:37:08.0279 2612  System windows directory: C:\WINDOWS
11:37:08.0279 2612  Processor architecture: Intel x86
11:37:08.0279 2612  Number of processors: 1
11:37:08.0279 2612  Page size: 0x1000
11:37:08.0279 2612  Boot type: Normal boot
11:37:08.0279 2612  ============================================================
11:37:09.0731 2612  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:37:09.0741 2612  ============================================================
11:37:09.0741 2612  \Device\Harddisk0\DR0:
11:37:09.0741 2612  MBR partitions:
11:37:09.0741 2612  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
11:37:09.0751 2612  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0xDBF5D96
11:37:09.0751 2612  ============================================================
11:37:09.0791 2612  C: <-> \Device\Harddisk0\DR0\Partition1
11:37:09.0821 2612  D: <-> \Device\Harddisk0\DR0\Partition2
11:37:09.0821 2612  ============================================================
11:37:09.0821 2612  Initialize success
11:37:09.0821 2612  ============================================================
11:41:20.0501 3812  ============================================================
11:41:20.0501 3812  Scan started
11:41:20.0501 3812  Mode: Manual; SigCheck; TDLFS; 
11:41:20.0501 3812  ============================================================
11:41:20.0812 3812  ================ Scan services =============================
11:41:20.0942 3812  Abiosdsk - ok
11:41:20.0952 3812  abp480n5 - ok
11:41:21.0022 3812  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:41:22.0705 3812  ACPI - ok
11:41:22.0735 3812  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:41:22.0885 3812  ACPIEC - ok
11:41:22.0955 3812  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:41:22.0975 3812  AdobeFlashPlayerUpdateSvc - ok
11:41:22.0985 3812  adpu160m - ok
11:41:23.0005 3812  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:41:23.0145 3812  aec - ok
11:41:23.0195 3812  [ 023867B6606FBABCDD52E089C4A507DA ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:41:23.0235 3812  AegisP - ok
11:41:23.0275 3812  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:41:23.0325 3812  AFD - ok
11:41:23.0386 3812  [ 8C8E48F772644570737D8BF0270D2BFC ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:41:23.0516 3812  AgereSoftModem - ok
11:41:23.0546 3812  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
11:41:23.0696 3812  agp440 - ok
11:41:23.0706 3812  Aha154x - ok
11:41:23.0706 3812  aic78u2 - ok
11:41:23.0716 3812  aic78xx - ok
11:41:23.0746 3812  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:41:23.0976 3812  Alerter - ok
11:41:23.0986 3812  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
11:41:24.0147 3812  ALG - ok
11:41:24.0157 3812  AliIde - ok
11:41:24.0167 3812  amsint - ok
11:41:24.0267 3812  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
11:41:24.0297 3812  AntiVirSchedulerService - ok
11:41:24.0337 3812  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
11:41:24.0357 3812  AntiVirService - ok
11:41:24.0427 3812  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:41:24.0447 3812  Apple Mobile Device - ok
11:41:24.0457 3812  AppMgmt - ok
11:41:24.0487 3812  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:41:24.0617 3812  Arp1394 - ok
11:41:24.0627 3812  asc - ok
11:41:24.0627 3812  asc3350p - ok
11:41:24.0637 3812  asc3550 - ok
11:41:24.0737 3812  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:41:24.0778 3812  aspnet_state - ok
11:41:24.0808 3812  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:41:24.0978 3812  AsyncMac - ok
11:41:24.0988 3812  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:41:25.0178 3812  atapi - ok
11:41:25.0188 3812  Atdisk - ok
11:41:25.0238 3812  [ 2F1AA04344074DD8A86955401EBDFB09 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:41:25.0308 3812  Ati HotKey Poller - ok
11:41:25.0358 3812  [ 54E8F2112567DB223BCC9BB58121F22A ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:41:25.0428 3812  ati2mtag - ok
11:41:25.0448 3812  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:41:25.0639 3812  Atmarpc - ok
11:41:25.0669 3812  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:41:25.0849 3812  AudioSrv - ok
11:41:25.0879 3812  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:41:26.0069 3812  audstub - ok
11:41:26.0109 3812  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:41:26.0220 3812  avgntflt - ok
11:41:26.0250 3812  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:41:26.0280 3812  avipbb - ok
11:41:26.0290 3812  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:41:26.0320 3812  avkmgr - ok
11:41:26.0350 3812  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:41:26.0540 3812  Beep - ok
11:41:26.0590 3812  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:41:26.0830 3812  BITS - ok
11:41:26.0871 3812  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
11:41:26.0931 3812  Browser - ok
11:41:26.0961 3812  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:41:27.0161 3812  cbidf2k - ok
11:41:27.0201 3812  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:41:27.0391 3812  CCDECODE - ok
11:41:27.0401 3812  cd20xrnt - ok
11:41:27.0431 3812  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:41:27.0642 3812  Cdaudio - ok
11:41:27.0692 3812  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:41:27.0842 3812  Cdfs - ok
11:41:27.0862 3812  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:41:27.0982 3812  Cdrom - ok
11:41:27.0982 3812  Changer - ok
11:41:28.0012 3812  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:41:28.0142 3812  CiSvc - ok
11:41:28.0182 3812  [ 8FEE4423D682394EB436C975D0A3A994 ] cjpcsc          C:\WINDOWS\system32\cjpcsc.exe
11:41:28.0212 3812  cjpcsc - ok
11:41:28.0242 3812  [ B0DFC4ADB1FF150AC466F3DAD323196A ] cjusb           C:\WINDOWS\system32\DRIVERS\cjusb.sys
11:41:28.0253 3812  cjusb - ok
11:41:28.0263 3812  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:41:28.0393 3812  ClipSrv - ok
11:41:28.0423 3812  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:41:28.0483 3812  clr_optimization_v2.0.50727_32 - ok
11:41:28.0523 3812  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:41:28.0653 3812  CmBatt - ok
11:41:28.0663 3812  CmdIde - ok
11:41:28.0683 3812  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:41:28.0803 3812  Compbatt - ok
11:41:28.0813 3812  COMSysApp - ok
11:41:28.0823 3812  Cpqarray - ok
11:41:28.0843 3812  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:41:28.0984 3812  CryptSvc - ok
11:41:28.0994 3812  dac2w2k - ok
11:41:29.0004 3812  dac960nt - ok
11:41:29.0044 3812  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:41:29.0084 3812  DcomLaunch - ok
11:41:29.0114 3812  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:41:29.0254 3812  Dhcp - ok
11:41:29.0284 3812  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:41:29.0414 3812  Disk - ok
11:41:29.0424 3812  dmadmin - ok
11:41:29.0464 3812  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:41:29.0675 3812  dmboot - ok
11:41:29.0705 3812  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:41:29.0855 3812  dmio - ok
11:41:29.0895 3812  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:41:30.0065 3812  dmload - ok
11:41:30.0105 3812  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:41:30.0255 3812  dmserver - ok
11:41:30.0275 3812  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:41:30.0436 3812  DMusic - ok
11:41:30.0466 3812  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:41:30.0536 3812  Dnscache - ok
11:41:30.0556 3812  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:41:30.0706 3812  Dot3svc - ok
11:41:30.0716 3812  dpti2o - ok
11:41:30.0756 3812  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:41:30.0916 3812  drmkaud - ok
11:41:30.0946 3812  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:41:31.0097 3812  EapHost - ok
11:41:31.0117 3812  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:41:31.0237 3812  ERSvc - ok
11:41:31.0287 3812  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
11:41:31.0317 3812  Eventlog - ok
11:41:31.0347 3812  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
11:41:31.0377 3812  EventSystem - ok
11:41:31.0407 3812  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:41:31.0527 3812  Fastfat - ok
11:41:31.0557 3812  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:41:31.0647 3812  FastUserSwitchingCompatibility - ok
11:41:31.0667 3812  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
11:41:31.0798 3812  Fdc - ok
11:41:31.0818 3812  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:41:31.0968 3812  Fips - ok
11:41:31.0988 3812  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
11:41:32.0148 3812  Flpydisk - ok
11:41:32.0188 3812  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:41:32.0338 3812  FltMgr - ok
11:41:32.0378 3812  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:41:32.0398 3812  FontCache3.0.0.0 - ok
11:41:32.0408 3812  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:41:32.0569 3812  Fs_Rec - ok
11:41:32.0579 3812  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:41:32.0729 3812  Ftdisk - ok
11:41:32.0749 3812  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
11:41:32.0769 3812  GEARAspiWDM - ok
11:41:32.0779 3812  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:41:32.0909 3812  Gpc - ok
11:41:32.0969 3812  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:41:33.0079 3812  helpsvc - ok
11:41:33.0089 3812  HidServ - ok
11:41:33.0120 3812  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:41:33.0230 3812  hkmsvc - ok
11:41:33.0240 3812  hpn - ok
11:41:33.0280 3812  [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:41:33.0330 3812  HPZid412 - ok
11:41:33.0340 3812  [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:41:33.0410 3812  HPZipr12 - ok
11:41:33.0430 3812  [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:41:33.0490 3812  HPZius12 - ok
11:41:33.0530 3812  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:41:33.0580 3812  HTTP - ok
11:41:33.0610 3812  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:41:33.0810 3812  HTTPFilter - ok
11:41:33.0861 3812  [ 93E5D34D95FF9011BEED886E3627F442 ] hwdatacard      C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
11:41:33.0901 3812  hwdatacard - ok
11:41:33.0921 3812  i2omgmt - ok
11:41:33.0931 3812  i2omp - ok
11:41:33.0971 3812  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:41:34.0201 3812  i8042prt - ok
11:41:34.0331 3812  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:41:34.0421 3812  idsvc - ok
11:41:34.0441 3812  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:41:34.0672 3812  Imapi - ok
11:41:34.0712 3812  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:41:34.0922 3812  ImapiService - ok
11:41:34.0932 3812  ini910u - ok
11:41:34.0952 3812  [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
11:41:35.0072 3812  IntelIde - ok
11:41:35.0112 3812  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:41:35.0233 3812  intelppm - ok
11:41:35.0253 3812  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
11:41:35.0383 3812  Ip6Fw - ok
11:41:35.0413 3812  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:41:35.0533 3812  IpFilterDriver - ok
11:41:35.0563 3812  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:41:35.0673 3812  IpInIp - ok
11:41:35.0703 3812  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:41:35.0813 3812  IpNat - ok
11:41:35.0873 3812  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
11:41:35.0934 3812  iPod Service - ok
11:41:35.0944 3812  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:41:36.0064 3812  IPSec - ok
11:41:36.0074 3812  [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda            C:\WINDOWS\system32\DRIVERS\irda.sys
11:41:36.0204 3812  irda - ok
11:41:36.0224 3812  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:41:36.0334 3812  IRENUM - ok
11:41:36.0364 3812  [ 2EFE1DB1EC58A26B0C14BFDA122E246F ] Irmon           C:\WINDOWS\System32\irmon.dll
11:41:36.0494 3812  Irmon - ok
11:41:36.0524 3812  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:41:36.0635 3812  isapnp - ok
11:41:36.0645 3812  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:41:36.0775 3812  Kbdclass - ok
11:41:36.0785 3812  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:41:36.0905 3812  kmixer - ok
11:41:37.0015 3812  [ 27277A11DB52FEFAE5B01DC8FB570B28 ] Kodak AiO Network Discovery Service C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe
11:41:37.0035 3812  Kodak AiO Network Discovery Service - ok
11:41:37.0065 3812  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:41:37.0135 3812  KSecDD - ok
11:41:37.0175 3812  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
11:41:37.0235 3812  lanmanserver - ok
11:41:37.0265 3812  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:41:37.0326 3812  lanmanworkstation - ok
11:41:37.0336 3812  lbrtfdc - ok
11:41:37.0376 3812  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:41:37.0496 3812  LmHosts - ok
11:41:37.0536 3812  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:41:37.0746 3812  Messenger - ok
11:41:37.0796 3812  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:41:38.0017 3812  mnmdd - ok
11:41:38.0047 3812  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
11:41:38.0277 3812  mnmsrvc - ok
11:41:38.0297 3812  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:41:38.0527 3812  Modem - ok
11:41:38.0537 3812  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:41:38.0738 3812  Mouclass - ok
11:41:38.0748 3812  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:41:38.0858 3812  MountMgr - ok
11:41:38.0868 3812  mraid35x - ok
11:41:38.0888 3812  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:41:39.0008 3812  MRxDAV - ok
11:41:39.0048 3812  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:41:39.0088 3812  MRxSmb - ok
11:41:39.0108 3812  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
11:41:39.0248 3812  MSDTC - ok
11:41:39.0278 3812  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:41:39.0399 3812  Msfs - ok
11:41:39.0399 3812  MSIServer - ok
11:41:39.0419 3812  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:41:39.0539 3812  MSKSSRV - ok
11:41:39.0559 3812  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:41:39.0699 3812  MSPCLOCK - ok
11:41:39.0729 3812  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:41:39.0859 3812  MSPQM - ok
11:41:39.0869 3812  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:41:40.0009 3812  mssmbios - ok
11:41:40.0039 3812  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
11:41:40.0170 3812  MSTEE - ok
11:41:40.0200 3812  [ 1C0F480B7C6136DDB5FB909995AF014A ] MTsensor        C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
11:41:40.0250 3812  MTsensor - ok
11:41:40.0280 3812  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:41:40.0310 3812  Mup - ok
11:41:40.0330 3812  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:41:40.0490 3812  NABTSFEC - ok
11:41:40.0530 3812  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:41:40.0680 3812  napagent - ok
11:41:40.0710 3812  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:41:40.0861 3812  NDIS - ok
11:41:40.0891 3812  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:41:41.0041 3812  NdisIP - ok
11:41:41.0061 3812  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:41:41.0101 3812  NdisTapi - ok
11:41:41.0131 3812  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:41:41.0341 3812  Ndisuio - ok
11:41:41.0361 3812  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:41:41.0502 3812  NdisWan - ok
11:41:41.0532 3812  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:41:41.0572 3812  NDProxy - ok
11:41:41.0602 3812  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:41:41.0772 3812  NetBIOS - ok
11:41:41.0792 3812  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:41:41.0982 3812  NetBT - ok
11:41:42.0012 3812  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:41:42.0132 3812  NetDDE - ok
11:41:42.0132 3812  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:41:42.0263 3812  NetDDEdsdm - ok
11:41:42.0283 3812  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:41:42.0393 3812  Netlogon - ok
11:41:42.0423 3812  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
11:41:42.0553 3812  Netman - ok
11:41:42.0603 3812  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:41:42.0623 3812  NetTcpPortSharing - ok
11:41:42.0643 3812  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:41:42.0763 3812  NIC1394 - ok
11:41:42.0803 3812  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:41:42.0823 3812  Nla - ok
11:41:42.0854 3812  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:41:42.0984 3812  Npfs - ok
11:41:43.0024 3812  [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA         C:\WINDOWS\system32\DRIVERS\nscirda.sys
11:41:43.0164 3812  NSCIRDA - ok
11:41:43.0194 3812  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:41:43.0364 3812  Ntfs - ok
11:41:43.0374 3812  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:41:43.0524 3812  NtLmSsp - ok
11:41:43.0555 3812  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:41:43.0705 3812  NtmsSvc - ok
11:41:43.0725 3812  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:41:43.0855 3812  Null - ok
11:41:43.0895 3812  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:41:44.0025 3812  NwlnkFlt - ok
11:41:44.0045 3812  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:41:44.0175 3812  NwlnkFwd - ok
11:41:44.0296 3812  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
11:41:44.0326 3812  odserv - ok
11:41:44.0356 3812  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:41:44.0466 3812  ohci1394 - ok
11:41:44.0506 3812  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
11:41:44.0526 3812  ose - ok
11:41:44.0556 3812  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:41:44.0676 3812  Parport - ok
11:41:44.0696 3812  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:41:44.0856 3812  PartMgr - ok
11:41:44.0896 3812  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:41:45.0067 3812  ParVdm - ok
11:41:45.0067 3812  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:41:45.0227 3812  PCI - ok
11:41:45.0237 3812  PCIDump - ok
11:41:45.0247 3812  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\drivers\PCIIde.sys
11:41:45.0387 3812  PCIIde - ok
11:41:45.0407 3812  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:41:45.0517 3812  Pcmcia - ok
11:41:45.0527 3812  PDCOMP - ok
11:41:45.0547 3812  PDFRAME - ok
11:41:45.0547 3812  PDRELI - ok
11:41:45.0557 3812  PDRFRAME - ok
11:41:45.0567 3812  perc2 - ok
11:41:45.0577 3812  perc2hib - ok
11:41:45.0607 3812  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
11:41:45.0638 3812  PlugPlay - ok
11:41:45.0648 3812  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:41:45.0758 3812  PolicyAgent - ok
11:41:45.0778 3812  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:41:45.0898 3812  PptpMiniport - ok
11:41:45.0898 3812  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:41:46.0018 3812  ProtectedStorage - ok
11:41:46.0028 3812  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:41:46.0148 3812  PSched - ok
11:41:46.0158 3812  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:41:46.0298 3812  Ptilink - ok
11:41:46.0308 3812  ql1080 - ok
11:41:46.0308 3812  Ql10wnt - ok
11:41:46.0318 3812  ql12160 - ok
11:41:46.0328 3812  ql1240 - ok
11:41:46.0339 3812  ql1280 - ok
11:41:46.0359 3812  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:41:46.0469 3812  RasAcd - ok
11:41:46.0509 3812  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:41:46.0629 3812  RasAuto - ok
11:41:46.0649 3812  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:41:46.0719 3812  Rasirda - ok
11:41:46.0729 3812  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:41:46.0849 3812  Rasl2tp - ok
11:41:46.0879 3812  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:41:46.0999 3812  RasMan - ok
11:41:47.0009 3812  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:41:47.0140 3812  RasPppoe - ok
11:41:47.0150 3812  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:41:47.0290 3812  Raspti - ok
11:41:47.0310 3812  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:41:47.0420 3812  Rdbss - ok
11:41:47.0430 3812  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:41:47.0570 3812  RDPCDD - ok
11:41:47.0600 3812  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:41:47.0660 3812  RDPWD - ok
11:41:47.0680 3812  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:41:47.0811 3812  RDSessMgr - ok
11:41:47.0821 3812  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:41:47.0951 3812  redbook - ok
11:41:47.0971 3812  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:41:48.0091 3812  RemoteAccess - ok
11:41:48.0111 3812  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:41:48.0251 3812  RpcLocator - ok
11:41:48.0281 3812  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
11:41:48.0311 3812  RpcSs - ok
11:41:48.0341 3812  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
11:41:48.0502 3812  RSVP - ok
11:41:48.0522 3812  [ D0AC0B0355A3FFB85EB77B083CD0627C ] rtl8139         C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
11:41:48.0572 3812  rtl8139 - ok
11:41:48.0602 3812  [ C26A053E4DB47F6CDD8653C83AAF22EE ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:41:48.0662 3812  s24trans - ok
11:41:48.0672 3812  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:41:48.0802 3812  SamSs - ok
11:41:48.0852 3812  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:41:49.0012 3812  SCardSvr - ok
11:41:49.0052 3812  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:41:49.0213 3812  Schedule - ok
11:41:49.0263 3812  [ D2654321192037BAE90204E2FA6697CE ] sea1bus         C:\WINDOWS\system32\DRIVERS\sea1bus.sys
11:41:49.0403 3812  sea1bus - ok
11:41:49.0433 3812  [ 8146D9EC5142BD364956D3807F09CA9A ] sea1mdfl        C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys
11:41:49.0473 3812  sea1mdfl - ok
11:41:49.0503 3812  [ AFE065DA777DC4408C64DF5C87472BB9 ] sea1mdm         C:\WINDOWS\system32\DRIVERS\sea1mdm.sys
11:41:49.0533 3812  sea1mdm - ok
11:41:49.0553 3812  [ A0BBD60222AD053D52F3A5C4F79904C7 ] sea1mgmt        C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys
11:41:49.0583 3812  sea1mgmt - ok
11:41:49.0603 3812  [ 6549BABFC3362F1621A8C0EFF288FB14 ] sea1nd5         C:\WINDOWS\system32\DRIVERS\sea1nd5.sys
11:41:49.0643 3812  sea1nd5 - ok
11:41:49.0663 3812  [ 957510AB44E84497733F53322351F6E8 ] sea1obex        C:\WINDOWS\system32\DRIVERS\sea1obex.sys
11:41:49.0693 3812  sea1obex - ok
11:41:49.0723 3812  [ C1517E6A7CE1191AB076472BDF1B0E6E ] sea1unic        C:\WINDOWS\system32\DRIVERS\sea1unic.sys
11:41:49.0763 3812  sea1unic - ok
11:41:49.0793 3812  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:41:50.0024 3812  Secdrv - ok
11:41:50.0054 3812  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:41:50.0284 3812  seclogon - ok
11:41:50.0304 3812  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
11:41:50.0434 3812  SENS - ok
11:41:50.0444 3812  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:41:50.0565 3812  serenum - ok
11:41:50.0575 3812  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:41:50.0705 3812  Serial - ok
11:41:50.0725 3812  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:41:50.0845 3812  Sfloppy - ok
11:41:50.0895 3812  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:41:51.0025 3812  SharedAccess - ok
11:41:51.0035 3812  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:41:51.0065 3812  ShellHWDetection - ok
11:41:51.0075 3812  Simbad - ok
11:41:51.0105 3812  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:41:51.0216 3812  SLIP - ok
11:41:51.0226 3812  Sparrow - ok
11:41:51.0246 3812  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:41:51.0366 3812  splitter - ok
11:41:51.0406 3812  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:41:51.0436 3812  Spooler - ok
11:41:51.0466 3812  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:41:51.0596 3812  sr - ok
11:41:51.0636 3812  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:41:51.0766 3812  srservice - ok
11:41:51.0806 3812  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:41:51.0846 3812  Srv - ok
11:41:51.0866 3812  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:41:52.0027 3812  SSDPSRV - ok
11:41:52.0057 3812  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:41:52.0077 3812  ssmdrv - ok
11:41:52.0107 3812  [ 8E84DC1619B02E57E6F0514718C6343D ] STAC97          C:\WINDOWS\system32\drivers\STAC97.sys
11:41:52.0157 3812  STAC97 - ok
11:41:52.0247 3812  [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney 8.0 OnlineUpdate C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
11:41:52.0297 3812  StarMoney 8.0 OnlineUpdate - ok
11:41:52.0297 3812  StarOpen - ok
11:41:52.0347 3812  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:41:52.0467 3812  stisvc - ok
11:41:52.0497 3812  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:41:52.0648 3812  streamip - ok
11:41:52.0678 3812  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:41:52.0858 3812  swenum - ok
11:41:52.0878 3812  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:41:53.0058 3812  swmidi - ok
11:41:53.0068 3812  SwPrv - ok
11:41:53.0088 3812  symc810 - ok
11:41:53.0098 3812  symc8xx - ok
11:41:53.0108 3812  sym_hi - ok
11:41:53.0118 3812  sym_u3 - ok
11:41:53.0168 3812  [ 903162814EF6F439A87AF6E58B07AB72 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:41:53.0228 3812  SynTP - ok
11:41:53.0248 3812  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:41:53.0369 3812  sysaudio - ok
11:41:53.0399 3812  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:41:53.0529 3812  SysmonLog - ok
11:41:53.0559 3812  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:41:53.0699 3812  TapiSrv - ok
11:41:53.0739 3812  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:41:53.0769 3812  Tcpip - ok
11:41:53.0799 3812  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:41:53.0949 3812  TDPIPE - ok
11:41:53.0969 3812  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:41:54.0100 3812  TDTCP - ok
11:41:54.0120 3812  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:41:54.0260 3812  TermDD - ok
11:41:54.0290 3812  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
11:41:54.0450 3812  TermService - ok
11:41:54.0480 3812  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:41:54.0490 3812  Themes - ok
11:41:54.0540 3812  [ E319535A8124F25C1C9C5288CACF3101 ] TomTomHOMEService C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
11:41:54.0560 3812  TomTomHOMEService - ok
11:41:54.0570 3812  TosIde - ok
11:41:54.0590 3812  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:41:54.0751 3812  TrkWks - ok
11:41:54.0771 3812  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:41:54.0941 3812  Udfs - ok
11:41:54.0951 3812  ultra - ok
11:41:54.0991 3812  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:41:55.0151 3812  Update - ok
11:41:55.0181 3812  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:41:55.0331 3812  upnphost - ok
11:41:55.0351 3812  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
11:41:55.0502 3812  UPS - ok
11:41:55.0552 3812  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
11:41:55.0672 3812  usbaudio - ok
11:41:55.0702 3812  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:41:55.0822 3812  usbccgp - ok
11:41:55.0842 3812  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:41:55.0962 3812  usbehci - ok
11:41:55.0992 3812  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:41:56.0103 3812  usbhub - ok
11:41:56.0113 3812  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:41:56.0233 3812  usbprint - ok
11:41:56.0253 3812  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:41:56.0363 3812  usbscan - ok
11:41:56.0403 3812  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:41:56.0523 3812  USBSTOR - ok
11:41:56.0543 3812  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:41:56.0653 3812  usbuhci - ok
11:41:56.0663 3812  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:41:56.0784 3812  VgaSave - ok
11:41:56.0794 3812  ViaIde - ok
11:41:56.0824 3812  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:41:56.0944 3812  VolSnap - ok
11:41:56.0974 3812  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
11:41:57.0094 3812  VSS - ok
11:41:57.0194 3812  [ 13ACFED0E6ADCA97440169DFD127EBCF ] VX3000          C:\WINDOWS\system32\DRIVERS\VX3000.sys
11:41:57.0314 3812  VX3000 - ok
11:41:57.0465 3812  [ A22ABD73E0D6BA666CBA4E86EEB001B3 ] w29n51          C:\WINDOWS\system32\DRIVERS\w29n51.sys
11:41:57.0625 3812  w29n51 - ok
11:41:57.0665 3812  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
11:41:57.0825 3812  W32Time - ok
11:41:57.0855 3812  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:41:58.0075 3812  Wanarp - ok
11:41:58.0085 3812  WDICA - ok
11:41:58.0105 3812  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:41:58.0236 3812  wdmaud - ok
11:41:58.0266 3812  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:41:58.0386 3812  WebClient - ok
11:41:58.0456 3812  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:41:58.0586 3812  winmgmt - ok
11:41:58.0626 3812  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
11:41:58.0686 3812  WmdmPmSN - ok
11:41:58.0716 3812  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:41:58.0836 3812  WmiApSrv - ok
11:41:58.0917 3812  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
11:41:58.0997 3812  WMPNetworkSvc - ok
11:41:59.0027 3812  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:41:59.0177 3812  wscsvc - ok
11:41:59.0207 3812  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:41:59.0367 3812  WSTCODEC - ok
11:41:59.0387 3812  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:41:59.0558 3812  wuauserv - ok
11:41:59.0588 3812  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:41:59.0648 3812  WudfPf - ok
11:41:59.0678 3812  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:41:59.0698 3812  WudfRd - ok
11:41:59.0718 3812  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
11:41:59.0738 3812  WudfSvc - ok
11:41:59.0788 3812  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:41:59.0948 3812  WZCSVC - ok
11:41:59.0978 3812  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:42:00.0148 3812  xmlprov - ok
11:42:00.0178 3812  ================ Scan global ===============================
11:42:00.0198 3812  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
11:42:00.0238 3812  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:42:00.0269 3812  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:42:00.0289 3812  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
11:42:00.0289 3812  [Global] - ok
11:42:00.0289 3812  ================ Scan MBR ==================================
11:42:00.0309 3812  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
11:42:00.0659 3812  \Device\Harddisk0\DR0 - ok
11:42:00.0659 3812  ================ Scan VBR ==================================
11:42:00.0669 3812  [ EA1B97A08589DDAF6EF96231A246B8F2 ] \Device\Harddisk0\DR0\Partition1
11:42:00.0669 3812  \Device\Harddisk0\DR0\Partition1 - ok
11:42:00.0679 3812  [ DF37D8386FE63D71ED06EDFE351C294A ] \Device\Harddisk0\DR0\Partition2
11:42:00.0679 3812  \Device\Harddisk0\DR0\Partition2 - ok
11:42:00.0689 3812  ============================================================
11:42:00.0689 3812  Scan finished
11:42:00.0689 3812  ============================================================
11:42:00.0829 0276  Detected object count: 0
11:42:00.0829 0276  Actual detected object count: 0

cosinus · 19.09.2012, 16:04

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Vica · 20.09.2012, 08:05

Code:

ATTFilter

ComboFix 12-09-18.07 - Julia Carolin 20.09.2012   0:56.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.511.144 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Julia Carolin\Eigene Dateien\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Julia Carolin\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\Inetde.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-19 bis 2012-09-19  ))))))))))))))))))))))))))))))
.
.
2012-09-19 09:12 . 2012-09-19 09:12	--------	d-----w-	c:\dokumente und einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
2012-09-01 11:14 . 2012-09-01 11:14	--------	d-----w-	C:\_OTL
2012-08-21 13:37 . 2000-05-22 14:58	115920	----a-w-	c:\windows\system32\msinet.ocx
2012-08-21 13:37 . 2000-04-03 18:06	16896	----a-w-	c:\windows\system32\winskde.dll
2012-08-21 13:37 . 1999-07-14 12:07	6656	----a-w-	c:\windows\system32\stdftde.dll
2012-08-21 13:37 . 1998-07-05 22:00	22528	----a-w-	c:\windows\system32\Tabctde.dll
2012-08-21 13:37 . 1998-07-05 22:00	158208	----a-w-	c:\windows\system32\Mscmcde.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 19:04 . 2012-06-18 19:39	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-16 19:04 . 2011-05-30 08:51	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-12 19:53 . 2012-08-12 19:33	14664	----a-w-	c:\windows\stinger.sys
2012-08-12 19:32 . 2012-08-12 19:32	159608	----a-w-	c:\windows\system32\mfevtps.exe.92f0.deleteme
2012-07-06 13:59 . 2004-08-04 12:00	78336	----a-w-	c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-06-05 16:56	139784	------w-	c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:25 . 2004-08-04 12:00	1866240	------w-	c:\windows\system32\win32k.sys
2012-07-02 17:39 . 2004-08-04 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2004-08-04 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2004-08-04 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 12:00	385024	------w-	c:\windows\system32\html.iec
2011-11-09 09:21 . 2011-11-09 09:20	14947112	----a-w-	c:\programme\GMX_Firefox_Setup.exe
2011-05-15 14:58 . 2011-05-15 13:35	2162200454	----a-w-	c:\programme\SPSS 19 Windows.exe
2010-11-08 18:16 . 2010-03-25 12:55	44151368	----a-w-	c:\programme\avira_antivir_personal_de.exe
2012-04-19 12:45 . 2012-02-25 20:10	97208	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\programme\TomTom HOME 2\TomTomHOMERunner.exe" [2012-07-26 247768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2004-02-25 28672]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2003-06-17 126976]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2003-06-17 561152]
"SAMSUNG Keydefin"="c:\programme\SAMSUNG\Keydefin\KeyDefin.exe" [2004-01-15 28672]
"Hcontrol"="c:\windows\ATK0100\Hcontrol.exe" [2003-09-08 61440]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-11 87751]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\programme\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33	421776	----a-w-	c:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-01-26 11:36	495616	----a-r-	c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-07-26 12:16	247768	----a-w-	c:\programme\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Zattoo\\Zattoo2.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Dokumente und Einstellungen\\Julia Carolin\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Programme\\IBM\\SPSS\\Statistics\\20\\stats.exe"=
"d:\\Programme\\IBM\\SPSS\\Statistics\\20\\WinWrapIDE.exe"=
"d:\\Programme\\IBM\\SPSS\\Statistics\\20\\stats.com"=
"d:\\Programme\\IBM\\SPSS\\Statistics\\20\\JRE\\bin\\javaw.exe"=
"c:\\Programme\\StarMoney 8.0 S-Edition\\ouservice\\StarMoneyOnlineUpdate.exe"=
"c:\\Programme\\StarMoney 8.0 S-Edition\\app\\StarMoney.exe"=
"c:\\Programme\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Programme\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Programme\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Programme\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Kodak\\Installer\\Setup.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9322:TCP"= 9322:TCP:EKDiscovery
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [09.03.2012 12:02 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [09.03.2012 12:02 86224]
R2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [07.12.2011 19:03 511920]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\programme\Kodak\AiO\Center\EKAiOHostService.exe [19.12.2011 17:32 394672]
R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [13.07.2012 12:46 692432]
R2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [26.07.2012 14:16 92632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18.06.2012 21:39 250056]
S3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\drivers\cjusb.sys [10.06.2008 19:05 28144]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [28.09.2008 19:10 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [11.04.2010 17:14 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [11.04.2010 17:14 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [11.04.2010 17:14 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [11.04.2010 17:14 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [11.04.2010 17:14 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [11.04.2010 17:14 90800]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 57094185
*Deregistered* - 57094185
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 19:04]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-706699826-1343024091-1004Core.job
- c:\dokumente und einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2012-01-07 09:01]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-706699826-1343024091-1004UA.job
- c:\dokumente und einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2012-01-07 09:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Julia Carolin\Anwendungsdaten\Mozilla\Firefox\Profiles\r1sqtrya.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8BzEFEmZ&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - e84d6060000000000000000e359b81e2
FF - user.js: extensions.incredibar_i.instlDay - 15561
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1419:00
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6R8BzEFEmZ
FF - user.js: extensions.incredibar_i.upn2n - 92824852064776265
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112542&tt=090812_bab_3212_5
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - e84d6060000000000000000e359b81e2
FF - user.js: extensions.BabylonToolbar.instlDay - 15561
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.619:05
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-29527366.sys
MSConfigStartUp-QuickTime Task - c:\programme\QuickTime\QTTask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-20 01:07
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-20  01:10:59
ComboFix-quarantined-files.txt  2012-09-19 23:10
.
Vor Suchlauf: 4.261.978.112 Bytes frei
Nach Suchlauf: 4.451.053.568 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D6C266BFF9B6902D81B0192EF41C7736

cosinus · 20.09.2012, 14:54

Soweit ok aber ich seh noch etwas Toolbar-Müll

Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Vica · 23.12.2012, 19:17

So, final approach:

Code:

ATTFilter

# AdwCleaner v2.101 - Datei am 23/12/2012 um 19:14:43 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Julia Carolin - PRIVAT-8B40CCD7
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Julia Carolin\Eigene Dateien\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Programme\Perion

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R10].txt - [758 octets] - [30/08/2012 21:55:27]
AdwCleaner[R11].txt - [818 octets] - [31/08/2012 21:58:06]
AdwCleaner[R12].txt - [836 octets] - [23/12/2012 19:14:43]

########## EOF - C:\AdwCleaner[R12].txt - [896 octets] ##########

und Merry Xmas!

cosinus · 23.12.2012, 19:43

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Vica · 24.12.2012, 02:00

Code:

ATTFilter

# AdwCleaner v2.102 - Datei am 24/12/2012 um 01:27:46 erstellt
# Aktualisiert am 23/12/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Julia Carolin - PRIVAT-8B40CCD7
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Julia Carolin\Eigene Dateien\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Programme\Perion

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R10].txt - [758 octets] - [30/08/2012 21:55:27]
AdwCleaner[R11].txt - [818 octets] - [31/08/2012 21:58:06]
AdwCleaner[R12].txt - [965 octets] - [23/12/2012 19:14:43]
AdwCleaner[S8].txt - [1108 octets] - [24/12/2012 01:27:46]

########## EOF - C:\AdwCleaner[S8].txt - [1168 octets] ##########

Code:

ATTFilter

OTL logfile created on: 24.12.2012 01:35:39 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Dokumente und Einstellungen\Julia Carolin\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
510,98 Mb Total Physical Memory | 131,15 Mb Available Physical Memory | 25,67% Memory free
1,22 Gb Paging File | 0,68 Gb Available in Paging File | 55,65% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 4,80 Gb Free Space | 12,29% Space Free | Partition Type: NTFS
Drive D: | 109,98 Gb Total Space | 108,25 Gb Free Space | 98,42% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT-8B40CCD7 | User Name: Julia Carolin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Dokumente und Einstellungen\Julia Carolin\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\system32\cjpcsc.exe (REINER SCT)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Programme\SAMSUNG\Keydefin\KeyDefin.exe ()
PRC - C:\WINDOWS\ATK0100\Hcontrol.exe ()
PRC - C:\WINDOWS\ATK0100\ATKOSD.exe ()
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\e9586a65ad6367804227335f19f8129e\Inkjet.Automation.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\811b30adb7d717d097f578376a529bd3\Inkjet.DeviceSettings.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7ec47c4afad694faa491abd6b45928a\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\7cbb1790cd14569c8b83bcc18f701db8\Inkjet.Diagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\5bfe6be47ba9428e7a998b8754f4b7c8\Inkjet.Localization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\a0a8ecc06169e53623e46a4df02b561f\Inkjet.Utilities.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\9946fbc6e54625c962f6f63a6a2f8bb8\Inkjet.Hardware.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\344311144d2a60d63b4ec8f072c1d8a4\Inkjet.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\4d4b611aee5cfdb0b89d1f5ff6b30b84\Inkjet.Statistics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll ()
MOD - C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll ()
MOD - C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll ()
MOD - C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
MOD - C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
MOD - C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
MOD - C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\WINDOWS\system32\SerialXP.dll ()
MOD - C:\Programme\SAMSUNG\Keydefin\KeyDefin.exe ()
MOD - C:\WINDOWS\ATK0100\Hcontrol.exe ()
MOD - C:\WINDOWS\ATK0100\ATKOSD.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Kodak AiO Network Discovery Service) -- C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (cjpcsc) -- C:\WINDOWS\system32\cjpcsc.exe (REINER SCT)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (StarOpen) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\JULIAC~1\LOKALE~1\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (cjusb) -- C:\WINDOWS\system32\drivers\cjusb.sys (REINER SCT)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (VX3000) -- C:\WINDOWS\system32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (sea1unic) -- C:\WINDOWS\system32\drivers\sea1unic.sys (MCCI)
DRV - (sea1obex) -- C:\WINDOWS\system32\drivers\sea1obex.sys (MCCI)
DRV - (sea1nd5) -- C:\WINDOWS\system32\drivers\sea1nd5.sys (MCCI)
DRV - (sea1mgmt) -- C:\WINDOWS\system32\drivers\sea1mgmt.sys (MCCI)
DRV - (sea1mdm) -- C:\WINDOWS\system32\drivers\sea1mdm.sys (MCCI)
DRV - (sea1mdfl) -- C:\WINDOWS\system32\drivers\sea1mdfl.sys (MCCI)
DRV - (sea1bus) -- C:\WINDOWS\system32\drivers\sea1bus.sys (MCCI)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2000478354-706699826-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2000478354-706699826-1343024091-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2000478354-706699826-1343024091-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2000478354-706699826-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.09 14:20:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.10 12:30:09 | 000,000,000 | ---D | M]
 
[2011.04.01 22:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Julia Carolin\Anwendungsdaten\Mozilla\Extensions
[2011.04.01 22:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Julia Carolin\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.08.21 13:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Julia Carolin\Anwendungsdaten\Mozilla\Firefox\Profiles\r1sqtrya.default\extensions
[2012.06.22 12:04:38 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Dokumente und Einstellungen\Julia Carolin\Anwendungsdaten\Mozilla\Firefox\Profiles\r1sqtrya.default\extensions\foxyproxy@eric.h.jung
[2011.11.10 12:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.09.01 14:15:32 | 000,000,000 | ---D | M] ("Torbutton") -- C:\Programme\Mozilla Firefox\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2012.07.15 14:10:26 | 000,109,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\JULIA CAROLIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\R1SQTRYA.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2012.11.09 14:20:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.11.09 14:20:15 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.09 14:20:15 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.11.09 14:20:15 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.09 14:20:15 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.09 14:20:15 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.09 14:20:15 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programme\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012.09.20 00:07:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [SAMSUNG Keydefin] C:\Programme\SAMSUNG\Keydefin\KeyDefin.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-2000478354-706699826-1343024091-1004..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Programme\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Programme\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-706699826-1343024091-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-706699826-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2000478354-706699826-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2000478354-706699826-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213260859745 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2886A90A-C1BE-4C21-97FA-7B4DD047DD2C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.09 10:20:11 | 014,947,112 | ---- | C] (Mozilla) -- C:\Programme\GMX_Firefox_Setup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.24 01:30:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.12.24 01:27:02 | 000,001,242 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-706699826-1343024091-1004UA.job
[2012.12.24 01:11:05 | 000,173,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.12.23 19:28:07 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.12.23 19:04:37 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.12.23 19:04:34 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.12.23 19:04:34 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.12.23 18:32:56 | 000,002,424 | ---- | M] () -- C:\Dokumente und Einstellungen\Julia Carolin\Desktop\Google Chrome.lnk
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012.12.05 17:42:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
 
========== Files Created - No Company Name ==========
 
[2012.09.19 23:50:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.09.19 23:50:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.09.19 23:50:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.09.19 23:50:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.09.19 23:50:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.08.30 14:33:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Julia Carolin\defogger_reenable
[2012.02.28 12:39:22 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2012.02.28 12:39:22 | 000,000,058 | ---- | C] () -- C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2012.02.16 11:42:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.07 18:03:33 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SerialXP.dll
[2011.12.07 18:03:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\win32com.dll
[2011.07.20 16:33:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.05.15 14:35:24 | 2162,200,454 | ---- | C] () -- C:\Programme\SPSS 19 Windows.exe
[2010.03.25 13:55:32 | 044,151,368 | ---- | C] () -- C:\Programme\avira_antivir_personal_de.exe
[2010.02.24 01:18:36 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2009.06.05 16:23:46 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.18 11:43:05 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 24.12.2012 01:35:40 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Dokumente und Einstellungen\Julia Carolin\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
510,98 Mb Total Physical Memory | 131,15 Mb Available Physical Memory | 25,67% Memory free
1,22 Gb Paging File | 0,68 Gb Available in Paging File | 55,65% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 4,80 Gb Free Space | 12,29% Space Free | Partition Type: NTFS
Drive D: | 109,98 Gb Total Space | 108,25 Gb Free Space | 98,42% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT-8B40CCD7 | User Name: Julia Carolin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-2000478354-706699826-1343024091-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled:  -- ()
"C:\Dokumente und Einstellungen\Julia Carolin\temp\TeamViewer\Version4\TeamViewer.exe" = C:\Dokumente und Einstellungen\Julia Carolin\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"D:\Programme\IBM\SPSS\Statistics\20\stats.exe" = D:\Programme\IBM\SPSS\Statistics\20\stats.exe:*:Disabled:Statistics20:exe -- (IBM Corp.)
"D:\Programme\IBM\SPSS\Statistics\20\WinWrapIDE.exe" = D:\Programme\IBM\SPSS\Statistics\20\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (IBM Corp.)
"D:\Programme\IBM\SPSS\Statistics\20\stats.com" = D:\Programme\IBM\SPSS\Statistics\20\stats.com:*:Disabled:Statistics20:com -- (IBM Corp.)
"D:\Programme\IBM\SPSS\Statistics\20\JRE\bin\javaw.exe" = D:\Programme\IBM\SPSS\Statistics\20\JRE\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (IBM)
"C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe" = C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe:*:Enabled:StarMoney 8.0 OnlineUpdate -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"C:\Programme\StarMoney 8.0 S-Edition\app\StarMoney.exe" = C:\Programme\StarMoney 8.0 S-Edition\app\StarMoney.exe:*:Enabled:StarMoney 8.0 -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"C:\Programme\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Programme\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Programme\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Programme\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Programme\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Programme\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Programme\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Programme\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kodak\Installer\Setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310
"{30DB11CB-5A5C-471C-B777-3CC12D7BE2C3}" = StarMoney
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35343FF7-939B-401A-87B3-FF90A5123D88}" = Microsoft XML Parser und SDK
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3E8077B5-A703-4F0F-B652-BA615F87A15D}" = Samsung Network Manager
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{668B2B3A-4241-409F-A4AE-79B5016A487E}" = Sony Ericsson PC Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6E9B8289-8229-4681-8878-3DDB2C5F9B8E}" = Brother HL-2030
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup for Realtek RTL8139/810x Family NIC 3.00
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A174DB5-0B95-46B1-A787-341DF14AB2D5}" = Samsung Smart Screen
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9DB2E18E-2A1F-4D65-A258-9CB446903C3E}" = Amos 17.0
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AF7CFEF6-BF8A-40EE-A3A9-9A3D567DF066}" = Samsung Update Plus
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B9EAEF2E-5F43-4B49-9EE3-BCD3D9F1B514}" = StarMoney 8.0 S-Edition
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{EF99C14B-17C2-4994-B5C1-EB204A343A6F}" = User's Guide
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem v2134D
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"BlueShot 1.2.1_is1" = BlueShot 1.2.1
"CCleaner" = CCleaner
"Hcontrol" = ATK0100 ACPI UTILITY
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme
"Keydefin" = Keydefin V2.0
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"numpy-py2.5" = Python 2.5 numpy-1.1.0
"ProInst" = Intel(R) PROSet/Wireless Software
"scipy-py2.5" = Python 2.5 scipy-0.6.0
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics TouchPad
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2000478354-706699826-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.09.2012 04:56:28 | Computer Name = PRIVAT-8B40CCD7 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 18.11.2012 18:44:58 | Computer Name = PRIVAT-8B40CCD7 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
 could be found for product Microsoft .NET Framework 1.1.  The Windows installer
 cannot continue.
 
Error - 18.11.2012 18:45:00 | Computer Name = PRIVAT-8B40CCD7 | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{8F736E10-8E5C-4399-A532-D0C00A406227}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log
 enthalten.
 
Error - 18.11.2012 18:45:03 | Computer Name = PRIVAT-8B40CCD7 | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 23.12.2012 12:53:06 | Computer Name = PRIVAT-8B40CCD7 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
 could be found for product Microsoft .NET Framework 1.1.  The Windows installer
 cannot continue.
 
Error - 23.12.2012 12:53:13 | Computer Name = PRIVAT-8B40CCD7 | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{8F736E10-8E5C-4399-A532-D0C00A406227}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log
 enthalten.
 
Error - 23.12.2012 12:53:20 | Computer Name = PRIVAT-8B40CCD7 | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 23.12.2012 14:27:48 | Computer Name = PRIVAT-8B40CCD7 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
 could be found for product Microsoft .NET Framework 1.1.  The Windows installer
 cannot continue.
 
Error - 23.12.2012 14:27:50 | Computer Name = PRIVAT-8B40CCD7 | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{8F736E10-8E5C-4399-A532-D0C00A406227}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log
 enthalten.
 
Error - 23.12.2012 14:27:51 | Computer Name = PRIVAT-8B40CCD7 | Source = NativeWrapper | ID = 5000
Description = 
 
[ OSession Events ]
Error - 05.08.2009 06:34:49 | Computer Name = PRIVAT-8B40CCD7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 925
 seconds with 900 seconds of active time.  This session ended with a crash.
 
Error - 09.11.2011 10:44:18 | Computer Name = PRIVAT-8B40CCD7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16963
 seconds with 480 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.11.2012 14:38:25 | Computer Name = PRIVAT-8B40CCD7 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst StarMoney
 8.0 OnlineUpdate.
 
Error - 18.11.2012 18:45:05 | Computer Name = PRIVAT-8B40CCD7 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2698023)
 
Error - 05.12.2012 12:42:45 | Computer Name = PRIVAT-8B40CCD7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 05.12.2012 12:42:45 | Computer Name = PRIVAT-8B40CCD7 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst StarMoney
 8.0 OnlineUpdate.
 
Error - 23.12.2012 12:53:35 | Computer Name = PRIVAT-8B40CCD7 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2698023)
 
Error - 23.12.2012 14:27:53 | Computer Name = PRIVAT-8B40CCD7 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2698023)
 
Error - 23.12.2012 20:11:17 | Computer Name = PRIVAT-8B40CCD7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 23.12.2012 20:11:17 | Computer Name = PRIVAT-8B40CCD7 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst StarMoney
 8.0 OnlineUpdate.
 
Error - 23.12.2012 20:30:30 | Computer Name = PRIVAT-8B40CCD7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 23.12.2012 20:30:30 | Computer Name = PRIVAT-8B40CCD7 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst StarMoney
 8.0 OnlineUpdate.
 
 
< End of report >

cosinus · 24.12.2012, 16:17

Code:

ATTFilter

OTL by OldTimer - Version 3.2.59.1

OTL bitte neu runterladen und das Log mit der aktuellen Version nochmal erstellen

Vica · 24.12.2012, 18:00

Kurze Frage vorab:
Mir ist aufgefallen, dass ich neuerdings beim Hochfahren des Rechners in drei unterschiedliche Modi wechseln könnte (Recovery, Debugger, MS Win xp), bevor PC mir den 'normalen Startbildschirm' zeigt. Normal? Erinnere das nicht so ... Ansonsten nur über entsprechende Befehlstaste ...

Code:

ATTFilter

OTL logfile created on: 24.12.2012 17:29:28 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Julia Carolin\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
510,98 Mb Total Physical Memory | 201,55 Mb Available Physical Memory | 39,44% Memory free
1,22 Gb Paging File | 0,65 Gb Available in Paging File | 53,14% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 4,69 Gb Free Space | 12,01% Space Free | Partition Type: NTFS
Drive D: | 109,98 Gb Total Space | 108,25 Gb Free Space | 98,42% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT-8B40CCD7 | User Name: Julia Carolin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Julia Carolin\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\system32\cjpcsc.exe (REINER SCT)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Programme\SAMSUNG\Keydefin\KeyDefin.exe ()
PRC - C:\WINDOWS\ATK0100\Hcontrol.exe ()
PRC - C:\WINDOWS\ATK0100\ATKOSD.exe ()
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\SwiftShader\1.0.3.0\libGLESv2.dll ()
MOD - C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\SwiftShader\1.0.3.0\libEGL.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\e9586a65ad6367804227335f19f8129e\Inkjet.Automation.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\811b30adb7d717d097f578376a529bd3\Inkjet.DeviceSettings.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7ec47c4afad694faa491abd6b45928a\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\7cbb1790cd14569c8b83bcc18f701db8\Inkjet.Diagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\5bfe6be47ba9428e7a998b8754f4b7c8\Inkjet.Localization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\a0a8ecc06169e53623e46a4df02b561f\Inkjet.Utilities.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\9946fbc6e54625c962f6f63a6a2f8bb8\Inkjet.Hardware.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\344311144d2a60d63b4ec8f072c1d8a4\Inkjet.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\4d4b611aee5cfdb0b89d1f5ff6b30b84\Inkjet.Statistics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll ()
MOD - C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll ()
MOD - C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
MOD - C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
MOD - C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
MOD - C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\ViewerPS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\WINDOWS\system32\SerialXP.dll ()
MOD - C:\Programme\SAMSUNG\Keydefin\KeyDefin.exe ()
MOD - C:\WINDOWS\ATK0100\Hcontrol.exe ()
MOD - C:\WINDOWS\ATK0100\ATKOSD.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Kodak AiO Network Discovery Service) -- C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (cjpcsc) -- C:\WINDOWS\system32\cjpcsc.exe (REINER SCT)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (StarOpen) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\JULIAC~1\LOKALE~1\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (cjusb) -- C:\WINDOWS\system32\drivers\cjusb.sys (REINER SCT)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (VX3000) -- C:\WINDOWS\system32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (sea1unic) -- C:\WINDOWS\system32\drivers\sea1unic.sys (MCCI)
DRV - (sea1obex) -- C:\WINDOWS\system32\drivers\sea1obex.sys (MCCI)
DRV - (sea1nd5) -- C:\WINDOWS\system32\drivers\sea1nd5.sys (MCCI)
DRV - (sea1mgmt) -- C:\WINDOWS\system32\drivers\sea1mgmt.sys (MCCI)
DRV - (sea1mdm) -- C:\WINDOWS\system32\drivers\sea1mdm.sys (MCCI)
DRV - (sea1mdfl) -- C:\WINDOWS\system32\drivers\sea1mdfl.sys (MCCI)
DRV - (sea1bus) -- C:\WINDOWS\system32\drivers\sea1bus.sys (MCCI)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2000478354-706699826-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2000478354-706699826-1343024091-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2000478354-706699826-1343024091-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2000478354-706699826-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4
FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:3.6.2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.09 14:20:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.10 12:30:09 | 000,000,000 | ---D | M]
 
[2011.04.01 22:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Julia Carolin\Anwendungsdaten\Mozilla\Extensions
[2011.04.01 22:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Julia Carolin\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.08.21 13:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Julia Carolin\Anwendungsdaten\Mozilla\Firefox\Profiles\r1sqtrya.default\extensions
[2012.06.22 12:04:38 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Dokumente und Einstellungen\Julia Carolin\Anwendungsdaten\Mozilla\Firefox\Profiles\r1sqtrya.default\extensions\foxyproxy@eric.h.jung
[2012.07.15 14:10:26 | 000,109,964 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Julia Carolin\Anwendungsdaten\Mozilla\Firefox\Profiles\r1sqtrya.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.08.05 16:49:29 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Julia Carolin\Anwendungsdaten\Mozilla\Firefox\Profiles\r1sqtrya.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.11.10 12:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.09.01 14:15:32 | 000,000,000 | ---D | M] ("Torbutton") -- C:\Programme\Mozilla Firefox\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2012.11.09 14:20:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.11.09 14:20:15 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.09 14:20:15 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.11.09 14:20:15 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.09 14:20:15 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.09 14:20:15 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.09 14:20:15 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programme\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012.09.20 00:07:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [SAMSUNG Keydefin] C:\Programme\SAMSUNG\Keydefin\KeyDefin.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-2000478354-706699826-1343024091-1004..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Programme\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Programme\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-706699826-1343024091-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-706699826-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2000478354-706699826-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2000478354-706699826-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213260859745 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2886A90A-C1BE-4C21-97FA-7B4DD047DD2C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.09 10:20:11 | 014,947,112 | ---- | C] (Mozilla) -- C:\Programme\GMX_Firefox_Setup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.24 17:27:04 | 000,001,242 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-706699826-1343024091-1004UA.job
[2012.12.24 17:16:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.12.24 01:11:05 | 000,173,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.12.23 19:28:07 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.12.23 19:04:37 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.12.23 19:04:34 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.12.23 19:04:34 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.12.23 18:32:56 | 000,002,424 | ---- | M] () -- C:\Dokumente und Einstellungen\Julia Carolin\Desktop\Google Chrome.lnk
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012.12.05 17:42:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
 
========== Files Created - No Company Name ==========
 
[2012.09.19 23:50:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.09.19 23:50:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.09.19 23:50:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.09.19 23:50:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.09.19 23:50:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.08.30 14:33:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Julia Carolin\defogger_reenable
[2012.02.28 12:39:22 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2012.02.28 12:39:22 | 000,000,058 | ---- | C] () -- C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2012.02.16 11:42:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.07 18:03:33 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SerialXP.dll
[2011.12.07 18:03:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\win32com.dll
[2011.07.20 16:33:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.05.15 14:35:24 | 2162,200,454 | ---- | C] () -- C:\Programme\SPSS 19 Windows.exe
[2010.03.25 13:55:32 | 044,151,368 | ---- | C] () -- C:\Programme\avira_antivir_personal_de.exe
[2010.02.24 01:18:36 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2009.06.05 16:23:46 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.18 11:43:05 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2009.04.24 11:40:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 24.12.2012 17:29:28 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Julia Carolin\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
510,98 Mb Total Physical Memory | 201,55 Mb Available Physical Memory | 39,44% Memory free
1,22 Gb Paging File | 0,65 Gb Available in Paging File | 53,14% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 4,69 Gb Free Space | 12,01% Space Free | Partition Type: NTFS
Drive D: | 109,98 Gb Total Space | 108,25 Gb Free Space | 98,42% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT-8B40CCD7 | User Name: Julia Carolin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-2000478354-706699826-1343024091-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Dokumente und Einstellungen\Julia Carolin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled:  -- ()
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Julia Carolin\temp\TeamViewer\Version4\TeamViewer.exe" = C:\Dokumente und Einstellungen\Julia Carolin\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"D:\Programme\IBM\SPSS\Statistics\20\stats.exe" = D:\Programme\IBM\SPSS\Statistics\20\stats.exe:*:Disabled:Statistics20:exe -- (IBM Corp.)
"D:\Programme\IBM\SPSS\Statistics\20\WinWrapIDE.exe" = D:\Programme\IBM\SPSS\Statistics\20\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (IBM Corp.)
"D:\Programme\IBM\SPSS\Statistics\20\stats.com" = D:\Programme\IBM\SPSS\Statistics\20\stats.com:*:Disabled:Statistics20:com -- (IBM Corp.)
"D:\Programme\IBM\SPSS\Statistics\20\JRE\bin\javaw.exe" = D:\Programme\IBM\SPSS\Statistics\20\JRE\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (IBM)
"C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe" = C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe:*:Enabled:StarMoney 8.0 OnlineUpdate -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"C:\Programme\StarMoney 8.0 S-Edition\app\StarMoney.exe" = C:\Programme\StarMoney 8.0 S-Edition\app\StarMoney.exe:*:Enabled:StarMoney 8.0 -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"C:\Programme\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Programme\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Programme\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Programme\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Programme\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Programme\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Programme\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Programme\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kodak\Installer\Setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310
"{30DB11CB-5A5C-471C-B777-3CC12D7BE2C3}" = StarMoney
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35343FF7-939B-401A-87B3-FF90A5123D88}" = Microsoft XML Parser und SDK
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3E8077B5-A703-4F0F-B652-BA615F87A15D}" = Samsung Network Manager
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{668B2B3A-4241-409F-A4AE-79B5016A487E}" = Sony Ericsson PC Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6E9B8289-8229-4681-8878-3DDB2C5F9B8E}" = Brother HL-2030
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup for Realtek RTL8139/810x Family NIC 3.00
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A174DB5-0B95-46B1-A787-341DF14AB2D5}" = Samsung Smart Screen
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9DB2E18E-2A1F-4D65-A258-9CB446903C3E}" = Amos 17.0
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AF7CFEF6-BF8A-40EE-A3A9-9A3D567DF066}" = Samsung Update Plus
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B9EAEF2E-5F43-4B49-9EE3-BCD3D9F1B514}" = StarMoney 8.0 S-Edition
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{EF99C14B-17C2-4994-B5C1-EB204A343A6F}" = User's Guide
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem v2134D
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"BlueShot 1.2.1_is1" = BlueShot 1.2.1
"CCleaner" = CCleaner
"Hcontrol" = ATK0100 ACPI UTILITY
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme
"Keydefin" = Keydefin V2.0
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"numpy-py2.5" = Python 2.5 numpy-1.1.0
"ProInst" = Intel(R) PROSet/Wireless Software
"scipy-py2.5" = Python 2.5 scipy-0.6.0
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics TouchPad
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2000478354-706699826-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.12.2012 12:53:20 | Computer Name = PRIVAT-8B40CCD7 | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 23.12.2012 14:27:48 | Computer Name = PRIVAT-8B40CCD7 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
 could be found for product Microsoft .NET Framework 1.1.  The Windows installer
 cannot continue.
 
Error - 23.12.2012 14:27:50 | Computer Name = PRIVAT-8B40CCD7 | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{8F736E10-8E5C-4399-A532-D0C00A406227}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log
 enthalten.
 
Error - 23.12.2012 14:27:51 | Computer Name = PRIVAT-8B40CCD7 | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 23.12.2012 21:03:23 | Computer Name = PRIVAT-8B40CCD7 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
 could be found for product Microsoft .NET Framework 1.1.  The Windows installer
 cannot continue.
 
Error - 23.12.2012 21:03:25 | Computer Name = PRIVAT-8B40CCD7 | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{8F736E10-8E5C-4399-A532-D0C00A406227}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log
 enthalten.
 
Error - 23.12.2012 21:03:28 | Computer Name = PRIVAT-8B40CCD7 | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 24.12.2012 08:03:10 | Computer Name = PRIVAT-8B40CCD7 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
 could be found for product Microsoft .NET Framework 1.1.  The Windows installer
 cannot continue.
 
Error - 24.12.2012 08:03:12 | Computer Name = PRIVAT-8B40CCD7 | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{8F736E10-8E5C-4399-A532-D0C00A406227}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log
 enthalten.
 
Error - 24.12.2012 08:03:14 | Computer Name = PRIVAT-8B40CCD7 | Source = NativeWrapper | ID = 5000
Description = 
 
[ OSession Events ]
Error - 05.08.2009 06:34:49 | Computer Name = PRIVAT-8B40CCD7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 925
 seconds with 900 seconds of active time.  This session ended with a crash.
 
Error - 09.11.2011 10:44:18 | Computer Name = PRIVAT-8B40CCD7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16963
 seconds with 480 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 24.12.2012 07:59:09 | Computer Name = PRIVAT-8B40CCD7 | Source = SCardSvr | ID = 610
Description = Smartcardleser "REINER SCT cyberJack RFID standard USB 52" verweigerte
 IOCTL POWER: Kein Medium im Laufwerk.
 
Error - 24.12.2012 08:02:48 | Computer Name = PRIVAT-8B40CCD7 | Source = SCardSvr | ID = 610
Description = Smartcardleser "REINER SCT cyberJack RFID standard USB 52" verweigerte
 IOCTL GET_STATE: Das Gerät ist nicht angeschlossen.
 
Error - 24.12.2012 08:03:15 | Computer Name = PRIVAT-8B40CCD7 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2698023)
 
Error - 24.12.2012 12:12:52 | Computer Name = PRIVAT-8B40CCD7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 24.12.2012 12:12:52 | Computer Name = PRIVAT-8B40CCD7 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst StarMoney
 8.0 OnlineUpdate.
 
Error - 24.12.2012 12:14:18 | Computer Name = PRIVAT-8B40CCD7 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "iPod 
Service" mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
 
Error - 24.12.2012 12:14:18 | Computer Name = PRIVAT-8B40CCD7 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst iPod-Dienst.
 
Error - 24.12.2012 12:14:18 | Computer Name = PRIVAT-8B40CCD7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 24.12.2012 12:16:39 | Computer Name = PRIVAT-8B40CCD7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 24.12.2012 12:16:39 | Computer Name = PRIVAT-8B40CCD7 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst StarMoney
 8.0 OnlineUpdate.
 
 
< End of report >

cosinus · 24.12.2012, 18:12

Das ist seit combofix so und völlig normal.

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Vica · 06.01.2013, 19:30

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.27.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Julia Carolin :: PRIVAT-8B40CCD7 [Administrator]

28.12.2012 01:20:09
mbam-log-2012-12-28 (01-20-09).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 229835
Laufzeit: 7 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=814406013bc78c4c9c06d5bff03428ed
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-28 03:41:06
# local_time=2012-12-28 04:41:06 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1799 16775165 100 100 51605 102432951 44348 0
# scanned=81872
# found=0
# cleaned=0
# scan_time=11055

Verrätst Du mir noch im Anschluss, was ich wieder alles vom Rechner schmeißen sollte? Was ist mit dem Defogger?

cosinus · 07.01.2013, 21:20

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

24.12.2012, 16:17	#38
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	My Start- Incredibar - noch immer auf meinem Rechner? Code: ATTFilter OTL by OldTimer - Version 3.2.59.1 OTL bitte neu runterladen und das Log mit der aktuellen Version nochmal erstellen __________________ Logfiles bitte immer in CODE-Tags posten

My Start- Incredibar - noch immer auf meinem Rechner?

Log-Analyse und Auswertung: My Start- Incredibar - noch immer auf meinem Rechner?