| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC kann nur noch im abgesicherten Modus hochgefahren werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.10.2012, 19:59
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  PC kann nur noch im abgesicherten Modus hochgefahren werden Mach bitte einen neuen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.10.2012, 20:23
| #17 |
 | PC kann nur noch im abgesicherten Modus hochgefahren werden Flotte Antwort!
__________________ hier der neue Log: Code:
ATTFilter OTL logfile created on: 17.10.2012 21:09:39 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 86,70% Memory free 3,85 Gb Paging File | 3,77 Gb Available in Paging File | 97,84% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 460,96 Gb Total Space | 356,29 Gb Free Space | 77,29% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: DHWPK82J | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.16 13:37:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.07.27 22:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe -- (de_serv) SRV - [2012.09.20 19:52:50 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.06 03:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2006.05.12 14:21:38 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service) SRV - [2005.12.12 17:52:32 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -- (ELService) SRV - [2005.06.17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETFWDSL.SYS -- (NETFWDSL) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2006.12.08 15:02:50 | 000,275,072 | ---- | M] (Guillemont Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HDvid.sys -- (APL531) DRV - [2006.11.16 17:01:42 | 000,024,192 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camfilt.sys -- (camfilt) DRV - [2006.09.18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) DRV - [2006.09.18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2006.09.18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) DRV - [2006.09.18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) DRV - [2006.09.18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) DRV - [2005.12.12 17:52:34 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid) DRV - [2005.12.12 17:52:34 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon) DRV - [2005.12.12 17:52:34 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd) DRV - [2005.12.12 17:52:34 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou) DRV - [2005.12.12 17:52:32 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi) DRV - [2005.10.21 07:25:32 | 000,013,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune) DRV - [2005.09.22 19:19:54 | 000,148,608 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2) DRV - [2005.09.08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2005.09.08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2005.09.08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2005.09.08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2005.09.08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2005.09.08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2005.09.08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2005.08.25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005.08.25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2005.06.06 22:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2005.05.25 23:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -- (CTUSFSYN) DRV - [2005.03.25 17:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt) DRV - [2005.01.11 01:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k) DRV - [2005.01.11 01:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv) DRV - [2004.12.23 02:58:00 | 000,008,704 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT) DRV - [2004.06.11 02:00:00 | 000,016,384 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=EC IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA_de IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.14 20:48:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.14 20:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2012.10.14 20:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.06 03:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.09.06 03:26:22 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:26:22 | 000,002,253 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012.08.18 14:54:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Corel Photo Downloader] C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.) O4 - HKLM..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [HerculesCamService] C:\Programme\Hercules\Hercules DualPix HD Webcam\CamService.exe () O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL () O4 - HKLM..\Run: [MSKDetectorExe] C:\Programme\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKU\S-1-5-21-3725954371-1878462329-840030287-1006..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-3725954371-1878462329-840030287-1006..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd) O4 - HKU\S-1-5-21-3725954371-1878462329-840030287-1006..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found O4 - HKLM..\RunOnce: [Del412296] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\WINDOWS\DeleteOnReboot.bat () O4 - HKLM..\RunOnce: [Purge] C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe () O4 - HKU\S-1-5-21-3725954371-1878462329-840030287-1006..\RunOnce: [Del412296] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3725954371-1878462329-840030287-1006..\RunOnce: [Report] C:\AdwCleaner[S2].txt () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} hxxp://us-download.mcafee.com/products/protected/mvt/mvt.cab (McAfee Virtual Technician Control Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A061E586-CE2A-4FBF-9E07-37F5E79679C5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066) ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {8BF1B8CD-9A6C-4382-A454-CC769B913F48} - Microsoft .NET Framework 1.0 Hotfix (KB2656378) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Unable to start System Restore Service. Error code 10 ========== Files/Folders - Created Within 30 Days ========== [2012.10.16 13:37:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.10.15 20:10:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Temp [2012.10.15 20:10:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Adobe [2012.10.14 20:49:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads [2012.10.14 20:48:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Mozilla [2012.10.14 20:48:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla [2012.10.14 20:48:01 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.10.14 20:48:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2012.10.14 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MozillaFirefoxPackages [2012.10.14 20:47:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager [2012.10.14 20:46:58 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.10.13 23:40:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2012.10.13 23:40:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\My PSP Files [2012.10.12 10:02:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular [2012.10.08 18:40:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe [2012.10.08 18:35:04 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\PrivacIE [2012.09.21 12:18:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2012.09.21 12:18:01 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2012.09.21 12:17:58 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2012.09.21 12:17:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 ========== Files - Modified Within 30 Days ========== [2012.10.17 20:58:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.10.17 20:01:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.10.17 20:00:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.10.17 19:59:35 | 000,000,140 | ---- | M] () -- C:\WINDOWS\DeleteOnReboot.bat [2012.10.17 17:51:12 | 000,538,941 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe [2012.10.16 13:37:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.10.14 20:48:01 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.10.14 20:46:18 | 001,114,760 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Firefox_Setup_15.0.1.exe [2012.10.13 23:40:01 | 000,006,216 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2012.10.05 16:52:00 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.10.05 16:52:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.10.05 09:52:00 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.23 12:46:56 | 000,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.09.21 14:18:39 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.21 12:18:51 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2012.10.17 20:51:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.10.17 19:59:29 | 000,000,140 | ---- | C] () -- C:\WINDOWS\DeleteOnReboot.bat [2012.10.17 17:51:12 | 000,538,941 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe [2012.10.14 20:48:01 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2012.10.14 20:48:01 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.10.14 20:45:43 | 001,114,760 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Firefox_Setup_15.0.1.exe [2012.09.21 12:18:51 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.07.31 23:19:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2012.02.17 10:11:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010.12.22 01:19:48 | 000,042,424 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.04.30 22:47:06 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc [2010.03.31 21:17:47 | 001,456,640 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\Falk Navi-Manager.msi [2007.05.19 03:16:05 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.05.26 01:25:20 | 000,000,692 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\FASTWiz.html [2006.05.26 01:20:49 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2005.08.20 01:54:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.21 12:18:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.10.14 20:47:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager [2011.01.19 18:39:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2006.05.25 12:29:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MVTLogs [2007.05.18 11:03:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2010.12.17 01:39:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.10.12 10:02:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.10.15 20:10:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe [2011.08.19 00:32:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Apple Computer [2006.05.12 14:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Corel [2012.10.12 10:02:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular [2009.06.01 12:09:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Google [2005.08.20 02:05:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities [2006.10.25 13:58:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia [2012.10.13 23:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2006.05.26 01:21:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\McAfee.com Personal Firewall [2012.10.17 20:03:38 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft [2012.10.14 20:48:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla [2012.10.14 20:47:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MozillaFirefoxPackages [2006.05.12 14:16:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun < %APPDATA%\*.exe /s > [2012.10.12 23:54:32 | 000,565,760 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MozillaFirefoxPackages\UninstallPackages\Uninstall.exe < %SYSTEMDRIVE%\*.exe > [2001.05.24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2004.08.10 15:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2004.08.10 15:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.12.20 20:31:42 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.12.20 20:31:42 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS [2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.10 15:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2004.08.10 15:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.12.20 20:31:42 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.12.20 20:31:42 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.10 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\i386\eventlog.dll [2004.08.10 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2005.06.17 13:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\drivers\storage\sata\onboard\iastor.sys [2005.06.17 13:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\i386\iaStor.sys [2005.06.17 13:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.10 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\i386\netlogon.dll [2004.08.10 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.10 15:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\i386\scecli.dll [2004.08.10 15:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\i386\user32.dll [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.10 15:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.10 15:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\i386\userinit.exe [2004.08.10 15:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.10 15:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\i386\winlogon.exe [2004.08.10 15:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.10 15:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\i386\ws2ifsl.sys [2004.08.10 15:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2005.08.20 01:42:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2005.08.20 01:42:36 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2005.08.20 01:42:36 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > [2005.08.20 01:34:02 | 000,000,065 | R--- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2005.08.20 02:05:12 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2006.05.18 00:33:44 | 000,000,258 | ---- | C] () -- C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job [2010.06.04 11:50:39 | 000,001,100 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2010.06.04 11:50:39 | 000,001,104 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2010.12.17 01:38:08 | 000,000,290 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2012.08.03 17:52:57 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job < End of report > Geändert von helpneeded (17.10.2012 um 21:21 Uhr) |
|
17.10.2012, 21:14
| #18 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC kann nur noch im abgesicherten Modus hochgefahren werdenZitat:
Zitat:
__________________ |
|
17.10.2012, 22:03
| #19 |
| | PC kann nur noch im abgesicherten Modus hochgefahren werden Eben nochmals getestet: im Normalmodus bleibt er wieder beim Hochfahren hängen  Ja, User hat Adminrechte. Der Name ist irreführend. |
|
18.10.2012, 09:14
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC kann nur noch im abgesicherten Modus hochgefahren werden Hm das Log ist aber recht unauffällig Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.10.2012, 09:52
| #21 | |
| | PC kann nur noch im abgesicherten Modus hochgefahren werdenZitat:
Kann ich das Tool auch im abgesicherten Modus ausführen? |
|
18.10.2012, 12:21
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC kann nur noch im abgesicherten Modus hochgefahren werden ja geht auch, muss ja wenn der normale Modus noch nicht will
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.10.2012, 20:51
| #23 |
| | PC kann nur noch im abgesicherten Modus hochgefahren werden hier der neue Log: Code:
ATTFilter 21:43:22.0296 1048 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:43:22.0437 1048 ============================================================
21:43:22.0437 1048 Current date / time: 2012/10/19 21:43:22.0437
21:43:22.0437 1048 SystemInfo:
21:43:22.0437 1048
21:43:22.0437 1048 OS Version: 5.1.2600 ServicePack: 3.0
21:43:22.0437 1048 Product type: Workstation
21:43:22.0437 1048 ComputerName: DHWPK82J
21:43:22.0437 1048 UserName: ***
21:43:22.0437 1048 Windows directory: C:\WINDOWS
21:43:22.0437 1048 System windows directory: C:\WINDOWS
21:43:22.0437 1048 Processor architecture: Intel x86
21:43:22.0437 1048 Number of processors: 2
21:43:22.0437 1048 Page size: 0x1000
21:43:22.0437 1048 Boot type: Safe boot with network
21:43:22.0437 1048 ============================================================
21:43:23.0906 1048 Drive \Device\Harddisk0\DR0 - Size: 0x746A000000 (465.66 Gb), SectorSize: 0x200, Cylinders: 0xED73, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:43:23.0937 1048 ============================================================
21:43:23.0937 1048 \Device\Harddisk0\DR0:
21:43:23.0937 1048 MBR partitions:
21:43:23.0937 1048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x399ED84F
21:43:23.0937 1048 ============================================================
21:43:24.0015 1048 C: <-> \Device\Harddisk0\DR0\Partition1
21:43:24.0015 1048 ============================================================
21:43:24.0015 1048 Initialize success
21:43:24.0015 1048 ============================================================
21:44:15.0890 0700 ============================================================
21:44:15.0890 0700 Scan started
21:44:15.0890 0700 Mode: Manual; SigCheck; TDLFS;
21:44:15.0890 0700 ============================================================
21:44:16.0015 0700 ================ Scan system memory ========================
21:44:16.0015 0700 System memory - ok
21:44:16.0015 0700 ================ Scan services =============================
21:44:16.0265 0700 Abiosdsk - ok
21:44:16.0296 0700 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:44:17.0546 0700 abp480n5 - ok
21:44:17.0609 0700 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:44:17.0921 0700 ACPI - ok
21:44:17.0968 0700 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:44:18.0109 0700 ACPIEC - ok
21:44:18.0171 0700 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:44:18.0281 0700 AdobeFlashPlayerUpdateSvc - ok
21:44:18.0359 0700 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:44:18.0484 0700 adpu160m - ok
21:44:18.0515 0700 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:44:18.0656 0700 aec - ok
21:44:18.0703 0700 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:44:18.0765 0700 AFD - ok
21:44:18.0812 0700 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
21:44:18.0953 0700 agp440 - ok
21:44:18.0968 0700 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:44:19.0093 0700 agpCPQ - ok
21:44:19.0140 0700 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:44:19.0218 0700 Aha154x - ok
21:44:19.0250 0700 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:44:19.0390 0700 aic78u2 - ok
21:44:19.0421 0700 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:44:19.0546 0700 aic78xx - ok
21:44:19.0593 0700 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:44:19.0750 0700 Alerter - ok
21:44:19.0781 0700 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
21:44:19.0843 0700 ALG - ok
21:44:19.0890 0700 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
21:44:20.0031 0700 AliIde - ok
21:44:20.0046 0700 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:44:20.0187 0700 alim1541 - ok
21:44:20.0203 0700 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:44:20.0328 0700 amdagp - ok
21:44:20.0375 0700 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
21:44:20.0453 0700 amsint - ok
21:44:20.0562 0700 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
21:44:20.0578 0700 AntiVirSchedulerService - ok
21:44:20.0640 0700 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
21:44:20.0656 0700 AntiVirService - ok
21:44:20.0718 0700 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:44:20.0750 0700 AntiVirWebService - ok
21:44:20.0812 0700 [ 29C537D74694DE38B07B8D0C37BC25C5 ] APL531 C:\WINDOWS\system32\Drivers\HDvid.sys
21:44:20.0906 0700 APL531 ( UnsignedFile.Multi.Generic ) - warning
21:44:20.0906 0700 APL531 - detected UnsignedFile.Multi.Generic (1)
21:44:21.0015 0700 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:44:21.0031 0700 Apple Mobile Device - ok
21:44:21.0093 0700 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:44:21.0171 0700 AppMgmt - ok
21:44:21.0250 0700 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:44:21.0390 0700 Arp1394 - ok
21:44:21.0421 0700 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
21:44:21.0546 0700 asc - ok
21:44:21.0562 0700 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:44:21.0625 0700 asc3350p - ok
21:44:21.0671 0700 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:44:21.0796 0700 asc3550 - ok
21:44:21.0953 0700 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:44:21.0968 0700 aspnet_state - ok
21:44:22.0000 0700 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:44:22.0140 0700 AsyncMac - ok
21:44:22.0171 0700 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:44:22.0296 0700 atapi - ok
21:44:22.0312 0700 Atdisk - ok
21:44:22.0359 0700 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:44:22.0500 0700 Atmarpc - ok
21:44:22.0546 0700 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:44:22.0671 0700 AudioSrv - ok
21:44:22.0718 0700 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:44:22.0843 0700 audstub - ok
21:44:22.0921 0700 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:44:22.0968 0700 avgntflt - ok
21:44:23.0031 0700 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:44:23.0046 0700 avipbb - ok
21:44:23.0062 0700 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
21:44:23.0078 0700 avkmgr - ok
21:44:23.0140 0700 [ D16C201E44F7D1F7A65C4D20C6929AF8 ] AVMUNET C:\WINDOWS\system32\DRIVERS\avmunet.sys
21:44:23.0171 0700 AVMUNET - ok
21:44:23.0218 0700 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:44:23.0343 0700 Beep - ok
21:44:23.0406 0700 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
21:44:23.0562 0700 BITS - ok
21:44:23.0640 0700 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
21:44:23.0656 0700 Bonjour Service - ok
21:44:23.0718 0700 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
21:44:23.0796 0700 Browser - ok
21:44:23.0843 0700 [ E156C353FCBC05DB5DEE57BE0592F2D4 ] camfilt C:\WINDOWS\system32\Drivers\camfilt.sys
21:44:23.0859 0700 camfilt ( UnsignedFile.Multi.Generic ) - warning
21:44:23.0859 0700 camfilt - detected UnsignedFile.Multi.Generic (1)
21:44:23.0890 0700 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:44:24.0031 0700 cbidf - ok
21:44:24.0046 0700 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:44:24.0171 0700 cbidf2k - ok
21:44:24.0234 0700 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:44:24.0359 0700 CCDECODE - ok
21:44:24.0406 0700 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:44:24.0484 0700 cd20xrnt - ok
21:44:24.0500 0700 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:44:24.0625 0700 Cdaudio - ok
21:44:24.0656 0700 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:44:24.0796 0700 Cdfs - ok
21:44:24.0843 0700 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:44:24.0968 0700 Cdrom - ok
21:44:24.0984 0700 Changer - ok
21:44:25.0046 0700 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:44:25.0171 0700 CiSvc - ok
21:44:25.0187 0700 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:44:25.0312 0700 ClipSrv - ok
21:44:25.0375 0700 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:44:25.0390 0700 clr_optimization_v2.0.50727_32 - ok
21:44:25.0421 0700 [ C687F81290303D90099B027A6474F99F ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:44:25.0562 0700 CmdIde - ok
21:44:25.0578 0700 COMSysApp - ok
21:44:25.0656 0700 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:44:25.0765 0700 Cpqarray - ok
21:44:25.0796 0700 [ 7DB5E3F44D797BD38B8E336CCC2E49D5 ] Creative Labs Licensing Service C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe
21:44:25.0812 0700 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - warning
21:44:25.0812 0700 Creative Labs Licensing Service - detected UnsignedFile.Multi.Generic (1)
21:44:25.0875 0700 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
21:44:25.0890 0700 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
21:44:25.0890 0700 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
21:44:25.0953 0700 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:44:26.0078 0700 CryptSvc - ok
21:44:26.0140 0700 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
21:44:26.0218 0700 ctsfm2k - ok
21:44:26.0265 0700 [ 4EE8822ADB764EDD28CE44E808097995 ] CTUSFSYN C:\WINDOWS\system32\drivers\ctusfsyn.sys
21:44:26.0281 0700 CTUSFSYN - ok
21:44:26.0312 0700 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:44:26.0453 0700 dac2w2k - ok
21:44:26.0484 0700 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:44:26.0640 0700 dac960nt - ok
21:44:26.0703 0700 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:44:26.0812 0700 DcomLaunch - ok
21:44:26.0828 0700 de_serv - ok
21:44:26.0906 0700 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:44:27.0031 0700 Dhcp - ok
21:44:27.0046 0700 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:44:27.0187 0700 Disk - ok
21:44:27.0250 0700 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:44:27.0265 0700 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
21:44:27.0265 0700 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
21:44:27.0281 0700 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:44:27.0281 0700 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
21:44:27.0281 0700 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
21:44:27.0312 0700 [ 1FB7A7DB89C16673A90D1F104455F38E ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
21:44:27.0312 0700 DLADResN ( UnsignedFile.Multi.Generic ) - warning
21:44:27.0312 0700 DLADResN - detected UnsignedFile.Multi.Generic (1)
21:44:27.0343 0700 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:44:27.0343 0700 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
21:44:27.0343 0700 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
21:44:27.0359 0700 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:44:27.0375 0700 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
21:44:27.0375 0700 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
21:44:27.0421 0700 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:44:27.0437 0700 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
21:44:27.0437 0700 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
21:44:27.0453 0700 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:44:27.0453 0700 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
21:44:27.0453 0700 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
21:44:27.0515 0700 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:44:27.0515 0700 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
21:44:27.0515 0700 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
21:44:27.0531 0700 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:44:27.0546 0700 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
21:44:27.0546 0700 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
21:44:27.0562 0700 dmadmin - ok
21:44:27.0640 0700 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:44:27.0828 0700 dmboot - ok
21:44:27.0843 0700 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:44:27.0968 0700 dmio - ok
21:44:28.0015 0700 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:44:28.0140 0700 dmload - ok
21:44:28.0187 0700 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:44:28.0296 0700 dmserver - ok
21:44:28.0359 0700 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:44:28.0484 0700 DMusic - ok
21:44:28.0531 0700 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:44:28.0640 0700 Dnscache - ok
21:44:28.0687 0700 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:44:28.0812 0700 Dot3svc - ok
21:44:28.0859 0700 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:44:28.0984 0700 dpti2o - ok
21:44:29.0015 0700 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:44:29.0156 0700 drmkaud - ok
21:44:29.0171 0700 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:44:29.0171 0700 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
21:44:29.0171 0700 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
21:44:29.0187 0700 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:44:29.0203 0700 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
21:44:29.0203 0700 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
21:44:29.0218 0700 [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:44:29.0359 0700 E100B - ok
21:44:29.0406 0700 [ 5B75BBF89D8341F424171DF7AD9DC465 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
21:44:29.0468 0700 e1express - ok
21:44:29.0515 0700 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:44:29.0656 0700 EapHost - ok
21:44:29.0781 0700 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
21:44:29.0906 0700 ehRecvr - ok
21:44:29.0968 0700 [ E774BF24A6CB798DCE67AD1C8E917152 ] ehSched C:\WINDOWS\eHome\ehSched.exe
21:44:30.0031 0700 ehSched - ok
21:44:30.0093 0700 [ 1976FEDF6D7F87135C9B7F5CB4C8C868 ] ELacpi C:\WINDOWS\system32\DRIVERS\ELacpi.sys
21:44:30.0109 0700 ELacpi - ok
21:44:30.0156 0700 [ AE65C02444907966378454138B9F99F0 ] ELhid C:\WINDOWS\system32\DRIVERS\ELhid.sys
21:44:30.0171 0700 ELhid ( UnsignedFile.Multi.Generic ) - warning
21:44:30.0171 0700 ELhid - detected UnsignedFile.Multi.Generic (1)
21:44:30.0187 0700 [ E485C3BA1DADDEEF3E14FEA1E8FDA6E1 ] ELkbd C:\WINDOWS\system32\DRIVERS\ELkbd.sys
21:44:30.0203 0700 ELkbd ( UnsignedFile.Multi.Generic ) - warning
21:44:30.0203 0700 ELkbd - detected UnsignedFile.Multi.Generic (1)
21:44:30.0218 0700 [ 0D87CB825ED6CB2EBCC147A10A42F1D6 ] ELmon C:\WINDOWS\system32\DRIVERS\ELmon.sys
21:44:30.0218 0700 ELmon ( UnsignedFile.Multi.Generic ) - warning
21:44:30.0218 0700 ELmon - detected UnsignedFile.Multi.Generic (1)
21:44:30.0250 0700 [ A4ADD3847B67BACAB6FC851A2B60FDB3 ] ELmou C:\WINDOWS\system32\DRIVERS\ELmou.sys
21:44:30.0250 0700 ELmou ( UnsignedFile.Multi.Generic ) - warning
21:44:30.0250 0700 ELmou - detected UnsignedFile.Multi.Generic (1)
21:44:30.0359 0700 [ D1DE16926C682DCD3D99AE5500CA5522 ] ELService C:\Programme\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
21:44:30.0453 0700 ELService ( UnsignedFile.Multi.Generic ) - warning
21:44:30.0453 0700 ELService - detected UnsignedFile.Multi.Generic (1)
21:44:30.0500 0700 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:44:30.0625 0700 ERSvc - ok
21:44:30.0687 0700 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
21:44:30.0718 0700 Eventlog - ok
21:44:30.0765 0700 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\Es.dll
21:44:30.0828 0700 EventSystem - ok
21:44:30.0859 0700 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:44:30.0968 0700 Fastfat - ok
21:44:31.0031 0700 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:44:31.0093 0700 FastUserSwitchingCompatibility - ok
21:44:31.0140 0700 [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax C:\WINDOWS\system32\fxssvc.exe
21:44:31.0265 0700 Fax - ok
21:44:31.0312 0700 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:44:31.0437 0700 Fdc - ok
21:44:31.0453 0700 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:44:31.0562 0700 Fips - ok
21:44:31.0593 0700 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:44:31.0734 0700 Flpydisk - ok
21:44:31.0781 0700 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:44:31.0906 0700 FltMgr - ok
21:44:31.0984 0700 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:44:32.0000 0700 FontCache3.0.0.0 - ok
21:44:32.0031 0700 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:44:32.0156 0700 Fs_Rec - ok
21:44:32.0218 0700 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:44:32.0343 0700 Ftdisk - ok
21:44:32.0390 0700 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:44:32.0406 0700 GEARAspiWDM - ok
21:44:32.0437 0700 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:44:32.0546 0700 Gpc - ok
21:44:32.0625 0700 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
21:44:32.0640 0700 gupdate - ok
21:44:32.0656 0700 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
21:44:32.0671 0700 gupdatem - ok
21:44:32.0734 0700 [ ECC2B633B909448C2806EA36FFEA1933 ] hcwPP2 C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
21:44:32.0781 0700 hcwPP2 - ok
21:44:32.0812 0700 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:44:32.0937 0700 HDAudBus - ok
21:44:33.0015 0700 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:44:33.0140 0700 helpsvc - ok
21:44:33.0156 0700 HidServ - ok
21:44:33.0203 0700 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:44:33.0343 0700 HidUsb - ok
21:44:33.0375 0700 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:44:33.0515 0700 hkmsvc - ok
21:44:33.0546 0700 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
21:44:33.0671 0700 hpn - ok
21:44:33.0718 0700 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:44:33.0796 0700 HTTP - ok
21:44:33.0843 0700 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:44:33.0984 0700 HTTPFilter - ok
21:44:34.0000 0700 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
21:44:34.0125 0700 i2omgmt - ok
21:44:34.0156 0700 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:44:34.0281 0700 i2omp - ok
21:44:34.0328 0700 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:44:34.0437 0700 i8042prt - ok
21:44:34.0515 0700 [ D43E91E271C041BB86A6223462A41D28 ] IAANTMon C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe
21:44:34.0531 0700 IAANTMon ( UnsignedFile.Multi.Generic ) - warning
21:44:34.0531 0700 IAANTMon - detected UnsignedFile.Multi.Generic (1)
21:44:34.0593 0700 [ 9A65E42664D1534B68512CAAD0EFE963 ] iastor C:\WINDOWS\system32\drivers\iastor.sys
21:44:34.0718 0700 iastor - ok
21:44:34.0828 0700 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:44:34.0921 0700 idsvc - ok
21:44:34.0968 0700 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:44:35.0093 0700 Imapi - ok
21:44:35.0140 0700 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
21:44:35.0265 0700 ImapiService - ok
21:44:35.0312 0700 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:44:35.0468 0700 ini910u - ok
21:44:35.0500 0700 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:44:35.0640 0700 IntelIde - ok
21:44:35.0703 0700 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:44:35.0828 0700 intelppm - ok
21:44:35.0859 0700 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:44:35.0984 0700 Ip6Fw - ok
21:44:36.0015 0700 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:44:36.0156 0700 IpFilterDriver - ok
21:44:36.0187 0700 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:44:36.0296 0700 IpInIp - ok
21:44:36.0343 0700 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:44:36.0484 0700 IpNat - ok
21:44:36.0546 0700 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Programme\iPod\bin\iPodService.exe
21:44:36.0625 0700 iPod Service - ok
21:44:36.0671 0700 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:44:36.0796 0700 IPSec - ok
21:44:36.0843 0700 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:44:36.0906 0700 IRENUM - ok
21:44:36.0937 0700 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:44:37.0078 0700 isapnp - ok
21:44:37.0156 0700 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
21:44:37.0171 0700 JavaQuickStarterService - ok
21:44:37.0234 0700 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:44:37.0359 0700 Kbdclass - ok
21:44:37.0375 0700 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:44:37.0515 0700 kbdhid - ok
21:44:37.0546 0700 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:44:37.0671 0700 kmixer - ok
21:44:37.0718 0700 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:44:37.0828 0700 KSecDD - ok
21:44:37.0890 0700 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:44:37.0953 0700 lanmanserver - ok
21:44:38.0015 0700 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:44:38.0062 0700 lanmanworkstation - ok
21:44:38.0078 0700 lbrtfdc - ok
21:44:38.0187 0700 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:44:38.0312 0700 LmHosts - ok
21:44:38.0375 0700 [ F627E9DA4D3D8DC05A15B68944302F14 ] MagicTune C:\WINDOWS\system32\drivers\MTiCtwl.sys
21:44:38.0375 0700 MagicTune ( UnsignedFile.Multi.Generic ) - warning
21:44:38.0375 0700 MagicTune - detected UnsignedFile.Multi.Generic (1)
21:44:38.0437 0700 [ 52404CC76E9D53843BDF97564BB16BED ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
21:44:38.0468 0700 McrdSvc - ok
21:44:38.0515 0700 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:44:38.0656 0700 Messenger - ok
21:44:38.0703 0700 [ DED60230E3019C508769EC3C15BCDA44 ] MHN C:\WINDOWS\System32\mhn.dll
21:44:38.0718 0700 MHN ( UnsignedFile.Multi.Generic ) - warning
21:44:38.0718 0700 MHN - detected UnsignedFile.Multi.Generic (1)
21:44:38.0750 0700 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:44:38.0750 0700 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
21:44:38.0750 0700 MHNDRV - detected UnsignedFile.Multi.Generic (1)
21:44:38.0781 0700 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:44:38.0890 0700 mnmdd - ok
21:44:38.0937 0700 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:44:39.0062 0700 mnmsrvc - ok
21:44:39.0093 0700 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:44:39.0234 0700 Modem - ok
21:44:39.0250 0700 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:44:39.0390 0700 Mouclass - ok
21:44:39.0437 0700 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:44:39.0546 0700 mouhid - ok
21:44:39.0578 0700 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:44:39.0703 0700 MountMgr - ok
21:44:39.0765 0700 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:44:39.0781 0700 MozillaMaintenance - ok
21:44:39.0828 0700 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:44:39.0937 0700 mraid35x - ok
21:44:39.0953 0700 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:44:40.0078 0700 MRxDAV - ok
21:44:40.0140 0700 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:44:40.0312 0700 MRxSmb - ok
21:44:40.0375 0700 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:44:40.0500 0700 MSDTC - ok
21:44:40.0531 0700 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:44:40.0640 0700 Msfs - ok
21:44:40.0656 0700 MSIServer - ok
21:44:40.0687 0700 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:44:40.0796 0700 MSKSSRV - ok
21:44:40.0843 0700 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:44:40.0953 0700 MSPCLOCK - ok
21:44:40.0968 0700 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:44:41.0093 0700 MSPQM - ok
21:44:41.0125 0700 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:44:41.0250 0700 mssmbios - ok
21:44:41.0265 0700 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:44:41.0406 0700 MSTEE - ok
21:44:41.0421 0700 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:44:41.0468 0700 Mup - ok
21:44:41.0515 0700 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:44:41.0640 0700 NABTSFEC - ok
21:44:41.0703 0700 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
21:44:41.0828 0700 napagent - ok
21:44:41.0859 0700 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:44:41.0984 0700 NDIS - ok
21:44:42.0015 0700 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:44:42.0140 0700 NdisIP - ok
21:44:42.0187 0700 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:44:42.0250 0700 NdisTapi - ok
21:44:42.0281 0700 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:44:42.0406 0700 Ndisuio - ok
21:44:42.0453 0700 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:44:42.0562 0700 NdisWan - ok
21:44:42.0609 0700 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:44:42.0703 0700 NDProxy - ok
21:44:42.0734 0700 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:44:42.0843 0700 NetBIOS - ok
21:44:42.0875 0700 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:44:42.0984 0700 NetBT - ok
21:44:43.0046 0700 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
21:44:43.0156 0700 NetDDE - ok
21:44:43.0171 0700 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:44:43.0296 0700 NetDDEdsdm - ok
21:44:43.0312 0700 NETFWDSL - ok
21:44:43.0343 0700 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:44:43.0468 0700 Netlogon - ok
21:44:43.0531 0700 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
21:44:43.0656 0700 Netman - ok
21:44:43.0781 0700 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe
21:44:43.0781 0700 NetSvc ( UnsignedFile.Multi.Generic ) - warning
21:44:43.0781 0700 NetSvc - detected UnsignedFile.Multi.Generic (1)
21:44:43.0843 0700 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:44:43.0859 0700 NetTcpPortSharing - ok
21:44:43.0890 0700 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:44:44.0031 0700 NIC1394 - ok
21:44:44.0093 0700 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
21:44:44.0125 0700 Nla - ok
21:44:44.0171 0700 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:44:44.0296 0700 Npfs - ok
21:44:44.0375 0700 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:44:44.0531 0700 Ntfs - ok
21:44:44.0546 0700 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:44:44.0671 0700 NtLmSsp - ok
21:44:44.0734 0700 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:44:44.0875 0700 NtmsSvc - ok
21:44:44.0890 0700 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:44:45.0031 0700 Null - ok
21:44:45.0140 0700 [ CD2ACD06129C4107DF4483B298A05290 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:44:45.0312 0700 nv - ok
21:44:45.0390 0700 [ 4A6124C70C9E46565D31FF799750DC64 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
21:44:45.0406 0700 NVSvc - ok
21:44:45.0453 0700 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:44:45.0562 0700 NwlnkFlt - ok
21:44:45.0578 0700 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:44:45.0718 0700 NwlnkFwd - ok
21:44:45.0750 0700 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:44:45.0890 0700 ohci1394 - ok
21:44:45.0937 0700 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
21:44:45.0968 0700 ossrv - ok
21:44:46.0000 0700 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:44:46.0125 0700 Parport - ok
21:44:46.0156 0700 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:44:46.0265 0700 PartMgr - ok
21:44:46.0296 0700 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:44:46.0421 0700 ParVdm - ok
21:44:46.0453 0700 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:44:46.0562 0700 PCI - ok
21:44:46.0578 0700 PCIDump - ok
21:44:46.0625 0700 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:44:46.0750 0700 PCIIde - ok
21:44:46.0765 0700 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:44:46.0906 0700 Pcmcia - ok
21:44:46.0921 0700 PDCOMP - ok
21:44:46.0953 0700 PDFRAME - ok
21:44:46.0984 0700 PDRELI - ok
21:44:47.0000 0700 PDRFRAME - ok
21:44:47.0031 0700 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
21:44:47.0156 0700 perc2 - ok
21:44:47.0187 0700 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:44:47.0296 0700 perc2hib - ok
21:44:47.0406 0700 [ D9ED17AC15720096A9F92FF4EA587B09 ] PfModNT C:\WINDOWS\system32\drivers\PfModNT.sys
21:44:47.0406 0700 PfModNT ( UnsignedFile.Multi.Generic ) - warning
21:44:47.0406 0700 PfModNT - detected UnsignedFile.Multi.Generic (1)
21:44:47.0453 0700 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
21:44:47.0468 0700 PlugPlay - ok
21:44:47.0500 0700 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:44:47.0609 0700 PolicyAgent - ok
21:44:47.0640 0700 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:44:47.0750 0700 PptpMiniport - ok
21:44:47.0765 0700 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:44:47.0875 0700 ProtectedStorage - ok
21:44:47.0906 0700 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:44:48.0031 0700 PSched - ok
21:44:48.0062 0700 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:44:48.0171 0700 Ptilink - ok
21:44:48.0187 0700 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:44:48.0203 0700 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
21:44:48.0203 0700 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
21:44:48.0218 0700 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:44:48.0343 0700 ql1080 - ok
21:44:48.0359 0700 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:44:48.0468 0700 Ql10wnt - ok
21:44:48.0484 0700 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:44:48.0593 0700 ql12160 - ok
21:44:48.0640 0700 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:44:48.0750 0700 ql1240 - ok
21:44:48.0765 0700 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:44:48.0890 0700 ql1280 - ok
21:44:48.0921 0700 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:44:49.0031 0700 RasAcd - ok
21:44:49.0062 0700 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:44:49.0187 0700 RasAuto - ok
21:44:49.0203 0700 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:44:49.0312 0700 Rasl2tp - ok
21:44:49.0390 0700 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:44:49.0500 0700 RasMan - ok
21:44:49.0515 0700 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:44:49.0640 0700 RasPppoe - ok
21:44:49.0656 0700 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:44:49.0765 0700 Raspti - ok
21:44:49.0796 0700 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:44:49.0921 0700 Rdbss - ok
21:44:49.0937 0700 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:44:50.0062 0700 RDPCDD - ok
21:44:50.0109 0700 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:44:50.0234 0700 rdpdr - ok
21:44:50.0312 0700 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:44:50.0390 0700 RDPWD - ok
21:44:50.0453 0700 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:44:50.0562 0700 RDSessMgr - ok
21:44:50.0578 0700 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:44:50.0703 0700 redbook - ok
21:44:50.0765 0700 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:44:50.0875 0700 RemoteAccess - ok
21:44:50.0937 0700 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:44:51.0046 0700 RemoteRegistry - ok
21:44:51.0093 0700 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:44:51.0203 0700 RpcLocator - ok
21:44:51.0250 0700 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:44:51.0281 0700 RpcSs - ok
21:44:51.0296 0700 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:44:51.0453 0700 RSVP - ok
21:44:51.0468 0700 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
21:44:51.0593 0700 SamSs - ok
21:44:51.0625 0700 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:44:51.0750 0700 SCardSvr - ok
21:44:51.0796 0700 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:44:51.0921 0700 Schedule - ok
21:44:51.0968 0700 [ 59A9EB4073A39895AF314780D0A032FA ] SE27bus C:\WINDOWS\system32\DRIVERS\SE27bus.sys
21:44:51.0968 0700 SE27bus ( UnsignedFile.Multi.Generic ) - warning
21:44:51.0968 0700 SE27bus - detected UnsignedFile.Multi.Generic (1)
21:44:52.0015 0700 [ 5A33A8D7B44C7BD8ABE248B4DCD1FF3C ] SE27mgmt C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
21:44:52.0031 0700 SE27mgmt ( UnsignedFile.Multi.Generic ) - warning
21:44:52.0031 0700 SE27mgmt - detected UnsignedFile.Multi.Generic (1)
21:44:52.0078 0700 [ BB30139683BBF3EE89EC931393D9335C ] se27nd5 C:\WINDOWS\system32\DRIVERS\se27nd5.sys
21:44:52.0109 0700 se27nd5 ( UnsignedFile.Multi.Generic ) - warning
21:44:52.0109 0700 se27nd5 - detected UnsignedFile.Multi.Generic (1)
21:44:52.0125 0700 [ 5DA6FF71E94B9134DDD094EBB09F05E6 ] SE27obex C:\WINDOWS\system32\DRIVERS\SE27obex.sys
21:44:52.0140 0700 SE27obex ( UnsignedFile.Multi.Generic ) - warning
21:44:52.0140 0700 SE27obex - detected UnsignedFile.Multi.Generic (1)
21:44:52.0187 0700 [ 4D54A9D7C22157AB3D2442E8BCF5ECD2 ] se27unic C:\WINDOWS\system32\DRIVERS\se27unic.sys
21:44:52.0203 0700 se27unic ( UnsignedFile.Multi.Generic ) - warning
21:44:52.0203 0700 se27unic - detected UnsignedFile.Multi.Generic (1)
21:44:52.0265 0700 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:44:52.0328 0700 Secdrv - ok
21:44:52.0390 0700 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
21:44:52.0515 0700 seclogon - ok
21:44:52.0546 0700 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
21:44:52.0687 0700 SENS - ok
21:44:52.0750 0700 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:44:52.0890 0700 serenum - ok
21:44:52.0921 0700 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:44:53.0046 0700 Serial - ok
21:44:53.0109 0700 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:44:53.0234 0700 Sfloppy - ok
21:44:53.0281 0700 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:44:53.0421 0700 SharedAccess - ok
21:44:53.0453 0700 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:44:53.0484 0700 ShellHWDetection - ok
21:44:53.0578 0700 [ 6BD3976B881888AC9A0ED3EB94E7FD38 ] sigfilt C:\WINDOWS\system32\drivers\sigfilt.sys
21:44:53.0718 0700 sigfilt - ok
21:44:53.0734 0700 Simbad - ok
21:44:53.0796 0700 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:44:53.0921 0700 sisagp - ok
21:44:53.0953 0700 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:44:54.0093 0700 SLIP - ok
21:44:54.0140 0700 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:44:54.0218 0700 Sparrow - ok
21:44:54.0265 0700 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:44:54.0406 0700 splitter - ok
21:44:54.0437 0700 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:44:54.0484 0700 Spooler - ok
21:44:54.0531 0700 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:44:54.0593 0700 sr - ok
21:44:54.0656 0700 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
21:44:54.0718 0700 srservice - ok
21:44:54.0781 0700 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:44:54.0859 0700 Srv - ok
21:44:54.0921 0700 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:44:55.0000 0700 SSDPSRV - ok
21:44:55.0046 0700 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:44:55.0062 0700 ssmdrv - ok
21:44:55.0109 0700 [ B95480C92C4C9C311BE47B8A1AD73770 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
21:44:55.0125 0700 STHDA - ok
21:44:55.0187 0700 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:44:55.0312 0700 stisvc - ok
21:44:55.0390 0700 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:44:55.0515 0700 streamip - ok
21:44:55.0562 0700 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:44:55.0671 0700 swenum - ok
21:44:55.0703 0700 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:44:55.0828 0700 swmidi - ok
21:44:55.0843 0700 SwPrv - ok
21:44:55.0906 0700 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
21:44:56.0031 0700 symc810 - ok
21:44:56.0062 0700 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:44:56.0187 0700 symc8xx - ok
21:44:56.0218 0700 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:44:56.0328 0700 sym_hi - ok
21:44:56.0343 0700 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:44:56.0484 0700 sym_u3 - ok
21:44:56.0531 0700 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:44:56.0671 0700 sysaudio - ok
21:44:56.0703 0700 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:44:56.0828 0700 SysmonLog - ok
21:44:56.0859 0700 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:44:56.0984 0700 TapiSrv - ok
21:44:57.0015 0700 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:44:57.0078 0700 Tcpip - ok
21:44:57.0125 0700 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:44:57.0250 0700 TDPIPE - ok
21:44:57.0265 0700 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:44:57.0375 0700 TDTCP - ok
21:44:57.0421 0700 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:44:57.0546 0700 TermDD - ok
21:44:57.0593 0700 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
21:44:57.0718 0700 TermService - ok
21:44:57.0750 0700 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:44:57.0765 0700 Themes - ok
21:44:57.0828 0700 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:44:57.0890 0700 TlntSvr - ok
21:44:57.0937 0700 [ D213A9247DC347F305A2D4CC9B951487 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
21:44:58.0062 0700 TosIde - ok
21:44:58.0109 0700 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:44:58.0234 0700 TrkWks - ok
21:44:58.0312 0700 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:44:58.0437 0700 Udfs - ok
21:44:58.0468 0700 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
21:44:58.0531 0700 ultra - ok
21:44:58.0593 0700 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:44:58.0750 0700 Update - ok
21:44:58.0796 0700 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:44:58.0859 0700 upnphost - ok
21:44:58.0875 0700 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
21:44:59.0000 0700 UPS - ok
21:44:59.0046 0700 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:44:59.0078 0700 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
21:44:59.0078 0700 USBAAPL - detected UnsignedFile.Multi.Generic (1)
21:44:59.0093 0700 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:44:59.0203 0700 usbaudio - ok
21:44:59.0234 0700 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:44:59.0375 0700 usbccgp - ok
21:44:59.0406 0700 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:44:59.0515 0700 usbehci - ok
21:44:59.0546 0700 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:44:59.0671 0700 usbhub - ok
21:44:59.0703 0700 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:44:59.0828 0700 usbprint - ok
21:44:59.0890 0700 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:45:00.0015 0700 usbscan - ok
21:45:00.0031 0700 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:45:00.0156 0700 USBSTOR - ok
21:45:00.0203 0700 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:45:00.0312 0700 usbuhci - ok
21:45:00.0328 0700 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:45:00.0453 0700 VgaSave - ok
21:45:00.0484 0700 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:45:00.0609 0700 viaagp - ok
21:45:00.0656 0700 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
21:45:00.0781 0700 ViaIde - ok
21:45:00.0843 0700 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:45:00.0968 0700 VolSnap - ok
21:45:01.0000 0700 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
21:45:01.0093 0700 VSS - ok
21:45:01.0156 0700 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] w32time C:\WINDOWS\system32\w32time.dll
21:45:01.0281 0700 w32time - ok
21:45:01.0343 0700 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:45:01.0453 0700 Wanarp - ok
21:45:01.0515 0700 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
21:45:01.0593 0700 wceusbsh - ok
21:45:01.0609 0700 WDICA - ok
21:45:01.0671 0700 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:45:01.0781 0700 wdmaud - ok
21:45:01.0843 0700 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:45:01.0968 0700 WebClient - ok
21:45:02.0078 0700 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:45:02.0203 0700 winmgmt - ok
21:45:02.0312 0700 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:45:02.0375 0700 WmdmPmSN - ok
21:45:02.0453 0700 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:45:02.0500 0700 Wmi - ok
21:45:02.0546 0700 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:45:02.0671 0700 WmiApSrv - ok
21:45:02.0750 0700 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
21:45:02.0828 0700 WMPNetworkSvc - ok
21:45:02.0875 0700 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:45:02.0984 0700 WS2IFSL - ok
21:45:03.0046 0700 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:45:03.0171 0700 wscsvc - ok
21:45:03.0203 0700 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:45:03.0312 0700 WSTCODEC - ok
21:45:03.0359 0700 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:45:03.0484 0700 wuauserv - ok
21:45:03.0515 0700 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:45:03.0593 0700 WudfPf - ok
21:45:03.0609 0700 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:45:03.0640 0700 WudfRd - ok
21:45:03.0671 0700 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:45:03.0703 0700 WudfSvc - ok
21:45:03.0765 0700 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:45:03.0921 0700 WZCSVC - ok
21:45:03.0968 0700 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:45:04.0109 0700 xmlprov - ok
21:45:04.0187 0700 ================ Scan global ===============================
21:45:04.0265 0700 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
21:45:04.0296 0700 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:45:04.0312 0700 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:45:04.0359 0700 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
21:45:04.0359 0700 [Global] - ok
21:45:04.0359 0700 ================ Scan MBR ==================================
21:45:04.0406 0700 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
21:45:04.0718 0700 \Device\Harddisk0\DR0 - ok
21:45:04.0718 0700 ================ Scan VBR ==================================
21:45:04.0781 0700 [ FA2EF77442E042A0E696B63FE6097AA2 ] \Device\Harddisk0\DR0\Partition1
21:45:04.0781 0700 \Device\Harddisk0\DR0\Partition1 - ok
21:45:04.0781 0700 ============================================================
21:45:04.0781 0700 Scan finished
21:45:04.0781 0700 ============================================================
21:45:04.0921 0648 Detected object count: 33
21:45:04.0921 0648 Actual detected object count: 33
21:45:52.0125 0648 APL531 ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0125 0648 APL531 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0140 0648 camfilt ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0140 0648 camfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0156 0648 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0156 0648 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0171 0648 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0171 0648 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0171 0648 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0171 0648 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0171 0648 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0171 0648 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0187 0648 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0187 0648 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0187 0648 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0187 0648 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0203 0648 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0203 0648 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0218 0648 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0218 0648 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0234 0648 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0234 0648 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0250 0648 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0250 0648 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0250 0648 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0250 0648 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0265 0648 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0265 0648 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0281 0648 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0281 0648 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0296 0648 ELhid ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0296 0648 ELhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0312 0648 ELkbd ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0312 0648 ELkbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0328 0648 ELmon ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0328 0648 ELmon ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0328 0648 ELmou ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0328 0648 ELmou ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0343 0648 ELService ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0343 0648 ELService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0359 0648 IAANTMon ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0359 0648 IAANTMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0375 0648 MagicTune ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0375 0648 MagicTune ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0375 0648 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0375 0648 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0390 0648 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0390 0648 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0406 0648 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0406 0648 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0406 0648 PfModNT ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0406 0648 PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0421 0648 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0421 0648 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0437 0648 SE27bus ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0437 0648 SE27bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0453 0648 SE27mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0453 0648 SE27mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0468 0648 se27nd5 ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0468 0648 se27nd5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0484 0648 SE27obex ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0484 0648 SE27obex ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0484 0648 se27unic ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0484 0648 se27unic ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:52.0500 0648 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:52.0500 0648 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
21.10.2012, 11:44
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC kann nur noch im abgesicherten Modus hochgefahren werden Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.10.2012, 21:23
| #25 |
| | PC kann nur noch im abgesicherten Modus hochgefahren werden Klappt leider nicht. Bereits zum Start von ComboFix gibts ne Meldung, dass Avira noch aktiv wäre. Öffne ich Avira, sagt mir das Programm, dass es nicht aktiv wäre. Bestätige dann ein Fenster von CF, dass Avira weiterhin aktiv wäre und ich auf eigene Verantwortung fortfahren würde. CF startet dann auch, scannt verschiedene Stufen und sagt dann im blauen DOS-Fenster: "Starte Windows neu.... Bitte warten" Da bleibt dann der PC wieder hängen und fährt nicht runter/rauf Suche ich die Log-Datei und C:\ComboFix.txt bekomme ich folgende Anzeige: "C:\ComboFix.txt wurde nicht gefunden. Stellen Sie sicher, dass der Pfad bzw. die Internetadresse richtig ist" Was meinst du? Soll ich es nochmal mit CF probieren? Das Verhalten mit dem nicht runter-/rauffahren von CF erinnert mich an das bisherige Verhalten beim versuchten Hochfahren im normalen Modus. Auch da bleibt der Rechner hängen, Gebläse ist deutlich hörbar, aber nichts fährt hoch. Vielen Dank! |
|
23.10.2012, 16:31
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC kann nur noch im abgesicherten Modus hochgefahren werdenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.10.2012, 17:24
| #27 |
| | PC kann nur noch im abgesicherten Modus hochgefahren werden Kann mich an nichts bestimmtes erinnern. War im Internet surfen und bin ganz normal runter gefahren, nix auffälliges meiner Erinnerung nach. Am nächsten Tag dann blieb er beim hochfahren hängen. Kannst du denn (nach den bisherigen Logs) ausschließen, dass es ein Hardwaredefekt ist? Oder kann's alleine deswegen nicht an der Hardware liegen, weil ich abgesichert hochfahren kann? |
|
23.10.2012, 21:09
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC kann nur noch im abgesicherten Modus hochgefahren werden Mach bitte einen neuen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\Installer\*. /s
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Installer\*. /s
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.10.2012, 22:01
| #29 |
| | PC kann nur noch im abgesicherten Modus hochgefahren werden hat geklappt! Code:
ATTFilter OTL logfile created on: 23.10.2012 22:49:22 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 87,28% Memory free 3,85 Gb Paging File | 3,77 Gb Available in Paging File | 98,01% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 460,96 Gb Total Space | 358,09 Gb Free Space | 77,68% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: DHWPK82J | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.23 22:47:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe -- (de_serv) SRV - [2012.09.20 19:52:50 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.06 03:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2006.05.12 14:21:38 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service) SRV - [2005.12.12 17:52:32 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -- (ELService) SRV - [2005.06.17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\Combo-Fix.sys -- (vkquwexg) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETFWDSL.SYS -- (NETFWDSL) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\GNTER(~1\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2006.12.08 15:02:50 | 000,275,072 | ---- | M] (Guillemont Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HDvid.sys -- (APL531) DRV - [2006.11.16 17:01:42 | 000,024,192 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camfilt.sys -- (camfilt) DRV - [2006.09.18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) DRV - [2006.09.18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2006.09.18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) DRV - [2006.09.18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) DRV - [2006.09.18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) DRV - [2005.12.12 17:52:34 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid) DRV - [2005.12.12 17:52:34 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon) DRV - [2005.12.12 17:52:34 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd) DRV - [2005.12.12 17:52:34 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou) DRV - [2005.12.12 17:52:32 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi) DRV - [2005.10.21 07:25:32 | 000,013,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune) DRV - [2005.09.22 19:19:54 | 000,148,608 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2) DRV - [2005.09.08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2005.09.08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2005.09.08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2005.09.08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2005.09.08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2005.09.08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2005.09.08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2005.08.25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005.08.25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2005.06.06 22:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2005.05.25 23:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -- (CTUSFSYN) DRV - [2005.03.25 17:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt) DRV - [2005.01.11 01:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k) DRV - [2005.01.11 01:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv) DRV - [2004.12.23 02:58:00 | 000,008,704 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT) DRV - [2004.06.11 02:00:00 | 000,016,384 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA_de IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.14 20:48:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.14 20:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2012.10.14 20:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.06 03:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.09.06 03:26:22 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:26:22 | 000,002,253 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012.08.18 14:54:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Corel Photo Downloader] C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.) O4 - HKLM..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [HerculesCamService] C:\Programme\Hercules\Hercules DualPix HD Webcam\CamService.exe () O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL () O4 - HKLM..\Run: [MSKDetectorExe] C:\Programme\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKU\S-1-5-21-3725954371-1878462329-840030287-1006..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-3725954371-1878462329-840030287-1006..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd) O4 - HKU\S-1-5-21-3725954371-1878462329-840030287-1006..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found O4 - HKLM..\RunOnce: [Del412296] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\WINDOWS\DeleteOnReboot.bat () O4 - HKLM..\RunOnce: [Purge] C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3725954371-1878462329-840030287-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} hxxp://us-download.mcafee.com/products/protected/mvt/mvt.cab (McAfee Virtual Technician Control Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A061E586-CE2A-4FBF-9E07-37F5E79679C5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066) ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {8BF1B8CD-9A6C-4382-A454-CC769B913F48} - Microsoft .NET Framework 1.0 Hotfix (KB2656378) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Unable to start System Restore Service. Error code 10 ========== Files/Folders - Created Within 30 Days ========== [2012.10.22 21:52:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012.10.22 21:46:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.10.22 21:46:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.10.22 21:46:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.10.22 21:46:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.10.22 21:46:14 | 000,000,000 | --SD | C] -- C:\ComboFix [2012.10.22 21:43:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira [2012.10.22 21:43:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.22 21:43:02 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Verwaltung [2012.10.22 21:43:02 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Videos [2012.10.22 21:22:46 | 004,987,615 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\***\Desktop\ComboFix.exe [2012.10.19 21:39:44 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\***\Desktop\tdsskiller.exe [2012.10.16 13:37:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.10.15 20:10:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Temp [2012.10.15 20:10:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Adobe [2012.10.14 20:49:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads [2012.10.14 20:48:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Mozilla [2012.10.14 20:48:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla [2012.10.14 20:48:01 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.10.14 20:48:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2012.10.14 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MozillaFirefoxPackages [2012.10.14 20:47:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager [2012.10.14 20:46:58 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.10.13 23:40:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2012.10.13 23:40:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\My PSP Files [2012.10.12 10:02:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular [2012.10.08 18:40:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe [2012.10.08 18:35:04 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\PrivacIE ========== Files - Modified Within 30 Days ========== [2012.10.23 22:47:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.10.23 22:44:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.10.23 22:44:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.10.22 21:22:56 | 004,987,615 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\***\Desktop\ComboFix.exe [2012.10.19 21:39:45 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\***\Desktop\tdsskiller.exe [2012.10.17 20:58:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.10.17 19:59:35 | 000,000,140 | ---- | M] () -- C:\WINDOWS\DeleteOnReboot.bat [2012.10.17 17:51:12 | 000,538,941 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe [2012.10.14 20:48:01 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.10.14 20:46:18 | 001,114,760 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Firefox_Setup_15.0.1.exe [2012.10.13 23:40:01 | 000,006,216 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2012.10.05 16:52:00 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.10.05 16:52:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.10.05 09:52:00 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job ========== Files Created - No Company Name ========== [2012.10.22 21:46:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.10.22 21:46:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.10.22 21:46:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.10.22 21:46:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.10.22 21:46:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.10.17 20:51:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.10.17 19:59:29 | 000,000,140 | ---- | C] () -- C:\WINDOWS\DeleteOnReboot.bat [2012.10.17 17:51:12 | 000,538,941 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe [2012.10.14 20:48:01 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2012.10.14 20:48:01 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.10.14 20:45:43 | 001,114,760 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Firefox_Setup_15.0.1.exe [2012.07.31 23:19:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2012.02.17 10:11:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010.12.22 01:19:48 | 000,042,424 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.04.30 22:47:06 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc [2010.03.31 21:17:47 | 001,456,640 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\Falk Navi-Manager.msi [2007.05.19 03:16:05 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.05.26 01:25:20 | 000,000,692 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\FASTWiz.html [2006.05.26 01:20:49 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2005.08.20 01:54:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.21 12:18:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.10.14 20:47:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager [2011.01.19 18:39:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2006.05.25 12:29:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MVTLogs [2007.05.18 11:03:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2010.12.17 01:39:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.10.12 10:02:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.10.15 20:10:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe [2011.08.19 00:32:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Apple Computer [2012.10.22 21:43:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira [2006.05.12 14:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Corel [2012.10.12 10:02:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular [2009.06.01 12:09:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Google [2005.08.20 02:05:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities [2006.10.25 13:58:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia [2012.10.13 23:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2006.05.26 01:21:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\McAfee.com Personal Firewall [2012.10.17 20:03:38 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft [2012.10.14 20:48:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla [2012.10.14 20:47:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MozillaFirefoxPackages [2006.05.12 14:16:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun < %APPDATA%\*.exe /s > [2012.10.12 23:54:32 | 000,565,760 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MozillaFirefoxPackages\UninstallPackages\Uninstall.exe < %SYSTEMDRIVE%\*.exe > [2001.05.24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE < %systemroot%\Installer\*. /s > [2006.05.12 14:25:33 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$ [2008.12.20 20:36:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\tsclientmsitrans [2006.05.12 14:26:52 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{075473F5-846A-448B-BCB3-104AA1760205} [2012.06.15 01:45:22 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{0E64B098-8018-4256-BA23-C316A43AD9B0} [2012.09.21 12:19:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{0F6F6876-6334-4977-B5DD-CFC12E193420} [2006.05.12 14:26:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} [2006.05.12 14:26:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{1A15507A-8551-4626-915D-3D5FA095CC1B} [2006.05.12 14:25:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{1D3C662A-F6C6-4767-A788-7AA43A9A1317} [2009.11.18 21:52:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{205C6BDD-7B73-42DE-8505-9A093F35A238} [2006.05.12 14:26:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{21657574-BD54-48A2-9450-EB03B2C7FC29} [2012.08.31 18:06:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{26A24AE4-039D-4CA4-87B4-2F83216035FF} [2011.11.18 10:32:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E} [2006.05.12 14:26:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{30465B6C-B53F-49A1-9EBA-A3F187AD502E} [2005.08.20 02:06:00 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227} [2006.11.15 00:02:28 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F} [2009.11.18 21:53:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{41E654A9-26D0-4EAC-854B-0FA824FFFABB} [2006.05.12 14:21:25 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54} [2006.05.12 14:21:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{4CEA6811-DFAD-4892-828D-49941FE3B779} [2011.10.10 13:56:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF} [2009.11.18 21:52:48 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{52B97218-98CB-4B8B-9283-D213C85E1AA4} [2006.05.12 14:21:36 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{5905F42D-3F5F-4916-ADA6-94A3646AEE76} [2006.05.12 14:21:27 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{5B6BE547-21E2-49CA-B2E2-6A5F470593B1} [2009.11.18 21:52:38 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{5FC68772-6D56-41C6-9DF1-24E868198AE6} [2012.09.21 12:12:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{63EC2120-1742-4625-AA47-C6A8AEC9C64C} [2006.05.12 14:25:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{74F7662C-B1DB-489E-A8AC-07A06B24978B} [2011.09.01 09:26:03 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} [2011.11.07 00:20:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{79155F2B-9895-49D7-8612-D92580E0DE5B} [2008.11.12 20:48:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} [2006.05.12 14:25:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354} [2006.05.12 14:21:34 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{8C22F265-DE76-44D1-8A79-A71D819137DA} [2006.05.12 14:21:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC} [2011.11.18 18:59:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12} [2012.08.19 02:10:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{95120000-00AF-0407-0000-0000000FF1CE} [2010.03.31 21:13:47 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE} [2007.12.16 23:07:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{A462952C-29F7-43E4-ACA2-5CAB61401BA4} [2006.05.12 14:26:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{AB708C9B-97C8-4AC9-899B-DBF226AC9382} [2009.06.02 17:47:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1031-7B44-A00000000001} [2012.08.17 13:21:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1031-7B44-AA1000000001} [2012.05.03 15:27:39 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{AED2DD42-9853-407E-A6BC-8A1D6B715909} [2006.05.12 14:26:48 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{B12665F4-4E93-4AB4-B7FC-37053B524629} [2007.08.15 15:14:24 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF} [2012.05.03 15:27:14 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4} [2012.09.21 12:13:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662} [2012.08.16 13:53:06 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{e2377294-2caf-7fd9-746e-5ad80a113f7e} [2005.08.23 21:47:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{E78BFA60-5393-4C38-82AB-E8019E464EB4} [2006.05.12 14:24:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{EDDDC607-91D9-4758-9F57-265FDCD8A772} [2009.11.25 18:07:19 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} [2011.09.16 19:33:36 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed [2011.12.17 02:51:24 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC [2009.11.27 18:56:27 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C [2012.06.18 09:18:13 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A [2009.11.28 18:24:29 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D [2009.11.27 18:57:49 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\2D482C2C7DB643B30B5C2BACDE61D87F [2009.11.27 18:57:40 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\54EC413C293337B34B1E31C94DC19A33 [2011.09.16 19:33:36 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010 [2006.05.12 14:25:34 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\8418B9A87DDDF844DBC65338683D3245 [2009.11.27 18:54:51 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3 [2009.11.20 17:01:30 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC\12.0.4518 [2012.08.19 02:07:10 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC\12.0.6612 [2009.11.27 18:56:27 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729 [2012.06.18 09:18:22 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219 [2012.05.13 02:21:20 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729 [2009.11.27 18:57:49 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\2D482C2C7DB643B30B5C2BACDE61D87F\3.2.30729 [2009.11.27 18:57:40 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\54EC413C293337B34B1E31C94DC19A33\2.2.30729 [2012.08.17 13:20:33 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010\10.1.0 [2006.05.12 14:25:33 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\8418B9A87DDDF844DBC65338683D3245\6.0.0 [2009.11.27 18:54:51 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729 < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2005.08.20 01:42:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2005.08.20 01:42:36 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2005.08.20 01:42:36 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Installer\*. /s > [2006.05.12 14:25:33 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$ [2008.12.20 20:36:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\tsclientmsitrans [2006.05.12 14:26:52 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{075473F5-846A-448B-BCB3-104AA1760205} [2012.06.15 01:45:22 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{0E64B098-8018-4256-BA23-C316A43AD9B0} [2012.09.21 12:19:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{0F6F6876-6334-4977-B5DD-CFC12E193420} [2006.05.12 14:26:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} [2006.05.12 14:26:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{1A15507A-8551-4626-915D-3D5FA095CC1B} [2006.05.12 14:25:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{1D3C662A-F6C6-4767-A788-7AA43A9A1317} [2009.11.18 21:52:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{205C6BDD-7B73-42DE-8505-9A093F35A238} [2006.05.12 14:26:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{21657574-BD54-48A2-9450-EB03B2C7FC29} [2012.08.31 18:06:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{26A24AE4-039D-4CA4-87B4-2F83216035FF} [2011.11.18 10:32:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E} [2006.05.12 14:26:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{30465B6C-B53F-49A1-9EBA-A3F187AD502E} [2005.08.20 02:06:00 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227} [2006.11.15 00:02:28 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F} [2009.11.18 21:53:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{41E654A9-26D0-4EAC-854B-0FA824FFFABB} [2006.05.12 14:21:25 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54} [2006.05.12 14:21:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{4CEA6811-DFAD-4892-828D-49941FE3B779} [2011.10.10 13:56:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF} [2009.11.18 21:52:48 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{52B97218-98CB-4B8B-9283-D213C85E1AA4} [2006.05.12 14:21:36 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{5905F42D-3F5F-4916-ADA6-94A3646AEE76} [2006.05.12 14:21:27 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{5B6BE547-21E2-49CA-B2E2-6A5F470593B1} [2009.11.18 21:52:38 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{5FC68772-6D56-41C6-9DF1-24E868198AE6} [2012.09.21 12:12:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{63EC2120-1742-4625-AA47-C6A8AEC9C64C} [2006.05.12 14:25:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{74F7662C-B1DB-489E-A8AC-07A06B24978B} [2011.09.01 09:26:03 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} [2011.11.07 00:20:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{79155F2B-9895-49D7-8612-D92580E0DE5B} [2008.11.12 20:48:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} [2006.05.12 14:25:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354} [2006.05.12 14:21:34 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{8C22F265-DE76-44D1-8A79-A71D819137DA} [2006.05.12 14:21:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC} [2011.11.18 18:59:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12} [2012.08.19 02:10:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{95120000-00AF-0407-0000-0000000FF1CE} [2010.03.31 21:13:47 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE} [2007.12.16 23:07:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{A462952C-29F7-43E4-ACA2-5CAB61401BA4} [2006.05.12 14:26:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{AB708C9B-97C8-4AC9-899B-DBF226AC9382} [2009.06.02 17:47:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1031-7B44-A00000000001} [2012.08.17 13:21:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1031-7B44-AA1000000001} [2012.05.03 15:27:39 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{AED2DD42-9853-407E-A6BC-8A1D6B715909} [2006.05.12 14:26:48 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{B12665F4-4E93-4AB4-B7FC-37053B524629} [2007.08.15 15:14:24 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF} [2012.05.03 15:27:14 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4} [2012.09.21 12:13:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662} [2012.08.16 13:53:06 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{e2377294-2caf-7fd9-746e-5ad80a113f7e} [2005.08.23 21:47:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{E78BFA60-5393-4C38-82AB-E8019E464EB4} [2006.05.12 14:24:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{EDDDC607-91D9-4758-9F57-265FDCD8A772} [2009.11.25 18:07:19 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} [2011.09.16 19:33:36 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed [2011.12.17 02:51:24 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC [2009.11.27 18:56:27 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C [2012.06.18 09:18:13 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A [2009.11.28 18:24:29 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D [2009.11.27 18:57:49 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\2D482C2C7DB643B30B5C2BACDE61D87F [2009.11.27 18:57:40 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\54EC413C293337B34B1E31C94DC19A33 [2011.09.16 19:33:36 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010 [2006.05.12 14:25:34 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\8418B9A87DDDF844DBC65338683D3245 [2009.11.27 18:54:51 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3 [2009.11.20 17:01:30 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC\12.0.4518 [2012.08.19 02:07:10 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC\12.0.6612 [2009.11.27 18:56:27 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729 [2012.06.18 09:18:22 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219 [2012.05.13 02:21:20 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729 [2009.11.27 18:57:49 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\2D482C2C7DB643B30B5C2BACDE61D87F\3.2.30729 [2009.11.27 18:57:40 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\54EC413C293337B34B1E31C94DC19A33\2.2.30729 [2012.08.17 13:20:33 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010\10.1.0 [2006.05.12 14:25:33 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\8418B9A87DDDF844DBC65338683D3245\6.0.0 [2009.11.27 18:54:51 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729 < End of report > |
|
24.10.2012, 12:20
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC kann nur noch im abgesicherten Modus hochgefahren werdenCode:
ATTFilter Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb avkmgr Fips intelppm ssmdrv
Davor kam sowas: Code:
ATTFilter Error - 12.10.2012 03:50:13 | Computer Name = DHWPK82J | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 8007043C von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor
 Das war sechs Stunden vor deinem Eingangsposting
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu PC kann nur noch im abgesicherten Modus hochgefahren werden |
| abgesicherte, abgesicherten, abgesicherten modus, board, experte, experten, forum, gen, hochgefahren, hänge, hängen, modus, normalmodus, problem, titel |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
