Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win xp startet mit fast leerem Desktop

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.11.2012, 17:09   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Und welchen Ordner verwendet Windows jetzt?
Siehst du zB wenn du auf Start/Ausführen klickst, dort cmd eintippst
In der schwarzen Konsole siehst du dann sowas

Code:
ATTFilter
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Dokumente und Einstellungen\USER>
         
Was in meinem Beispiel mit USER angegeben ist, da steht bei dir der aktuelle Profilpfad
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.11.2012, 17:12   #17
Archivar
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Ah ok, dass man das so nachschaut, wusste ich nicht.

Win verwendet gerade ***.PC132431016427 (also ohne .OLD aber eben auch nicht den der einfach *** heißt).
__________________


Alt 07.11.2012, 19:46   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Zitat:
Win verwendet gerade ***.PC132431016427 (also ohne .OLD aber eben auch nicht den der einfach *** heißt).
Dann vertausch mal die Namen der beiden Ordner, d.h.

1. Windows neu starten
2. direkt nach dem Reboot ins heute neu erstellte Adminkonto rein
3. ***.PC132431016427 umbenennen zu ***.PC132431016427.old
4. *** umbenennen zu ***.PC132431016427
5. Windows Neustart
6. mit deinem User einloggen und Daumen drücken
__________________
__________________

Alt 07.11.2012, 20:27   #19
Archivar
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Wenn ich .old dranhänge, kommt die Fehlermeldung, dass es den entsprechenden Ordner schon gibt (die unterschiedliche Groß- und Kleinschreibung ändert daran nichts). Kann ich auch eine beliebeige andere Endung nehmen?

Alt 07.11.2012, 20:30   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Ja natürlich! Der muss nur einen anderen Namen haben! Du kannst statt .old auch .alt oder irgendwas anderes ranhängen!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.11.2012, 20:39   #21
Archivar
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Habs so ausprobiert und es hat geklappt!

Aber das war wahrscheinlich noch nicht alles, also da gabs sicher einen Grund warum sich das Desktop vertauscht hat? Bzw. was passiert jetzt mit den ganzen ***.PC...OLD Ordnern?

Alt 07.11.2012, 21:09   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Warum das so war, keine Ahnung. Hab schon ein paar genau solcher Hilfeschreie genau in dieser Art auch schon im Büro bekommen und mit dieser Methode immer wieder korrigieren können.
Vllt hat Windows irgendwas in deinem Profilordner nicht geschmeckt und er hat kurzerhand ohne großartige Hinweise einfach von vorn angefangen

Wenn dein aktueller Profilordner ***.PC132431016427 nun der richtige ist können die anderen eigentlich weg, aber ich würde nochetwas warten und die paar MB mehr auf C stören auch noch nicht wirklich.

Code:
ATTFilter
Drive C: | 93,15 Gb Total Space | 0,63 Gb Free Space | 0,68% Space Free
         
Es sei denn man sitzt an deinem Rechner wo C komplett zugekloppt und nocht mal mehr 1 GB freier Speicher ist
Da sollten wir mal dringend aufräumen

Zitat:
Windows XP Home Edition Service Pack 2
Das geht übrigens auch überhaupt nicht!
Wenn wir deinen Rechner soweit fertig haben muss unbedingt das SP3 installiert werden!

Erst eine Kontrolle mit OTL bitte, das Profilverzeichnis hat sich ja auch signifikant geändert!!
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.11.2012, 21:42   #23
Archivar
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Hab den Scan durchgeführt. aus irgendeinem Grund kann ich nach wie vor f-secure nicht deaktivieren (wobei das icon wieder in der Taskleiste ist), hoffe dass das den scan nicht beeinträchtigt hat.

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.11.2012 21:16:52 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\***.PC132431016427\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,17 Mb Total Physical Memory | 409,69 Mb Available Physical Memory | 45,82% Memory free
2,12 Gb Paging File | 1,70 Gb Available in Paging File | 80,21% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,15 Gb Total Space | 0,70 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
 
Computer Name: PC132431016427 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FNRB32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FIH32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Device Control\fsdevcon32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard )
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\Java\jre1.5.0_05\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Microsoft Office\Office\OSA.EXE ()
 
 
========== Modules (No Company Name) ==========
 
MOD - \\?\c:\programme\f-secure\hips\fsumi.dll ()
MOD - C:\Programme\F-Secure\FSGUI\strres.eng ()
MOD - C:\Programme\F-Secure\FSGUI\gres.dll ()
MOD - C:\Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - C:\Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - C:\Programme\F-Secure\FSGUI\about.dll ()
MOD - C:\Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - C:\Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - C:\Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\Programme\F-Secure\Anti-Virus\fm4av.dll ()
MOD - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Microsoft Office\Office\MSO97.DLL ()
MOD - C:\Programme\Microsoft Office\Office\OSA.EXE ()
 
 
========== Services (SafeList) ==========
 
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe File not found
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe File not found
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FSORSPClient) -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (F-Secure Network Request Broker) -- C:\Programme\F-Secure\common\FNRB32.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Programme\F-Secure\common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (fsdevcon) -- C:\Programme\F-Secure\Device Control\\fsdevcon32.exe ()
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\cofi\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (FANTOM) -- C:\WINDOWS\system32\drivers\fantom.sys (National Instruments Corporation)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (SSHDRV62) -- C:\WINDOWS\system32\drivers\SSHDRV62.sys ()
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (Elaborate Bytes AG)
DRV - (ElbyVCD) -- C:\WINDOWS\system32\drivers\ElbyVCD.sys (Elaborate Bytes AG)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw={searchTerms}&tbid=60282
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 145.254.22.10:8000
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: litmus-ff@f-secure.com:1.10
FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Programme\F-Secure\NRS\litmus-ff@f-secure.com [2012.10.10 14:41:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.01 20:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.01 20:09:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.02.16 08:12:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.06.05 11:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Extensions
[2010.06.05 11:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.24 09:43:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\extensions
[2012.11.01 20:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.01 20:09:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.10 14:41:34 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- C:\PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
[2012.11.01 20:10:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.06.23 21:55:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.13 17:49:47 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.23 21:55:56 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 21:55:55 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 21:55:55 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 21:55:55 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.01 20:58:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = -1795162112
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1214247387 (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6D234B9-FF90-42BD-8013-B8F51BCDFA54}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O27 - HKLM IFEO\RapportMgmtService.exe: Debugger -  File not found
O27 - HKLM IFEO\RapportService.exe: Debugger -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{87431348-b948-11e0-bd9f-0014a56b88eb}\Shell\AutoRun\command - "" = F:\installer.exe
O33 - MountPoints2\{87431348-b948-11e0-bd9f-0014a56b88eb}\Shell\verb\command - "" = F:\installer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: coniSP32 - (C:\WINDOWS\system32\ipxrexnt.dll) -  File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.07 14:30:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe
[2012.11.03 13:20:25 | 000,000,000 | ---D | C] -- C:\Mozilla
[2012.11.01 20:09:43 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2012.10.24 10:00:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\Scharfreuter
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\CASC1PZI.
[2012.11.07 21:16:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.11.07 21:00:00 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.11.07 20:33:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.07 20:33:51 | 937,676,800 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.07 14:30:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe
[2012.11.04 10:13:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.31 20:22:54 | 000,029,513 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.10.31 19:40:50 | 000,158,720 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.31 15:10:29 | 004,081,428 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.10.31 15:10:29 | 002,982,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.31 15:10:29 | 001,904,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.10.31 15:10:28 | 002,171,622 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.10.15 06:23:39 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.10.12 19:11:42 | 000,070,663 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\stoffplan_ag_4_3_bf_anwaltschaft.pdf
[2012.10.12 14:34:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\CASC1PZI.
[2012.10.12 19:11:42 | 000,070,663 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\stoffplan_ag_4_3_bf_anwaltschaft.pdf
[2012.07.05 00:10:31 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.10.01 10:16:40 | 000,162,304 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\0.6607504357915424.exe
[2011.03.24 23:32:35 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.11.25 13:40:55 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008.04.13 15:28:35 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\usb
[2006.10.21 15:09:11 | 000,001,112 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\ViewerApp.dat
[2006.03.05 22:32:50 | 000,158,720 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.03.03 20:20:09 | 000,001,954 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\.plugin141.trace
[2006.02.17 17:01:21 | 000,000,204 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\wklnhst.dat
[2006.02.17 16:51:55 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2004.08.07 06:21:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.21 08:01:11 | 001,494,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:00:58 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004.08.04 09:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:364682BC

< End of report >
         
--- --- ---




Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.11.2012 21:16:52 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\***.PC132431016427\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,17 Mb Total Physical Memory | 409,69 Mb Available Physical Memory | 45,82% Memory free
2,12 Gb Paging File | 1,70 Gb Available in Paging File | 80,21% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,15 Gb Total Space | 0,70 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
 
Computer Name: PC132431016427 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{24638AD1-5F7E-9900-147E-B3EEA1B84EAE}" = Napster 5.0 Beta
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{37C39957-B0B3-40DC-8BA4-2363241159ED}" = LightScribe  1.4.44.1
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 C1
"{43A6AA2A-74B5-4E1C-91DB-ECB2F99D9ED7}" = HP User Guides 0008
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5F2F0392-05F6-4D71-B0F9-0BE3733992FB}" = F-Secure Client Security
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CD0159C9-17FB-11D6-A76A-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 D2
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F7875264-810A-4ABB-B185-2C5A332E483B}" = F-Secure PSC Prerequisites
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE 
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CloneCD" = CloneCD
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"com.Rhapsody.Napster5" = Napster 5.0 Beta
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"F-Secure Anti-Virus" = F-Secure Client Security - AntiVirus & AntiSpy-Schutz
"F-Secure Device Control" = F-Secure Gerätesteuerung
"F-Secure E-mail Scanning" = F-Secure Client Security - E-Mail-Scanning
"F-Secure ExploitShield" = F-Secure Client Security - Browser-Schutz
"F-Secure HIPS" = F-Secure Client Security - DeepGuard
"F-Secure Internet Shield" = F-Secure Client Security - Internet-Schutzschild
"F-Secure Protocol Scanner" = F-Secure Client Security - Web-Datenverkehr-Scanning
"Guitar Pro 5_is1" = Guitar Pro 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"LastFM_is1" = Last.fm 1.5.4.27091
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"PhotoRecord" = Canon PhotoRecord
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnderCoverXP_is1" = UnderCoverXP 1.19
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR Archivierer
"XP Codec Pack" = XP Codec Pack
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.11.2012 09:36:11 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 10  2012-11-07  14:36:11+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP109\SNAPSHOT\_REGISTRY_MACHINE_SAM.
     
 
Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 11  2012-11-07  15:24:48+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-20.
     
 
Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 12  2012-11-07  15:24:49+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_USRCLASS_S-1-5-20.
     
 
Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 13  2012-11-07  15:24:49+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-19.
     
 
Error - 07.11.2012 10:24:53 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 14  2012-11-07  15:24:53+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-21-3895385494-3161838611-3957656901-1006.
     
 
Error - 07.11.2012 10:24:54 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 15  2012-11-07  15:24:53+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_USRCLASS_S-1-5-21-3895385494-3161838611-3957656901-1006.
     
 
Error - 07.11.2012 10:25:00 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 16  2012-11-07  15:25:00+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SECURITY.
     
 
Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 17  2012-11-07  15:25:06+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SOFTWARE.
     
 
Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 18  2012-11-07  15:25:06+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SYSTEM.
     
 
Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 19  2012-11-07  15:25:06+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SAM.
     
 
[ System Events ]
Error - 05.11.2012 14:32:31 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 06.11.2012 02:42:51 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 06.11.2012 14:36:16 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 07.11.2012 08:07:45 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 07.11.2012 09:24:32 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 07.11.2012 10:54:08 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 07.11.2012 11:01:23 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 07.11.2012 11:10:30 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 07.11.2012 15:20:24 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 07.11.2012 15:34:16 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
 
< End of report >
         
--- --- ---

Alt 07.11.2012, 21:48   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
O27 - HKLM IFEO\RapportMgmtService.exe: Debugger -  File not found
O27 - HKLM IFEO\RapportService.exe: Debugger -  File not found
@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:364682BC
:Files
C:\Dokumente und Einstellungen\***.PC132431016427\0.6607504357915424.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.11.2012, 22:47   #25
Archivar
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



So ausgeführt:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportMgmtService.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe\ deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:364682BC deleted successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\***.PC132431016427\0.6607504357915424.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: ***.PC132431016427
->Temp folder emptied: 5887731 bytes
->Temporary Internet Files folder emptied: 47892749 bytes
->Java cache emptied: 3439933 bytes
->FireFox cache emptied: 56679403 bytes
->Flash cache emptied: 167026 bytes
 
User: ***.PC132431016427.000.OLD
 
User: ***.PC132431016427.001.OLD
 
User: ***.PC132431016427.002.OLD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 80547722 bytes
->Flash cache emptied: 566 bytes
 
User: ***.PC132431016427.alt
->Temp folder emptied: 2868 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 54570815 bytes
->Flash cache emptied: 56922 bytes
 
User: ***.PC132431016427.OLD
 
User: ***ie
->Temp folder emptied: 2868 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 19573057 bytes
->Flash cache emptied: 56922 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5852382 bytes
RecycleBin emptied: 95392 bytes
 
Total Files Cleaned = 262,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11072012_221932

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\AEIPWEUI\42=4;i44=4;d13=0;f1=1;f2=1;d17=1;c1=1;c3=1;c5=0;c8=0;c9=1;c10=0;c11=1;c12=0;c19=1;c20=0;c21=1;c22=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=9055211250[1] not found!
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\AEIPWEUI\i15=4;i17=4;i40=4;i42=4;i44=4;f1=2;f2=2;d17=1;c3=1;c4=0;c5=0;c6=1;c8=0;c9=1;c11=1;c21=1;c19=1;c20=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=5387608681[1] not found!
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1N81PH9G\42=4;i44=4;d13=2;f1=1;f2=1;d17=1;c1=1;c3=1;c5=1;c8=0;c11=1;c12=0;c19=1;c20=0;c21=1;c22=0;c9=1;c10=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=1285678491[1] not found!
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1N81PH9G\42=4;i44=4;d13=7;f1=2;f2=2;d17=1;c1=1;c3=1;c5=0;c8=0;c9=1;c10=0;c11=1;c12=0;c19=1;c20=0;c21=1;c22=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=5528150384[1] not found!
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1N81PH9G\42=4;i44=4;d13=7;f1=2;f2=2;d17=1;c1=1;c3=1;c5=1;c8=0;c11=1;c12=0;c19=1;c20=0;c21=1;c22=0;c9=1;c10=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=3738941611[1] not found!
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1N81PH9G\i15=4;i17=4;i40=4;i42=4;i44=4;f1=1;f2=1;d17=1;c3=1;c4=0;c5=0;c6=0;c8=0;c9=1;c11=1;c21=1;c19=1;c20=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=6253828205[1] not found!
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0M9522XS\cu=15968__camp=71084__no=90740__kw=link1-90740__uuid=85849fee-6056-11e1-a68c-0026b928e1d3__cman1=76__cman2=1057__csit=111111111111111111__EASLink=[1] not found!
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VBNSFLX4\www.totallynsfw.com\[[IMPORT]]\plugins.longtailvideo.com\5\ltas\ltas.swf\httpwwwtotallynsfwcomvideosvideos.sol not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Geändert von Archivar (07.11.2012 um 23:03 Uhr)

Alt 07.11.2012, 22:49   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.11.2012, 23:01   #27
Archivar
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Ich kann leider aswMBR kann ich nicht runterladen. Beim Draufklicken kommt die Meldung "Schädliche Webseite blockiert" von f-secure. Die Meldung ignorieren und trotzdem speichern?

Alt 07.11.2012, 23:07   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Ja was denn sonst?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.11.2012, 11:13   #29
Archivar
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Beide Scans sind fertig.

aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-08 09:51:27
-----------------------------
09:51:27.875    OS Version: Windows 5.1.2600 Service Pack 2
09:51:27.875    Number of processors: 1 586 0x2402
09:51:27.875    ComputerName: PC132431016427  UserName: ***
09:51:33.109    Initialize success
09:52:09.359    AVAST engine defs: 12110701
09:52:34.765    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:52:34.781    Disk 0 Vendor: TOSHIBA_MK1031GAS AA204C Size: 95396MB BusType: 3
09:52:34.812    Disk 0 MBR read successfully
09:52:34.828    Disk 0 MBR scan
09:52:35.078    Disk 0 Windows XP default MBR code
09:52:35.078    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        95385 MB offset 63
09:52:35.156    Disk 0 scanning sectors +195350400
09:52:35.328    Disk 0 scanning C:\WINDOWS\system32\drivers
09:53:17.125    Service scanning
09:53:56.953    Modules scanning
09:54:10.703    Disk 0 trace - called modules:
09:54:10.718    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
09:54:10.718    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85358ab8]
09:54:10.718    3 CLASSPNP.SYS[f757305b] -> nt!IofCallDriver -> \Device\00000075[0x853c9030]
09:54:10.718    5 ACPI.sys[f73e8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85398030]
09:54:11.406    AVAST engine scan C:\WINDOWS
09:54:30.468    AVAST engine scan C:\WINDOWS\system32
10:00:00.156    AVAST engine scan C:\WINDOWS\system32\drivers
10:00:20.890    AVAST engine scan C:\Dokumente und Einstellungen\***.PC132431016427
10:46:26.578    AVAST engine scan C:\Dokumente und Einstellungen\All Users
10:47:57.843    Scan finished successfully
10:48:58.359    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\MBR.dat"
10:48:58.421    The log file has been saved successfully to "C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\aswMBR.txt"
         

TDSS:


Code:
ATTFilter
10:50:50.0218 3972  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:50:51.0656 3972  ============================================================
10:50:51.0656 3972  Current date / time: 2012/11/08 10:50:51.0656
10:50:51.0656 3972  SystemInfo:
10:50:51.0656 3972  
10:50:51.0656 3972  OS Version: 5.1.2600 ServicePack: 2.0
10:50:51.0656 3972  Product type: Workstation
10:50:51.0656 3972  ComputerName: PC132431016427
10:50:51.0656 3972  UserName: ***
10:50:51.0656 3972  Windows directory: C:\WINDOWS
10:50:51.0656 3972  System windows directory: C:\WINDOWS
10:50:51.0656 3972  Processor architecture: Intel x86
10:50:51.0656 3972  Number of processors: 1
10:50:51.0656 3972  Page size: 0x1000
10:50:51.0656 3972  Boot type: Normal boot
10:50:51.0656 3972  ============================================================
10:50:54.0390 3972  Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:50:54.0390 3972  ============================================================
10:50:54.0390 3972  \Device\Harddisk0\DR0:
10:50:54.0390 3972  MBR partitions:
10:50:54.0390 3972  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41
10:50:54.0390 3972  ============================================================
10:50:54.0406 3972  C: <-> \Device\Harddisk0\DR0\Partition1
10:50:54.0437 3972  ============================================================
10:50:54.0437 3972  Initialize success
10:50:54.0437 3972  ============================================================
10:51:38.0250 3828  ============================================================
10:51:38.0250 3828  Scan started
10:51:38.0250 3828  Mode: Manual; SigCheck; TDLFS; 
10:51:38.0250 3828  ============================================================
10:51:38.0531 3828  ================ Scan system memory ========================
10:51:46.0968 3828  System memory - ok
10:51:46.0968 3828  ================ Scan services =============================
10:51:47.0093 3828  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
10:51:47.0296 3828  AAV UpdateService - ok
10:51:47.0468 3828  Abiosdsk - ok
10:51:47.0484 3828  abp480n5 - ok
10:51:47.0531 3828  [ 94B4741D2CF9ED38140B831293D1601A ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:51:54.0796 3828  ACPI - ok
10:51:54.0859 3828  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:51:55.0093 3828  ACPIEC - ok
10:51:55.0187 3828  [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:51:55.0296 3828  AdobeFlashPlayerUpdateSvc - ok
10:51:55.0312 3828  adpu160m - ok
10:51:55.0375 3828  [ 1EE7B434BA961EF845DE136224C30FEC ] aec             C:\WINDOWS\system32\drivers\aec.sys
10:51:55.0906 3828  aec - ok
10:51:55.0953 3828  [ 55E6E1C51B6D30E54335750955453702 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
10:51:56.0046 3828  AFD - ok
10:51:56.0062 3828  Aha154x - ok
10:51:56.0078 3828  aic78u2 - ok
10:51:56.0093 3828  aic78xx - ok
10:51:56.0140 3828  [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
10:51:56.0312 3828  Alerter - ok
10:51:56.0343 3828  [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG             C:\WINDOWS\System32\alg.exe
10:51:56.0546 3828  ALG - ok
10:51:56.0609 3828  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
10:51:56.0859 3828  AliIde - ok
10:51:56.0906 3828  [ 769844EB65DF6A62AA51B886290FE51D ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
10:51:57.0015 3828  AmdK8 - ok
10:51:57.0031 3828  amsint - ok
10:51:57.0140 3828  [ 69DA2BB73AC426CDEEBDACC68438BA3D ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
10:51:57.0234 3828  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
10:51:57.0234 3828  Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
10:51:57.0250 3828  AppMgmt - ok
10:51:57.0296 3828  [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:51:57.0484 3828  Arp1394 - ok
10:51:57.0500 3828  asc - ok
10:51:57.0515 3828  asc3350p - ok
10:51:57.0531 3828  asc3550 - ok
10:51:57.0609 3828  [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
10:51:57.0687 3828  aspnet_state ( UnsignedFile.Multi.Generic ) - warning
10:51:57.0687 3828  aspnet_state - detected UnsignedFile.Multi.Generic (1)
10:51:57.0718 3828  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:51:57.0890 3828  AsyncMac - ok
10:51:57.0937 3828  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
10:51:58.0156 3828  atapi - ok
10:51:58.0171 3828  Atdisk - ok
10:51:58.0250 3828  [ E548EB303255721145418F85B77B9D8A ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
10:51:58.0500 3828  Ati HotKey Poller - ok
10:51:58.0593 3828  [ 6EF070828E7B8C6F45D8F0E9CE28CA8B ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:51:58.0937 3828  ati2mtag - ok
10:51:59.0000 3828  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:51:59.0203 3828  Atmarpc - ok
10:51:59.0265 3828  [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:51:59.0468 3828  AudioSrv - ok
10:51:59.0531 3828  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
10:51:59.0750 3828  audstub - ok
10:51:59.0843 3828  [ FA4A4A50B4B2647AFEDC676CC68C69CC ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
10:52:00.0046 3828  BCM43XX - ok
10:52:00.0078 3828  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:52:00.0312 3828  Beep - ok
10:52:00.0375 3828  [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS            C:\WINDOWS\system32\qmgr.dll
10:52:02.0437 3828  BITS - ok
10:52:02.0500 3828  [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser         C:\WINDOWS\System32\browser.dll
10:52:02.0656 3828  Browser - ok
10:52:02.0703 3828  [ E76DC88F00D50F46072FEB2371769978 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
10:52:02.0765 3828  BTWUSB ( UnsignedFile.Multi.Generic ) - warning
10:52:02.0765 3828  BTWUSB - detected UnsignedFile.Multi.Generic (1)
10:52:02.0828 3828  [ C2EF37F09CFEE9665E6CD7C0B0AFB84F ] CAMCAUD         C:\WINDOWS\system32\drivers\camc6aud.sys
10:52:02.0937 3828  CAMCAUD - ok
10:52:02.0984 3828  [ 512DF898DE5C0654647ACD5C82F0BD99 ] CAMCHALA        C:\WINDOWS\system32\drivers\camc6hal.sys
10:52:03.0171 3828  CAMCHALA - ok
10:52:03.0187 3828  catchme - ok
10:52:03.0218 3828  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
10:52:03.0437 3828  cbidf2k - ok
10:52:03.0484 3828  [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:52:03.0687 3828  CCDECODE - ok
10:52:03.0703 3828  cd20xrnt - ok
10:52:03.0734 3828  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
10:52:03.0953 3828  Cdaudio - ok
10:52:04.0015 3828  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:52:04.0187 3828  Cdfs - ok
10:52:04.0218 3828  [ 351735695E9EAD93DE6AF85D8BEB1CA8 ] cdrbsdrv        C:\WINDOWS\system32\drivers\cdrbsdrv.sys
10:52:04.0250 3828  cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
10:52:04.0250 3828  cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
10:52:04.0296 3828  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:52:04.0453 3828  Cdrom - ok
10:52:04.0468 3828  Changer - ok
10:52:04.0515 3828  [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc           C:\WINDOWS\system32\cisvc.exe
10:52:04.0703 3828  CiSvc - ok
10:52:04.0750 3828  [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
10:52:04.0953 3828  ClipSrv - ok
10:52:04.0984 3828  [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:52:05.0171 3828  CmBatt - ok
10:52:05.0187 3828  CmdIde - ok
10:52:05.0250 3828  [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:52:05.0484 3828  Compbatt - ok
10:52:05.0500 3828  COMSysApp - ok
10:52:05.0531 3828  Cpqarray - ok
10:52:05.0578 3828  [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:52:05.0765 3828  CryptSvc - ok
10:52:05.0781 3828  dac2w2k - ok
10:52:05.0796 3828  dac960nt - ok
10:52:05.0859 3828  [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:52:06.0156 3828  DcomLaunch - ok
10:52:06.0218 3828  [ 7C4D218F9017725589ADACAB82BEB0F8 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:52:06.0781 3828  Dhcp - ok
10:52:06.0859 3828  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
10:52:07.0046 3828  Disk - ok
10:52:07.0062 3828  dmadmin - ok
10:52:07.0156 3828  [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:52:07.0390 3828  dmboot - ok
10:52:07.0437 3828  [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:52:07.0625 3828  dmio - ok
10:52:07.0671 3828  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:52:07.0890 3828  dmload - ok
10:52:07.0937 3828  [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:52:08.0125 3828  dmserver - ok
10:52:08.0156 3828  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:52:08.0375 3828  DMusic - ok
10:52:08.0406 3828  [ D20C5B5F0D8AC53FFEC17FF9B1658A6E ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:52:08.0968 3828  Dnscache - ok
10:52:08.0968 3828  dpti2o - ok
10:52:09.0015 3828  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
10:52:09.0203 3828  drmkaud - ok
10:52:09.0250 3828  [ C6ACA0190EE7B614673EE0C91863B1EB ] eabfiltr        C:\WINDOWS\system32\drivers\EABFiltr.sys
10:52:09.0312 3828  eabfiltr - ok
10:52:09.0343 3828  [ DA1011DB09AD641DE40CD5CCA70C0C43 ] eabusb          C:\WINDOWS\system32\drivers\eabusb.sys
10:52:09.0406 3828  eabusb - ok
10:52:09.0453 3828  [ 59C9E1336A4508F059827D638E924C62 ] ElbyCDFL        C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
10:52:09.0515 3828  ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
10:52:09.0515 3828  ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
10:52:09.0546 3828  [ 389823DB299B350F2EE830D47376EEAC ] ElbyCDIO        C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
10:52:09.0609 3828  ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
10:52:09.0609 3828  ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
10:52:09.0656 3828  [ C4143FC2F7D39A5A8B1CFE0BC4BD8A9E ] ElbyVCD         C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
10:52:09.0718 3828  ElbyVCD ( UnsignedFile.Multi.Generic ) - warning
10:52:09.0718 3828  ElbyVCD - detected UnsignedFile.Multi.Generic (1)
10:52:09.0765 3828  [ 877A4512CC9074D6954776AF47021766 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
10:52:09.0937 3828  ERSvc - ok
10:52:09.0984 3828  [ A07CA23EA361A01E627D911CF139B950 ] Eventlog        C:\WINDOWS\system32\services.exe
10:52:10.0125 3828  Eventlog - ok
10:52:10.0171 3828  [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem     C:\WINDOWS\system32\es.dll
10:52:10.0296 3828  EventSystem - ok
10:52:10.0406 3828  [ 4A076E190BB9DC3202D95D496878923C ] F-Secure Filter C:\Programme\F-Secure\Anti-Virus\Win2K\FSfilter.sys
10:52:10.0453 3828  F-Secure Filter - ok
10:52:10.0562 3828  [ C5D80C3A419BA6BED9AAB9385031A308 ] F-Secure Gatekeeper C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys
10:52:10.0640 3828  F-Secure Gatekeeper - ok
10:52:10.0703 3828  [ 45A0A9A8415DF0C22D0A683D798968CD ] F-Secure Gatekeeper Handler Starter C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
10:52:10.0781 3828  F-Secure Gatekeeper Handler Starter - ok
10:52:10.0859 3828  [ 51B6194B06F8373C7BE83F507F94F405 ] F-Secure HIPS   C:\Programme\F-Secure\HIPS\drivers\fshs.sys
10:52:10.0921 3828  F-Secure HIPS - ok
10:52:11.0000 3828  [ 3F3EC2023F3F5C8ADEE89FC21D67FA8B ] F-Secure Network Request Broker C:\Programme\F-Secure\Common\FNRB32.EXE
10:52:11.0093 3828  F-Secure Network Request Broker - ok
10:52:11.0125 3828  [ 958C6C79676E34582CFD3DA2B32CB343 ] F-Secure Recognizer C:\Programme\F-Secure\Anti-Virus\Win2K\FSrec.sys
10:52:11.0171 3828  F-Secure Recognizer - ok
10:52:11.0234 3828  [ E3B0CD18146F9D51A34969E9BC2458D2 ] FANTOM          C:\WINDOWS\system32\DRIVERS\fantom.sys
10:52:11.0296 3828  FANTOM ( UnsignedFile.Multi.Generic ) - warning
10:52:11.0296 3828  FANTOM - detected UnsignedFile.Multi.Generic (1)
10:52:11.0328 3828  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
10:52:11.0546 3828  Fastfat - ok
10:52:11.0578 3828  [ 521A4CB71CC419FDF60DB83E7308AE2B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:52:12.0171 3828  FastUserSwitchingCompatibility - ok
10:52:12.0218 3828  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
10:52:12.0406 3828  Fdc - ok
10:52:12.0453 3828  [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:52:12.0656 3828  Fips - ok
10:52:12.0687 3828  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:52:12.0859 3828  Flpydisk - ok
10:52:12.0921 3828  [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:52:13.0484 3828  FltMgr - ok
10:52:13.0515 3828  [ 18DA737DD5122A475DA4948ED4643675 ] fsbts           C:\WINDOWS\system32\Drivers\fsbts.sys
10:52:13.0562 3828  fsbts - ok
10:52:13.0656 3828  [ 00F5156562FEA93C8CAF5EACC0B9524F ] fsdevcon        C:\Programme\F-Secure\Device Control\\fsdevcon32.exe
10:52:13.0828 3828  fsdevcon - ok
10:52:13.0937 3828  [ AA59C15C31B53A4F26B165737B2E4FEB ] FSDFWD          C:\Programme\F-Secure\FWES\Program\fsdfwd.exe
10:52:14.0140 3828  FSDFWD - ok
10:52:14.0187 3828  [ D7261B0876E4238D680E96B69292B9E0 ] FSFW            C:\WINDOWS\system32\drivers\fsdfw.sys
10:52:14.0234 3828  FSFW - ok
10:52:14.0296 3828  [ E0229353879FD33E15462B862A064FD6 ] FSMA            C:\Programme\F-Secure\Common\FSMA32.EXE
10:52:14.0375 3828  FSMA - ok
10:52:14.0453 3828  [ DD4A7ECF77AD120310648602C0B262EC ] FSORSPClient    C:\Programme\F-Secure\ORSP Client\fsorsp.exe
10:52:14.0515 3828  FSORSPClient - ok
10:52:14.0562 3828  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:52:14.0765 3828  Fs_Rec - ok
10:52:14.0812 3828  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:52:15.0046 3828  Ftdisk - ok
10:52:15.0125 3828  [ B45F1DF1CCE34E2AF422F0ED78CD70EF ] FWLANUSB        C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
10:52:15.0281 3828  FWLANUSB - ok
10:52:15.0328 3828  [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:52:15.0359 3828  GEARAspiWDM - ok
10:52:15.0406 3828  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:52:15.0578 3828  Gpc - ok
10:52:15.0671 3828  [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:52:15.0859 3828  helpsvc - ok
10:52:15.0921 3828  [ B647CA198B9C73056ABFB0A9D8F4916D ] HidServ         C:\WINDOWS\System32\hidserv.dll
10:52:16.0109 3828  HidServ - ok
10:52:16.0156 3828  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:52:16.0375 3828  HidUsb - ok
10:52:16.0390 3828  hpn - ok
10:52:16.0468 3828  [ 7463E7CBDF29B50ACB90574D5769A160 ] hpqwmi          C:\Programme\HPQ\SHARED\HPQWMI.exe
10:52:16.0531 3828  hpqwmi ( UnsignedFile.Multi.Generic ) - warning
10:52:16.0531 3828  hpqwmi - detected UnsignedFile.Multi.Generic (1)
10:52:16.0593 3828  [ 14794F142BEFC962AB142584607A6631 ] HSFHWATI        C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
10:52:16.0671 3828  HSFHWATI - ok
10:52:16.0765 3828  [ F99BB4E2B462198B2B0A82D0949F0C41 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
10:52:17.0078 3828  HSF_DP - ok
10:52:17.0156 3828  [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:52:17.0375 3828  HTTP - ok
10:52:17.0421 3828  [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:52:17.0625 3828  HTTPFilter - ok
10:52:17.0640 3828  i2omgmt - ok
10:52:17.0656 3828  i2omp - ok
10:52:17.0703 3828  [ 7C575018D0413440D75432A78B88C899 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:52:17.0906 3828  i8042prt - ok
10:52:18.0031 3828  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:52:18.0093 3828  IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:52:18.0093 3828  IDriverT - detected UnsignedFile.Multi.Generic (1)
10:52:18.0140 3828  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
10:52:18.0312 3828  Imapi - ok
10:52:18.0359 3828  [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService    C:\WINDOWS\system32\imapi.exe
10:52:18.0562 3828  ImapiService - ok
10:52:18.0593 3828  ini910u - ok
10:52:18.0625 3828  [ D63C33F65F6EBC732116403D88883B2D ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
10:52:18.0828 3828  IntelIde - ok
10:52:18.0875 3828  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:52:19.0078 3828  Ip6Fw - ok
10:52:19.0125 3828  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:52:19.0312 3828  IpFilterDriver - ok
10:52:19.0343 3828  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:52:19.0531 3828  IpInIp - ok
10:52:19.0578 3828  [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:52:20.0156 3828  IpNat - ok
10:52:20.0250 3828  [ E1BD28CA09EE8F30E8EDBD6C19F5579D ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
10:52:20.0453 3828  iPod Service - ok
10:52:20.0484 3828  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:52:20.0671 3828  IPSec - ok
10:52:20.0703 3828  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:52:20.0890 3828  IRENUM - ok
10:52:20.0953 3828  [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:52:21.0171 3828  isapnp - ok
10:52:21.0218 3828  [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:52:21.0390 3828  Kbdclass - ok
10:52:21.0437 3828  [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:52:22.0015 3828  kmixer - ok
10:52:22.0062 3828  [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:52:22.0218 3828  KSecDD - ok
10:52:22.0281 3828  [ 2865FA4ED4471929881C053A6E5A85F6 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
10:52:22.0906 3828  lanmanserver - ok
10:52:22.0953 3828  [ F716A6F5BABB6DA60C0532510AB52245 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:52:23.0078 3828  lanmanworkstation - ok
10:52:23.0093 3828  lbrtfdc - ok
10:52:23.0156 3828  [ C12476DE1AFFB1BBA1A48A459CEB3D39 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
10:52:23.0296 3828  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:52:23.0296 3828  LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:52:23.0343 3828  [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
10:52:23.0515 3828  LmHosts - ok
10:52:23.0562 3828  [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:52:23.0625 3828  mdmxsdk - ok
10:52:23.0640 3828  [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger       C:\WINDOWS\System32\msgsvc.dll
10:52:23.0843 3828  Messenger - ok
10:52:23.0906 3828  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
10:52:24.0093 3828  mnmdd - ok
10:52:24.0125 3828  [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
10:52:24.0328 3828  mnmsrvc - ok
10:52:24.0359 3828  [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
10:52:24.0578 3828  Modem - ok
10:52:24.0640 3828  [ 71E15CA47FD947552054AFB28536268F ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:52:24.0843 3828  Mouclass - ok
10:52:24.0906 3828  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:52:25.0109 3828  mouhid - ok
10:52:25.0156 3828  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:52:25.0343 3828  MountMgr - ok
10:52:25.0437 3828  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
10:52:25.0515 3828  MozillaMaintenance - ok
10:52:25.0531 3828  mraid35x - ok
10:52:25.0578 3828  [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:52:26.0218 3828  MRxDAV - ok
10:52:26.0265 3828  [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:52:26.0593 3828  MRxSmb - ok
10:52:26.0593 3828  MSCSPTISRV - ok
10:52:26.0656 3828  [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
10:52:26.0828 3828  MSDTC - ok
10:52:26.0875 3828  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:52:27.0078 3828  Msfs - ok
10:52:27.0093 3828  MSIServer - ok
10:52:27.0140 3828  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:52:27.0312 3828  MSKSSRV - ok
10:52:27.0343 3828  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:52:27.0546 3828  MSPCLOCK - ok
10:52:27.0593 3828  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
10:52:27.0781 3828  MSPQM - ok
10:52:27.0828 3828  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:52:28.0000 3828  mssmbios - ok
10:52:28.0046 3828  [ BF13612142995096AB084F2DB7F40F77 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
10:52:28.0234 3828  MSTEE - ok
10:52:28.0281 3828  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
10:52:28.0500 3828  Mup - ok
10:52:28.0546 3828  [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:52:28.0734 3828  NABTSFEC - ok
10:52:28.0765 3828  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:52:28.0984 3828  NDIS - ok
10:52:29.0015 3828  [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:52:29.0203 3828  NdisIP - ok
10:52:29.0250 3828  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:52:29.0437 3828  NdisTapi - ok
10:52:29.0468 3828  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:52:29.0656 3828  Ndisuio - ok
10:52:29.0687 3828  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:52:29.0875 3828  NdisWan - ok
10:52:29.0906 3828  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
10:52:30.0109 3828  NDProxy - ok
10:52:30.0156 3828  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
10:52:30.0343 3828  NetBIOS - ok
10:52:30.0375 3828  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:52:30.0562 3828  NetBT - ok
10:52:30.0625 3828  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:52:30.0843 3828  NetDDE - ok
10:52:30.0859 3828  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:52:31.0046 3828  NetDDEdsdm - ok
10:52:31.0078 3828  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:52:31.0250 3828  Netlogon - ok
10:52:31.0296 3828  [ 1E5218FBE323C375B488318950E10FB4 ] Netman          C:\WINDOWS\System32\netman.dll
10:52:31.0906 3828  Netman - ok
10:52:31.0968 3828  [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:52:32.0156 3828  NIC1394 - ok
10:52:32.0203 3828  [ 774274C487493452DF3B0126DBE7FF3B ] Nla             C:\WINDOWS\System32\mswsock.dll
10:52:32.0328 3828  Nla - ok
10:52:32.0375 3828  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:52:32.0562 3828  Npfs - ok
10:52:32.0609 3828  [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:52:33.0390 3828  Ntfs - ok
10:52:33.0421 3828  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
10:52:33.0593 3828  NtLmSsp - ok
10:52:33.0640 3828  [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
10:52:33.0937 3828  NtmsSvc - ok
10:52:34.0000 3828  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:52:34.0218 3828  Null - ok
10:52:34.0265 3828  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:52:34.0484 3828  NwlnkFlt - ok
10:52:34.0515 3828  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:52:34.0734 3828  NwlnkFwd - ok
10:52:34.0812 3828  [ 197DDF60B254A84D8656850397B5F923 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:52:35.0453 3828  ohci1394 - ok
10:52:35.0453 3828  PACSPTISVR - ok
10:52:35.0531 3828  [ B2F17A2EDB5450E61973A037F63A595B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
10:52:35.0718 3828  Parport - ok
10:52:35.0750 3828  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
10:52:35.0921 3828  PartMgr - ok
10:52:35.0953 3828  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:52:36.0140 3828  ParVdm - ok
10:52:36.0187 3828  [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
10:52:36.0375 3828  PCI - ok
10:52:36.0390 3828  PCIDump - ok
10:52:36.0437 3828  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
10:52:36.0609 3828  PCIIde - ok
10:52:36.0640 3828  [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:52:36.0843 3828  Pcmcia - ok
10:52:36.0859 3828  PDCOMP - ok
10:52:36.0875 3828  PDFRAME - ok
10:52:36.0890 3828  PDRELI - ok
10:52:36.0906 3828  PDRFRAME - ok
10:52:36.0921 3828  perc2 - ok
10:52:36.0937 3828  perc2hib - ok
10:52:37.0000 3828  [ A07CA23EA361A01E627D911CF139B950 ] PlugPlay        C:\WINDOWS\system32\services.exe
10:52:37.0125 3828  PlugPlay - ok
10:52:37.0156 3828  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
10:52:37.0312 3828  PolicyAgent - ok
10:52:37.0343 3828  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:52:37.0531 3828  PptpMiniport - ok
10:52:37.0578 3828  [ F04317FB351B75233979DC65D4CEAD54 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
10:52:38.0187 3828  Processor - ok
10:52:38.0187 3828  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:52:38.0375 3828  ProtectedStorage - ok
10:52:38.0406 3828  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:52:38.0593 3828  PSched - ok
10:52:38.0640 3828  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:52:38.0812 3828  Ptilink - ok
10:52:38.0875 3828  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:52:38.0921 3828  PxHelp20 - ok
10:52:38.0937 3828  ql1080 - ok
10:52:38.0953 3828  Ql10wnt - ok
10:52:38.0968 3828  ql12160 - ok
10:52:38.0984 3828  ql1240 - ok
10:52:39.0000 3828  ql1280 - ok
10:52:39.0062 3828  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:52:39.0265 3828  RasAcd - ok
10:52:39.0328 3828  [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:52:39.0500 3828  RasAuto - ok
10:52:39.0546 3828  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys
10:52:39.0687 3828  Rasirda - ok
10:52:39.0734 3828  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:52:39.0906 3828  Rasl2tp - ok
10:52:39.0968 3828  [ FFC8343B35FB2DF01A5767748EFA5B58 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:52:40.0609 3828  RasMan - ok
10:52:40.0640 3828  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:52:40.0812 3828  RasPppoe - ok
10:52:40.0859 3828  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:52:41.0031 3828  Raspti - ok
10:52:41.0062 3828  [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:52:41.0828 3828  Rdbss - ok
10:52:41.0875 3828  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:52:42.0093 3828  RDPCDD - ok
10:52:42.0156 3828  [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
10:52:42.0765 3828  RDPWD - ok
10:52:42.0812 3828  [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
10:52:43.0015 3828  RDSessMgr - ok
10:52:43.0078 3828  [ AA56702E230860565CB8D43680F57F33 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
10:52:43.0281 3828  redbook - ok
10:52:43.0328 3828  [ EBA80CDF25E02084857957E820004934 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:52:43.0546 3828  RemoteAccess - ok
10:52:43.0593 3828  [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:52:43.0750 3828  RpcLocator - ok
10:52:43.0812 3828  [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
10:52:44.0031 3828  RpcSs - ok
10:52:44.0093 3828  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
10:52:44.0343 3828  RSVP - ok
10:52:44.0406 3828  [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
10:52:44.0531 3828  RTL8023xp - ok
10:52:44.0562 3828  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs           C:\WINDOWS\system32\lsass.exe
10:52:44.0734 3828  SamSs - ok
10:52:44.0796 3828  [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:52:44.0984 3828  SCardSvr - ok
10:52:45.0046 3828  [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:52:45.0234 3828  Schedule - ok
10:52:45.0281 3828  [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
10:52:45.0484 3828  sdbus - ok
10:52:45.0515 3828  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:52:46.0125 3828  Secdrv - ok
10:52:46.0171 3828  [ FED544B43903FB801B106F062110358A ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:52:46.0359 3828  seclogon - ok
10:52:46.0390 3828  [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS            C:\WINDOWS\system32\sens.dll
10:52:46.0578 3828  SENS - ok
10:52:46.0625 3828  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
10:52:46.0765 3828  serenum - ok
10:52:46.0796 3828  [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
10:52:47.0000 3828  Serial - ok
10:52:47.0031 3828  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
10:52:47.0187 3828  Sfloppy - ok
10:52:47.0265 3828  [ 9245420422E409A25C1410ACB4244060 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:52:47.0531 3828  SharedAccess - ok
10:52:47.0562 3828  [ 521A4CB71CC419FDF60DB83E7308AE2B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:52:48.0187 3828  ShellHWDetection - ok
10:52:48.0203 3828  Simbad - ok
10:52:48.0265 3828  [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:52:48.0453 3828  SLIP - ok
10:52:48.0500 3828  [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA         C:\WINDOWS\system32\DRIVERS\smcirda.sys
10:52:48.0656 3828  SMCIRDA - ok
10:52:48.0703 3828  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
10:52:48.0906 3828  SONYPVU1 - ok
10:52:48.0921 3828  Sparrow - ok
10:52:48.0968 3828  [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:52:49.0562 3828  splitter - ok
10:52:49.0609 3828  [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
10:52:50.0406 3828  Spooler - ok
10:52:50.0406 3828  SPTISRV - ok
10:52:50.0468 3828  [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:52:50.0671 3828  sr - ok
10:52:50.0734 3828  [ E150E7618328562598F4CE0B5851B5CD ] srservice       C:\WINDOWS\system32\srsvc.dll
10:52:51.0421 3828  srservice - ok
10:52:51.0484 3828  [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:52:51.0734 3828  Srv - ok
10:52:51.0781 3828  [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:52:51.0984 3828  SSDPSRV - ok
10:52:52.0046 3828  [ 5FFB52404158ABC5D9FF4081BCD67033 ] SSHDRV62        C:\WINDOWS\system32\drivers\SSHDRV62.sys
10:52:52.0093 3828  SSHDRV62 ( UnsignedFile.Multi.Generic ) - warning
10:52:52.0109 3828  SSHDRV62 - detected UnsignedFile.Multi.Generic (1)
10:52:52.0125 3828  [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:52:52.0187 3828  ssmdrv ( UnsignedFile.Multi.Generic ) - warning
10:52:52.0187 3828  ssmdrv - detected UnsignedFile.Multi.Generic (1)
10:52:52.0265 3828  [ 25E9B30AF1FA1B9AF1853577F39FF20B ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:52:53.0093 3828  stisvc - ok
10:52:53.0125 3828  [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:52:53.0296 3828  streamip - ok
10:52:53.0343 3828  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
10:52:53.0515 3828  swenum - ok
10:52:53.0546 3828  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
10:52:53.0765 3828  swmidi - ok
10:52:53.0796 3828  SwPrv - ok
10:52:53.0812 3828  symc810 - ok
10:52:53.0828 3828  symc8xx - ok
10:52:53.0843 3828  sym_hi - ok
10:52:53.0859 3828  sym_u3 - ok
10:52:53.0921 3828  [ F484C77F748729129D5CC9C965D9F701 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:52:54.0031 3828  SynTP - ok
10:52:54.0078 3828  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
10:52:54.0265 3828  sysaudio - ok
10:52:54.0328 3828  [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
10:52:54.0531 3828  SysmonLog - ok
10:52:54.0578 3828  [ 427D7EB3B453347082C8F4B370065D60 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:52:55.0421 3828  TapiSrv - ok
10:52:55.0468 3828  [ 0A396237C3C4164DE12D7C26450BD69C ] tbhsd           C:\WINDOWS\system32\drivers\tbhsd.sys
10:52:55.0500 3828  tbhsd - ok
10:52:55.0562 3828  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:52:55.0812 3828  Tcpip - ok
10:52:55.0875 3828  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
10:52:56.0062 3828  TDPIPE - ok
10:52:56.0093 3828  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
10:52:56.0296 3828  TDTCP - ok
10:52:56.0328 3828  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
10:52:56.0531 3828  TermDD - ok
10:52:56.0593 3828  [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService     C:\WINDOWS\System32\termsrv.dll
10:52:56.0875 3828  TermService - ok
10:52:56.0921 3828  [ 521A4CB71CC419FDF60DB83E7308AE2B ] Themes          C:\WINDOWS\System32\shsvcs.dll
10:52:57.0515 3828  Themes - ok
10:52:57.0578 3828  [ 0EDC3CF7B38F4260EB006C38E4A44DE4 ] tifm21          C:\WINDOWS\system32\drivers\tifm21.sys
10:52:57.0671 3828  tifm21 - ok
10:52:57.0703 3828  TosIde - ok
10:52:57.0734 3828  [ A34E894201D66E380E1FA96FE11B587E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
10:52:57.0921 3828  TrkWks - ok
10:52:58.0000 3828  [ 0D630405311E1AE574BC2EC6681E485E ] TuneUp.Defrag   C:\WINDOWS\System32\TuneUpDefragService.exe
10:52:58.0203 3828  TuneUp.Defrag - ok
10:52:58.0250 3828  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
10:52:58.0453 3828  Udfs - ok
10:52:58.0468 3828  ultra - ok
10:52:58.0515 3828  [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
10:52:58.0640 3828  UMWdf - ok
10:52:58.0687 3828  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
10:52:58.0906 3828  Update - ok
10:52:58.0937 3828  [ BA85BCF1A2BCF927C3600574173403E0 ] uploadmgr       C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:52:59.0171 3828  uploadmgr - ok
10:52:59.0234 3828  [ 855790C1BACED245A6B210AF430ED17B ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:52:59.0906 3828  upnphost - ok
10:52:59.0968 3828  [ A99F867E76CFDAA28EE305B93F70E84F ] UPS             C:\WINDOWS\System32\ups.exe
10:53:00.0140 3828  UPS - ok
10:53:00.0203 3828  [ F340199E8CB097E1ACD58A967C665919 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
10:53:00.0312 3828  USBAAPL - ok
10:53:00.0359 3828  [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
10:53:00.0546 3828  usbaudio - ok
10:53:00.0578 3828  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:53:00.0765 3828  usbccgp - ok
10:53:00.0796 3828  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:53:00.0984 3828  usbehci - ok
10:53:01.0031 3828  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:53:01.0218 3828  usbhub - ok
10:53:01.0250 3828  [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:53:01.0421 3828  usbohci - ok
10:53:01.0468 3828  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:53:01.0656 3828  usbprint - ok
10:53:01.0687 3828  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:53:01.0875 3828  usbscan - ok
10:53:01.0921 3828  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:53:02.0109 3828  USBSTOR - ok
10:53:02.0156 3828  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:53:02.0328 3828  usbuhci - ok
10:53:02.0390 3828  [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
10:53:02.0593 3828  usbvideo - ok
10:53:02.0656 3828  [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp        C:\WINDOWS\System32\uxtuneup.dll
10:53:02.0703 3828  UxTuneUp - ok
10:53:02.0750 3828  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
10:53:02.0937 3828  VgaSave - ok
10:53:02.0968 3828  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
10:53:03.0125 3828  ViaIde - ok
10:53:03.0171 3828  [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
10:53:03.0359 3828  VolSnap - ok
10:53:03.0421 3828  [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS             C:\WINDOWS\System32\vssvc.exe
10:53:03.0703 3828  VSS - ok
10:53:03.0781 3828  [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time         C:\WINDOWS\system32\w32time.dll
10:53:03.0984 3828  W32Time - ok
10:53:04.0015 3828  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:53:04.0218 3828  Wanarp - ok
10:53:04.0234 3828  WDICA - ok
10:53:04.0281 3828  [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
10:53:04.0843 3828  wdmaud - ok
10:53:04.0890 3828  [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:53:05.0531 3828  WebClient - ok
10:53:05.0593 3828  [ 214BC3AD84907AD6AD655AC5465F449A ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:53:05.0859 3828  winachsf - ok
10:53:05.0968 3828  [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:53:06.0140 3828  winmgmt - ok
10:53:06.0218 3828  [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
10:53:06.0312 3828  WmdmPmSN - ok
10:53:06.0375 3828  [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:53:06.0546 3828  WmiAcpi - ok
10:53:06.0609 3828  [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:53:06.0828 3828  WmiApSrv - ok
10:53:06.0921 3828  [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
10:53:07.0109 3828  wscsvc - ok
10:53:07.0140 3828  [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:53:07.0343 3828  WSTCODEC - ok
10:53:07.0390 3828  [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
10:53:07.0562 3828  wuauserv - ok
10:53:07.0609 3828  [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
10:53:07.0953 3828  WZCSVC - ok
10:53:08.0000 3828  [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
10:53:08.0296 3828  xmlprov - ok
10:53:08.0328 3828  ================ Scan global ===============================
10:53:08.0390 3828  [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
10:53:08.0437 3828  [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
10:53:08.0468 3828  [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
10:53:08.0500 3828  [ A07CA23EA361A01E627D911CF139B950 ] C:\WINDOWS\system32\services.exe
10:53:08.0500 3828  [Global] - ok
10:53:08.0500 3828  ================ Scan MBR ==================================
10:53:08.0531 3828  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:53:08.0687 3828  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:53:08.0687 3828  \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:53:08.0687 3828  ================ Scan VBR ==================================
10:53:08.0703 3828  [ BB5271B3CA9D84C96B48592682BEBF32 ] \Device\Harddisk0\DR0\Partition1
10:53:08.0703 3828  \Device\Harddisk0\DR0\Partition1 - ok
10:53:08.0703 3828  ============================================================
10:53:08.0703 3828  Scan finished
10:53:08.0703 3828  ============================================================
10:53:08.0859 0200  Detected object count: 14
10:53:08.0859 0200  Actual detected object count: 14
10:54:16.0265 0200  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0265 0200  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:54:16.0265 0200  aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0265 0200  aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:54:16.0265 0200  BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0265 0200  BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:54:16.0265 0200  cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0265 0200  cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:54:16.0281 0200  ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0281 0200  ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:54:16.0281 0200  ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0281 0200  ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:54:16.0281 0200  ElbyVCD ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0281 0200  ElbyVCD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:54:16.0281 0200  FANTOM ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0281 0200  FANTOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:54:16.0296 0200  hpqwmi ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0296 0200  hpqwmi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:54:16.0296 0200  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0296 0200  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:54:16.0296 0200  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0296 0200  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:54:16.0296 0200  SSHDRV62 ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0296 0200  SSHDRV62 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:54:16.0312 0200  ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0312 0200  ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:54:16.0312 0200  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:54:16.0312 0200  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
10:58:12.0265 3984  Deinitialize success
         

Alt 08.11.2012, 13:44   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Code:
ATTFilter
10:54:16.0312 0200  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
         
Diesen Eintrag bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!

Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue

Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Win xp startet mit fast leerem Desktop
adobe flash player, amerika, application/pdf:, avira, bho, desktop, einstellungen, error, explorer, festplatte, firefox, flash player, format, helper, home, internet, internet explorer, launch, logfile, national, nodrives, ordner, plug-in, programm, realtek, registry, scan, sich automatisch, software, super, temp, tracker, usb, windows




Ähnliche Themen: Win xp startet mit fast leerem Desktop


  1. Windows startet den Standardbrowser mit fast jeder Anwendung
    Plagegeister aller Art und deren Bekämpfung - 13.04.2015 (9)
  2. Pc hängt sich dauerhaft auf und Startet fast nie Richtig
    Log-Analyse und Auswertung - 04.01.2014 (1)
  3. Nach Bluescreen Desktop fast leer und SQL Server nicht erreichbar
    Plagegeister aller Art und deren Bekämpfung - 26.07.2013 (15)
  4. PC fast ganz gesperrt - schwarzer Desktop - Programme, Links + Co weg
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (36)
  5. Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (15)
  6. Windows system alert - Desktop schwarz - explorer und Startmenue fast leer
    Plagegeister aller Art und deren Bekämpfung - 31.05.2011 (32)
  7. Video aus Unterordner auf dem Desktop startet selbstständig
    Log-Analyse und Auswertung - 10.05.2011 (20)
  8. HDD Diagnostic entfernt,Desktop ist fast leer u. kein Zugriff auf Programme u. Dateien
    Plagegeister aller Art und deren Bekämpfung - 17.04.2011 (36)
  9. Win XP startet (fast) und bringt Fehlermeldung - ( lsass.exe kann nicht gestartet werden )
    Plagegeister aller Art und deren Bekämpfung - 26.11.2010 (5)
  10. b.exe und msa.exe usw. , jetzt startet Rechner fast gar nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 04.11.2009 (1)
  11. PC startet in unregelmäßigen abständen neu + Active desktop
    Log-Analyse und Auswertung - 07.07.2009 (4)
  12. Fast 80 Logitech Desktop Messenger einträge ????
    Log-Analyse und Auswertung - 08.04.2009 (3)
  13. Desktop startet nicht richtig
    Alles rund um Windows - 07.11.2008 (6)
  14. Desktop startet nicht richtig!
    Mülltonne - 04.11.2008 (0)
  15. Ich auch Blauer Desktop, mir warnung, Auf fast nichts mehr zugriff
    Log-Analyse und Auswertung - 16.07.2008 (1)
  16. Desktop startet nicht
    Alles rund um Windows - 09.11.2007 (14)
  17. HILFEEEE Was war oder ist das ?? Ordner mit leerem Inhalt auf den Partitionen !!!!
    Plagegeister aller Art und deren Bekämpfung - 01.04.2004 (7)

Zum Thema Win xp startet mit fast leerem Desktop - Und welchen Ordner verwendet Windows jetzt? Siehst du zB wenn du auf Start/Ausführen klickst, dort cmd eintippst In der schwarzen Konsole siehst du dann sowas Code: Alles auswählen Aufklappen ATTFilter - Win xp startet mit fast leerem Desktop...
Archiv
Du betrachtest: Win xp startet mit fast leerem Desktop auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.